httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Graham Leggett" <minf...@sharp.fm>
Subject Re: LDAPTrustedMode has the wrong scope...
Date Wed, 02 Feb 2005 08:23:51 GMT
Brad Nicholes said:

> The attached patches convert LDAPTrustedMode into a per-directory
> directive rather than a per-server.  This allows the configuration to
> specify which mode should be applied for the associated AuthLDAPURL.
>
> Thoughts on whether this should be the way to go or if LDAPTrustedMode
> should be moved up into mod_authnz_ldap as AuthLDAPTrustedMode?

Thinking about this some more - I'm not keen on the idea of adding another
directive to mod_authnz_ldap, because when the configuration-via-LDAP
happens, and other potential LDAP modules happen, then we end up with
directive soup as each module has it's own variation of
AuthLDAPTrustedMode.

The idea that it be possible to set the SSL mode inside mod_authnz_ldap is
still really useful - what we could do is this:

AuthLDAPURL ldap://<etc>
AuthLDAPURL ldaps://<etc>
AuthLDAPURL SSL ldap://<etc>
AuthLDAPURL STARTTLS ldap://<etc>

In other words, combine the SSL mode in a TAKE12 option, with an optional
SSL mode prefix.

The LDAPTrustedMode directive could stay so as to define the default (and
overriding the default if the user wanted).

Thoughts?

Regards,
Graham
--


Mime
View raw message