httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40075] - unable to use ldap groups that contain DNs and usernames for AuthZ
Date Tue, 16 Jan 2007 18:41:50 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40075>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40075





------- Additional Comments From bnicholes@apache.org  2007-01-16 10:41 -------
In the last patch that I included against TRUNK, that return has been removed.
This return statement as well as the comment that you are referring to is
exactly why I stated in reply #11 that I think that the original intent of
AuthLDAPGroupAttributeIsDN was broken.  

In the attached patch, if the LDAP search fails, a DEBUG level message will be
written but the request processing won't stop.  The check that replicates the
RequireDN-like functionality comes about 10 lines below there when
sec->group_attrib_is_dn is checked.  If sec->group_attrib_is_dn (ie.
AuthLDAPGroupAttributeIsDN) is true, the request is denied.  If it is false and
a user id exists, then the request is allowed to continue and the user id is
compared against the membership attributes.  Take a look at the 12/19 patch that
I attached against TRUNK.

FYI, this patch (or any other patch) will have to be applied against TRUNK first
and then backported to 2.2 if accepted.  So all further coding and evaluation
should be done with TRUNK and not the 2.2 branch.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message