httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject cvs commit: httpd-2.0/modules/experimental mod_auth_ldap.c
Date Fri, 21 May 2004 03:14:06 GMT
minfrin     2004/05/20 20:14:06

  Modified:    .        CHANGES
               docs/manual/mod mod_auth_ldap.xml
               modules/experimental mod_auth_ldap.c
  Log:
  Quotes cannot be used around require group and require dn
  directives, update the documentation to reflect this. Also add
  quotes around the dn and group within debug messages, to make it
  more obvious why authentication is failing if quotes are used in
  error.
  PR: 19304
  
  Revision  Changes    Path
  1.1484    +6 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1483
  retrieving revision 1.1484
  diff -u -r1.1483 -r1.1484
  --- CHANGES	21 May 2004 01:12:25 -0000	1.1483
  +++ CHANGES	21 May 2004 03:14:05 -0000	1.1484
  @@ -2,6 +2,12 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) Quotes cannot be used around require group and require dn
  +     directives, update the documentation to reflect this. Also add
  +     quotes around the dn and group within debug messages, to make it
  +     more obvious why authentication is failing if quotes are used in
  +     error. PR 19304 [Graham Leggett]
  +
     *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
        from escaping filters twice when the backslash character is used.
        PR 24437 [Jess Holle <jessh@ptc.com>]
  
  
  
  1.18      +13 -11    httpd-2.0/docs/manual/mod/mod_auth_ldap.xml
  
  Index: mod_auth_ldap.xml
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_ldap.xml,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- mod_auth_ldap.xml	17 Apr 2004 10:49:22 -0000	1.17
  +++ mod_auth_ldap.xml	21 May 2004 03:14:05 -0000	1.18
  @@ -297,7 +297,8 @@
   
       <p>This directive specifies an LDAP group whose members are
       allowed access. It takes the distinguished name of the LDAP
  -    group. For example, assume that the following entry existed in
  +    group. Note: Do not surround the group name with quotes.
  +    For example, assume that the following entry existed in
       the LDAP directory:</p>
   <example>
   dn: cn=Administrators, o=Airius<br />
  @@ -308,7 +309,7 @@
   
       <p>The following directive would grant access to both Fred and
       Barbara:</p>
  -<example>require group "cn=Administrators, o=Airius"</example>
  +<example>require group cn=Administrators, o=Airius</example>
   
       <p>Behavior of this directive is modified by the <directive
       module="mod_auth_ldap">AuthLDAPGroupAttribute</directive> and
  @@ -324,11 +325,12 @@
       that must match for access to be granted. If the distinguished
       name that was retrieved from the directory server matches the
       distinguished name in the <code>require dn</code>, then
  -    authorization is granted.</p>
  +    authorization is granted. Note: do not surround the distinguished
  +    name with quotes.</p>
   
       <p>The following directive would grant access to a specific
       DN:</p>
  -<example>require dn "cn=Barbara Jenson, o=Airius"</example>
  +<example>require dn cn=Barbara Jenson, o=Airius</example>
   
       <p>Behavior of this directive is modified by the <directive
       module="mod_auth_ldap">AuthLDAPCompareDNOnServer</directive>
  @@ -343,7 +345,7 @@
           Grant access to anyone who exists in the LDAP directory,
           using their UID for searches. 
   <example>
  -AuthLDAPURL "ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)"<br
/>
  +AuthLDAPURL ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)<br
/>
   require valid-user
   </example>
         </li>
  @@ -352,7 +354,7 @@
           The next example is the same as above; but with the fields
           that have useful defaults omitted. Also, note the use of a
           redundant LDAP server. 
  -<example>AuthLDAPURL "ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius"<br
/>
  +<example>AuthLDAPURL ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius<br
/>
   require valid-user
   </example>
         </li>
  @@ -367,7 +369,7 @@
           choose an attribute that is guaranteed unique in your
           directory, such as <code>uid</code>. 
   <example>
  -AuthLDAPURL "ldap://ldap.airius.com/ou=People, o=Airius?cn"<br />
  +AuthLDAPURL ldap://ldap.airius.com/ou=People, o=Airius?cn<br />
   require valid-user
   </example>
         </li>
  @@ -376,7 +378,7 @@
           Grant access to anybody in the Administrators group. The
           users must authenticate using their UID. 
   <example>
  -AuthLDAPURL "ldap://ldap.airius.com/o=Airius?uid"<br />
  +AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid<br />
   require group cn=Administrators, o=Airius
   </example>
         </li>
  @@ -388,7 +390,7 @@
           only to people (authenticated via their UID) who have
           alphanumeric pagers: 
   <example>
  -AuthLDAPURL "ldap://ldap.airius.com/o=Airius?uid??(qpagePagerID=*)"<br />
  +AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid??(qpagePagerID=*)<br />
   require valid-user
   </example>
         </li>
  @@ -404,7 +406,7 @@
           have a pager, but does need to access the same
           resource:</p>
   <example>
  -AuthLDAPURL "ldap://ldap.airius.com/o=Airius?uid??(|(qpagePagerID=*)(uid=jmanager))"<br
/>
  +AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid??(|(qpagePagerID=*)(uid=jmanager))<br
/>
   require valid-user
   </example>
   
  
  
  
  1.27      +5 -5      httpd-2.0/modules/experimental/mod_auth_ldap.c
  
  Index: mod_auth_ldap.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/experimental/mod_auth_ldap.c,v
  retrieving revision 1.26
  retrieving revision 1.27
  diff -u -r1.26 -r1.27
  --- mod_auth_ldap.c	21 May 2004 02:54:55 -0000	1.26
  +++ mod_auth_ldap.c	21 May 2004 03:14:06 -0000	1.27
  @@ -573,8 +573,8 @@
                   default: {
                       ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, 
                                     "[%d] auth_ldap authorise: "
  -                                  "require dn: LDAP error [%s][%s]",
  -                                  getpid(), ldc->reason, ldap_err2string(result));
  +                                  "require dn \"%s\": LDAP error [%s][%s]",
  +                                  getpid(), t, ldc->reason, ldap_err2string(result));
                   }
               }
           }
  @@ -599,7 +599,7 @@
               }
   
               ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, 
  -                          "[%d] auth_ldap authorise: require group: testing for group membership
in `%s'", 
  +                          "[%d] auth_ldap authorise: require group: testing for group membership
in \"%s\"", 
   		          getpid(), t);
   
               for (i = 0; i < sec->groupattr->nelts; i++) {
  @@ -619,9 +619,9 @@
                       }
                       default: {
                           ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, 
  -                                      "[%d] auth_ldap authorise: require group: "
  +                                      "[%d] auth_ldap authorise: require group \"%s\":
"
                                         "authorisation failed [%s][%s]",
  -                                      getpid(), ldc->reason, ldap_err2string(result));
  +                                      getpid(), t, ldc->reason, ldap_err2string(result));
                       }
                   }
               }
  
  
  

Mime
View raw message