httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <>
Subject mod_auth_ldap vs mod_ldap (was: Re: authz / authn and mod_auth_ldap)
Date Mon, 20 Jan 2003 18:37:49 GMT
While we are on the subject of splitting auth_ldap, does it still make
sense to have mod_auth_ldap and mod_ldap?  Would it make more sense to
combine these two modules.  It seems that the split was initially due to
trying to include the ldap connection caching in apr-util.  Since that
is no longer the case, shouldn't the connection caching be rolled back
into auth_ldap?  It seems like the purpose for having a submodule like
mod_ldap is so that it can be easily replaced.  Do we expect someone to
implement another connection caching scheme?
 Another messy point is that auth_ldap includes apr_ldap.h which resides
in apr-util/include.  Does it make sense to have an apr_ldap.h since
auth_ldap seems to be the only thing that uses it?  It just seems like
ldap functionality was never completely split from APR.  I am just
wondering if this is something else that should be cleaned up before
moving auth_ldap out of experimental.


Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions 
>>> 01/20/03 01:40 AM >>>
Will it be the same for user,  or will he had to add more modules when 
he will compile his apache ?
I understand it will be the same when he will setup the authentication, 
the Directives will be the same, but if the user forget to compile 
authn, maybe i will not understand why some directives are working and 
not the others.
I understand too it's better to split the code, it will be easier to 
read, so good for all developper like me who are coding apache modules. 
but the documentation must be uptodate with the split.

Last month, i wanted to setup an ldap authentication, i spent many times

to understand the gap between now and 3 month before when my setup was 
working. The auth changed, i had to use basic auth modules instead of 
And i took hours to find a directive, to let auth_basic make the 
password go to auth_ldap, the directive wasn't on the mod_ldap 
documentation, and was lost in the auth_basic help....
So splitting the modules is maybe a good idea, but the right 
documentation must folow...



Graham Leggett wrote:

> Estrade Matthieu wrote:
>> I read the discussion for few messages, i am not an apache 
>> developper, so i will speak as a user. IMHO, Splitting into two 
>> modules will make auth more complex. actually, it's not really easy 
>> to setup, and the documentation is not always up to date.
> The configuration for users will remain exactly the same as it is now,

> so I don't believe a split will make it any harder for users. It will 
> however make the code a lot simpler to read, and hopefully more stable

> as a result.
> Regards,
> Graham

GRAND JEU SMS : Pour gagner un NOKIA 7650, envoyez le mot IF au 61321
(prix d'un SMS + 0.35 euro). Un SMS vous dira si vous avez gagné.
Règlement :

View raw message