You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2005/03/23 01:04:03 UTC

Re: svn commit: r125465 httpd/httpd/trunk/modules/ldap/util_ldap.c

At 03:29 PM 3/22/2005, Paul Querna wrote:
>Rici Lake wrote:
>>The referenced commit added two OR_ALL directives to util_ldap:
>>  LDAPTrustedClientCert
>>  LDAPTrustedMode
>
>I am going to change these to RSRC_CONF right now.  It is just completely broken to attempt to use the OR_ALL context.

Nope, the correct context would have been OR_AUTHCFG.  Now, as
far as if we can/should allow these in htaccess is another question.

OR_ALL would have introduced a security hole.