httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: LDAPTrustedMode has the wrong scope...
Date Wed, 02 Feb 2005 16:12:34 GMT
+1, allowing mod_authnz_ldap to override the default makes a lot more
sense.  Unless you are already working on a patch, I will try to put
something together today.  But after today I will be offline for the
next two days.

Brad

>>> minfrin@sharp.fm Wednesday, February 02, 2005 1:23:51 AM >>>
Brad Nicholes said:

> The attached patches convert LDAPTrustedMode into a per-directory
> directive rather than a per-server.  This allows the configuration
to
> specify which mode should be applied for the associated AuthLDAPURL.
>
> Thoughts on whether this should be the way to go or if
LDAPTrustedMode
> should be moved up into mod_authnz_ldap as AuthLDAPTrustedMode?

Thinking about this some more - I'm not keen on the idea of adding
another
directive to mod_authnz_ldap, because when the configuration-via-LDAP
happens, and other potential LDAP modules happen, then we end up with
directive soup as each module has it's own variation of
AuthLDAPTrustedMode.

The idea that it be possible to set the SSL mode inside mod_authnz_ldap
is
still really useful - what we could do is this:

AuthLDAPURL ldap://<etc>
AuthLDAPURL ldaps://<etc>
AuthLDAPURL SSL ldap://<etc>
AuthLDAPURL STARTTLS ldap://<etc>

In other words, combine the SSL mode in a TAKE12 option, with an
optional
SSL mode prefix.

The LDAPTrustedMode directive could stay so as to define the default
(and
overriding the default if the user wanted).

Thoughts?

Regards,
Graham
--


Mime
View raw message