You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Brad Nicholes <BN...@novell.com> on 2008/01/24 16:33:59 UTC
Re: svn commit: r614605 - in /httpd/httpd/trunk:
include/util_ldap.h modules/ldap/util_ldap.c
>>> On 1/23/2008 at 7:25 PM, in message <47...@remulak.net>, "Paul J.
Reder" <re...@remulak.net> wrote:
>
> Ruediger Pluem wrote:
>>
>> On 01/23/2008 07:14 PM, rederpj@apache.org wrote:
>>> Author: rederpj
>>> Date: Wed Jan 23 10:14:41 2008
>>> New Revision: 614605
>>>
>>> URL: http://svn.apache.org/viewvc?rev=614605&view=rev
>>> Log:
>>> This adds Apache support (taking advantage of the new APR capability)
>>> for ldap rebind callback while chasing referrals. This allows direct
>>> searches on LDAP servers (in particular MS Active Directory 2003+)
>>> using referrals without the use of the global catalog.
>>> This addresses PRs 26538, 40268, and 42557
>
> >> @@ -2614,6 +2710,15 @@
> >> "Specify the LDAP socket connection timeout in seconds
> "
> >> "(default: 10)"),
> >>
> >> + AP_INIT_FLAG("LDAPReferrals", util_ldap_set_chase_referrals,
> >> + NULL, OR_AUTHCFG,
> >> + "Choose whether referrals are chased ['ON'|'OFF'].
> Default ON'"),
> >> +
> >> + AP_INIT_TAKE1("LDAPReferralHopLimit",
> util_ldap_set_referral_hop_limit,
> >> + NULL, OR_AUTHCFG,
> >> + "Limit the number of referral hops that LDAP can
> follow. "
> >> + "(Integer value, default=5)"),
> >> +
> >> {NULL}
> >> };
>
>>> @@ -2638,7 +2743,7 @@
>>>
>>> module AP_MODULE_DECLARE_DATA ldap_module = {
>>> STANDARD20_MODULE_STUFF,
>>> - NULL, /* create dir config */
>>> + util_ldap_create_dir_config, /* create dir config */
>>> NULL, /* merge dir config */
>>
>> Why no merge dir config? How do you inherit your settings in this case?
>
> Now that you ask that question it makes me realize that the better question
> is
> probably "Should the directives be directory scoped or server scoped?" The
> rest
> of the util_ldap directives are all server scoped. Is there any compelling
> reason
> that the referral directives would need to be alterable on a
> directory-by-directory
> (or htaccess) basis or should it be turned on/off and limited on a
> server-wide scope?
>
I wish I had a better memory, but I vaguely recall going down this path once before between server-merge and dir-merge (mailing list archives might remember better than I do) . I know that when it comes to anything SSL related, not all LDAP SDKs can handle per-directory options. Novell LDAP SDK being one of them. So when it comes to setting options on a per-directory basis, it might get a little tricky depending on the LDAP SDK that is being used.
Brad