You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2010/06/01 23:26:28 UTC

svn commit: r950249 - /httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c

Author: covener
Date: Tue Jun  1 21:26:28 2010
New Revision: 950249

URL: http://svn.apache.org/viewvc?rev=950249&view=rev
Log:
When checking direct group membership, interpret LDAP_NO_SUCH_ATTRIBUTE the same as
LDAP_COMPARE_FALSE and continue on to subgroup (nested group) processing. This 
triggers when the group has no "direct" members but may have entries that 
represent nested groups to check.


Modified:
    httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c

Modified: httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c?rev=950249&r1=950248&r2=950249&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c Tue Jun  1 21:26:28 2010
@@ -898,6 +898,7 @@ static authz_status ldapgroup_check_auth
                 set_request_vars(r, LDAP_AUTHZ);
                 return AUTHZ_GRANTED;
             }
+            case LDAP_NO_SUCH_ATTRIBUTE: 
             case LDAP_COMPARE_FALSE: {
                 /* nested groups need searches and compares, so grab a new handle */
                 authnz_ldap_cleanup_connection_close(ldc);