httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 48505] Apache 2.2 not working with LDAP Fail Over Auth
Date Mon, 25 Jan 2010 19:28:46 GMT

charlie <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #13 from charlie <> 2010-01-25 11:28:39 UTC ---
Eric, it's not about ldapi, it's about the way Apache's broken AuthLDAPURL
syntax is crippling systems by preventing easy access to underlying LDAP client

You require this for syntax:

transport://host host host host host:port/dn?filter

this is not RFC compliant, you cannot embed multiple hosts like that. This is a
hack and it's not a good one.  It prevents many common and desirable configs.

This is the right way to do it:

transport://host:port/dn?filter transport://host:port/dn?filter

It's the way OpenLDAP's code does it, it's the way PADL's code does it, it's
the only way I know of that conforms to the relevant RFCs.  The relevant RFCs
were written by Kurt Zeilinga, and Kurt uses the form I've recommended in his
own code.  All the people complaining about failover not working are trying to
use this well-known format which Apache does not support.

In regards to ldapi, that is one single line of my previous post.  I was trying
to illustrate that a proper syntax will allow access to *everything* the client
libraries provide, including ldapi.  However, if that introduces confusion,
please ignore the one single line that mentions ldapi, I did not mean to
mislead you.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message