httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: [PATCH]: LDAP Authz (was: Ldap Authorization)
Date Wed, 03 Nov 2004 16:15:40 GMT
   I like the suggestion as well because I think that would be the right
way to implement complex LDAP expressions.  But it would probably take
adding at least a new util_ldap_filter_search() API to Util_ldap() in
order to accomodate this functionality.  The advantage of also having an
ldap-attribute directive is because if simplicity as well as
performance.  According to the LDAP docs, doing an ldap_compare_s() is
faster than an ldap_search_s().  I will go ahead an commit the patch
as-is and also propose a backport for it.  But I think that we should
look at adding a "require ldap-filter" directive as well for Apache
2.1/2.2.

Brad

>>> jim@jaguNET.com Wednesday, November 03, 2004 8:09:35 AM >>>
Good suggestion. I am +1 for the patch as-is with the intent
of looking into adding the below

On Nov 3, 2004, at 5:04 AM, Graham Leggett wrote:

> Brad Nicholes wrote:
>
>>    I took a quick look at this patch and it seems to work well as
long
>> as all of the listed attributes are OR'ed together.  I don't have a

>> good
>> suggestion yet, but is there a way to implement the logic so that
>> attributes could be also AND'ed together?  Or even a NOT-EQUAL
>> operation?
>
> I think the best way to do this probably is instead of saying
"require 
> ldap-attribute" you say "require LDAP filter".
>
> In other words, like this:
>
> require filter (objectclass=specialPerson)
>
> or
>
> require filter (host=somehost.com)
>
> This supports more complicated stuff, like this:
>
> require filter (&(objectclass=specialPerson)(host=somehost.com))
>
> Regards,
> Graham
> --
>
--
=======================================================================
  Jim Jagielski   [|]   jim@jaguNET.com   [|]   http://www.jaguNET.com/

   "There 10 types of people: those who read binary and everyone
else."


Mime
View raw message