httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r1523263 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS docs/manual/ docs/manual/mod/ docs/manual/mod/mod_ldap.xml modules/ldap/util_ldap.c
Date Sat, 14 Sep 2013 15:02:10 GMT
Author: minfrin
Date: Sat Sep 14 15:02:10 2013
New Revision: 1523263

URL: http://svn.apache.org/r1523263
Log:
mod_ldap:  "LDAPReferrals off" does not disable LDAPReferrals feature.
Make "off" really "off" and add "unset" to take SDK defaults

trunk patch: http://svn.apache.org/r1517388
       docs: http://svn.apache.org/r1518265

Submitted by: covener
Reviewed by: jim, humbedooh

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/docs/manual/   (props changed)
    httpd/httpd/branches/2.4.x/docs/manual/mod/   (props changed)
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ldap.xml
    httpd/httpd/branches/2.4.x/modules/ldap/util_ldap.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1517388,1518265

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1523263&r1=1523262&r2=1523263&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sat Sep 14 15:02:10 2013
@@ -2,6 +2,11 @@
 
 Changes with Apache 2.4.7
 
+  *) mod_ldap: Change "LDAPReferrals off" to actually set the underlying LDAP 
+     SDK option to OFF, and introduce "LDAPReferrals default" to take the SDK 
+     default, sans rebind authentication callback.
+     [Jan Kaluza <kaluze AT redhat.com>]
+
   *) core: Log a message at TRACE1 when the client aborts a connection.
      [Eric Covener]
 

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1523263&r1=1523262&r2=1523263&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Sat Sep 14 15:02:10 2013
@@ -145,14 +145,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
     +1: covener, jim, humbedooh
 
 
-  * mod_ldap:  "LDAPReferrals off" does not disable LDAPReferrals feature. 
-    Make "off" really "off" and add "unset" to take SDK defaults 
-    trunk patch: http://svn.apache.org/r1517388
-                 docs: http://svn.apache.org/r1518265
-    2.4.x patch: trunk works
-    +1: covener, jim, humbedooh
-
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

Propchange: httpd/httpd/branches/2.4.x/docs/manual/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk/docs/manual:r1518265

Propchange: httpd/httpd/branches/2.4.x/docs/manual/mod/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk/docs/manual/mod:r1518265

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ldap.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ldap.xml?rev=1523263&r1=1523262&r2=1523263&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ldap.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ldap.xml Sat Sep 14 15:02:10 2013
@@ -507,19 +507,40 @@ valid</description>
 <directivesynopsis>
 <name>LDAPReferrals</name>
 <description>Enable referral chasing during queries to the LDAP server.</description>
-<syntax>LDAPReferrals <var>On|Off</var></syntax>
+<syntax>LDAPReferrals <var>On|Off|default</var></syntax>
 <default>LDAPReferrals On</default>
 <contextlist><context>directory</context><context>.htaccess</context></contextlist>
 <override>AuthConfig</override>
 
 <usage>
     <p>Some LDAP servers divide their directory among multiple domains and use referrals
-    to direct a client when a domain boundary is crossed. By setting <code>LDAPReferrals
On</code>
-    referrals will be chased (setting it to off causes referrals to be ignored). The directive
-    <code>LDAPReferralHopLimit</code> works in conjunction with this directive
to limit the
-    number of referral hops to follow before terminating the LDAP query. When referral processing
-    is enabled client credentials will be provided, via a rebind callback, for any LDAP server
-    requiring them. </p>
+    to direct a client when a domain boundary is crossed. This is similar to a HTTP redirect.
+    LDAP client libraries may or may not chase referrals by default. This directive 
+    explicitly configures the referral chasing in the underlying SDK.</p> 
+    
+  
+    <p><directive>LDAPReferrals</directive> takes the takes the following
values:
+    <dl>
+     <dt>"on"</dt>
+     <dd> <p> When set to "on", the underlying SDK's referral chasing state
+              is enabled, <directive>LDAPReferralHopLimit</directive> is used
to 
+              override the SDK's hop limit, and an LDAP rebind callback is 
+              registered.</p></dd>
+     <dt>"off"</dt>
+     <dd> <p> When set to "off", the underlying SDK's referral chasing state
+              is disabled completely.</p></dd>
+     <dt>"default"</dt>
+     <dd> <p> When set to "default", the underlying SDK's referral chasing state
+              is not changed, <directive>LDAPReferralHopLimit</directive> is
not 
+              used to overide the SDK's hop limit, and no LDAP rebind callback is 
+              registered.</p></dd>
+    </dl>
+    </p>
+
+    <p> The directive <code>LDAPReferralHopLimit</code> works in conjunction
with
+    this directive to limit the number of referral hops to follow before terminating the
LDAP query.
+    When referral processing is enabled by a value of "On", client credentials will be provided,

+    via a rebind callback, for any LDAP server requiring them. </p>
 </usage>
 </directivesynopsis>
 

Modified: httpd/httpd/branches/2.4.x/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ldap/util_ldap.c?rev=1523263&r1=1523262&r2=1523263&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ldap/util_ldap.c Sat Sep 14 15:02:10 2013
@@ -60,6 +60,7 @@
 #endif
 
 #define AP_LDAP_HOPLIMIT_UNSET -1
+#define AP_LDAP_CHASEREFERRALS_SDKDEFAULT -1
 #define AP_LDAP_CHASEREFERRALS_OFF 0
 #define AP_LDAP_CHASEREFERRALS_ON 1
 
@@ -364,7 +365,7 @@ static int uldap_connection_init(request
     ldap_option = ldc->deref;
     ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &ldap_option);
 
-    if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
+    if (ldc->ChaseReferrals != AP_LDAP_CHASEREFERRALS_SDKDEFAULT) {
         /* Set options for rebind and referrals. */
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, APLOGNO(01278)
                 "LDAP: Setting referrals to %s.",
@@ -384,7 +385,9 @@ static int uldap_connection_init(request
             uldap_connection_unbind(ldc);
             return(result->rc);
         }
+    }
 
+    if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
         if ((ldc->ReferralHopLimit != AP_LDAP_HOPLIMIT_UNSET) && ldc->ChaseReferrals
== AP_LDAP_CHASEREFERRALS_ON) {
             /* Referral hop limit - only if referrals are enabled and a hop limit is explicitly
requested */
             ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, APLOGNO(01280)
@@ -2536,15 +2539,25 @@ static const char *util_ldap_set_connect
 
 static const char *util_ldap_set_chase_referrals(cmd_parms *cmd,
                                                  void *config,
-                                                 int mode)
+                                                 const char *arg)
 {
     util_ldap_config_t *dc =  config;
 
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01311)
-                      "LDAP: Setting referral chasing %s",
-                      (mode == AP_LDAP_CHASEREFERRALS_ON) ? "ON" : "OFF");
+                      "LDAP: Setting referral chasing %s", arg);
 
-    dc->ChaseReferrals = mode;
+    if (0 == strcasecmp(arg, "on")) {
+        dc->ChaseReferrals = AP_LDAP_CHASEREFERRALS_ON;
+    }
+    else if (0 == strcasecmp(arg, "off")) {
+        dc->ChaseReferrals = AP_LDAP_CHASEREFERRALS_OFF;
+    }
+    else if (0 == strcasecmp(arg, "default")) {
+        dc->ChaseReferrals = AP_LDAP_CHASEREFERRALS_SDKDEFAULT;
+    }
+    else {
+        return "LDAPReferrals must be 'on', 'off', or 'default'";
+    }
 
     return(NULL);
 }
@@ -3076,9 +3089,9 @@ static const command_rec util_ldap_cmds[
                   "Specify the LDAP socket connection timeout in seconds "
                   "(default: 10)"),
 
-    AP_INIT_FLAG("LDAPReferrals", util_ldap_set_chase_referrals,
+    AP_INIT_TAKE1("LDAPReferrals", util_ldap_set_chase_referrals,
                   NULL, OR_AUTHCFG,
-                  "Choose whether referrals are chased ['ON'|'OFF'].  Default 'ON'"),
+                  "Choose whether referrals are chased ['ON'|'OFF'|'DEFAULT'].  Default 'ON'"),
 
     AP_INIT_TAKE1("LDAPReferralHopLimit", util_ldap_set_referral_hop_limit,
                   NULL, OR_AUTHCFG,



Mime
View raw message