httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <>
Subject Re: [PATCH]: LDAP Authz (was: Ldap Authorization)
Date Wed, 03 Nov 2004 16:15:40 GMT
   I like the suggestion as well because I think that would be the right
way to implement complex LDAP expressions.  But it would probably take
adding at least a new util_ldap_filter_search() API to Util_ldap() in
order to accomodate this functionality.  The advantage of also having an
ldap-attribute directive is because if simplicity as well as
performance.  According to the LDAP docs, doing an ldap_compare_s() is
faster than an ldap_search_s().  I will go ahead an commit the patch
as-is and also propose a backport for it.  But I think that we should
look at adding a "require ldap-filter" directive as well for Apache


>>> Wednesday, November 03, 2004 8:09:35 AM >>>
Good suggestion. I am +1 for the patch as-is with the intent
of looking into adding the below

On Nov 3, 2004, at 5:04 AM, Graham Leggett wrote:

> Brad Nicholes wrote:
>>    I took a quick look at this patch and it seems to work well as
>> as all of the listed attributes are OR'ed together.  I don't have a

>> good
>> suggestion yet, but is there a way to implement the logic so that
>> attributes could be also AND'ed together?  Or even a NOT-EQUAL
>> operation?
> I think the best way to do this probably is instead of saying
> ldap-attribute" you say "require LDAP filter".
> In other words, like this:
> require filter (objectclass=specialPerson)
> or
> require filter (
> This supports more complicated stuff, like this:
> require filter (&(objectclass=specialPerson)(
> Regards,
> Graham
> --
  Jim Jagielski   [|]   [|]

   "There 10 types of people: those who read binary and everyone

View raw message