httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject svn commit: r387675 - /httpd/httpd/trunk/modules/ldap/util_ldap.c
Date Wed, 22 Mar 2006 00:08:07 GMT
Author: bnicholes
Date: Tue Mar 21 16:08:05 2006
New Revision: 387675

URL: http://svn.apache.org/viewcvs?rev=387675&view=rev
Log:
revert the LDAPConnectionTimeout and LDAPVerifyServerCert directives back to GLOBAL_ONLY since
the various LDAP SDK's don't allow these settings on a per-connection basis

Modified:
    httpd/httpd/trunk/modules/ldap/util_ldap.c

Modified: httpd/httpd/trunk/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ldap/util_ldap.c?rev=387675&r1=387674&r2=387675&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/trunk/modules/ldap/util_ldap.c Tue Mar 21 16:08:05 2006
@@ -1707,6 +1707,11 @@
     util_ldap_state_t *st =
     (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
                                               &ldap_module);
+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+
+    if (err != NULL) {
+        return err;
+    }
 
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server,
                       "LDAP: SSL verify server certificate - %s",
@@ -1725,6 +1730,11 @@
     util_ldap_state_t *st =
         (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
                                                   &ldap_module);
+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+
+    if (err != NULL) {
+        return err;
+    }
 
 #ifdef LDAP_OPT_NETWORK_TIMEOUT
     st->connectionTimeout = atol(ttl);
@@ -1800,13 +1810,18 @@
     st->secure = (overrides->secure_set == 0) ? base->secure
                                               : overrides->secure;
 
-    /* LDAP connection settings can be overwritten in a virtual host */
-    st->connectionTimeout = (overrides->connectionTimeout == 10) 
-                                ? base->connectionTimeout
-                                : overrides->connectionTimeout;
-    st->verify_svr_cert = (overrides->verify_svr_cert == 1) 
-                                ? base->verify_svr_cert
-                                : overrides->verify_svr_cert;
+    /* These LDAP connection settings can not be overwritten in 
+        a virtual host. Once set in the base server, they must 
+        remain the same. None of the LDAP SDKs seem to be able
+        to handle setting the verify_svr_cert flag on a 
+        per-connection basis.  The OpenLDAP client appears to be
+        able to handle the connection timeout per-connection
+        but the Novell SDK cannot.  Allowing the timeout to
+        be set by each vhost is of little value so rather than
+        trying to make special expections for one LDAP SDK, GLOBAL_ONLY 
+        is being enforced on this setting as well. */
+    st->connectionTimeout = base->connectionTimeout;
+    st->verify_svr_cert = base->verify_svr_cert;
 
     return st;
 }



Mime
View raw message