httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jess Holle <>
Subject Re: Puzzling News
Date Wed, 02 Mar 2005 13:59:58 GMT
Graham Leggett wrote:

>Jess Holle said:
>>There have been enough instabilities and other issues in the LDAP
>>modules to date, but I would think this is the first big *feature* to
>>consider once these modules are fairly stable.
>The LDAP stuff is now just about stable, so if you need it, now is the
>time :)
I've not had a chance to try the LDAP connection timeout patch, but my 
biggest remaining issue (besides the multiple-LDAP enhancement) is that 
of firewall treatment.  If there is a firewall between Apache and LDAP 
(quite common) and if this firewall drops idle connections (also quite 
common), then it can drop Apache's cached LDAP connections -- and Apache 
2 (at least without the connection timeout patch) does not handle this 
well.  If the connection timeout patch suffices, then I could honestly 
say Apache LDAP is stable and ready for enhancements again.

>I still think this has wider application to the AAA system as a whole. It
>would be nice to be able to say "if user is in this flat file, directory
>A, directory B, or that SQL database, then come on in".
Agreed.  The notion that each auth source implement multiple 
"sub-source" syntax, etc, on its own with inconsistencies between them, 
etc, is far from ideal.  On the other hand, multiple LDAP support is 
what I most need here.

Jess Holle

View raw message