httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: [PATCH] mod_authnz_ldap and satisfy all
Date Thu, 08 Sep 2005 14:20:56 GMT

>>> On Wednesday, September 07, 2005 at 5:47:10 pm, in message
<6D46407F-DCBF-4B17-976E-9721F176D492@pobox.com>, rmorgan@pobox.com
wrote:

> The requirement I'm trying to fulfill is multiple group requires  
> within ldap.
> I figured making it generic within ldap using satisfy would be a good
 
> idea,
> though this seems to be blowing up into a much bigger issue.
> 

I haven't given this a lot of thought yet but have you tried using
"require ldap-filter" to do what you want?  You should be able to write
an ldap filter that would satisfy multiple groups.

> Perhaps it would be easier if 'require ldap-group' could have  
> multiple groups
> listed on a single require line?  Something similar to ldap- 
> attribute? Or maybe
> just move the satisfy flag to an ldap specific directive like  
> 'LDAPSatisfyAll'
> to remove any confusion on what it does?
> 

LDAPSatisfyAll might be a possibility but I am a little concerned about
heading down a road for one specific module that might be hard to come
back from when we decide to implement it for all auth modules.  I still
like the concept and I would suggest that an enhancement be submitted in
bugzilla for Apache 2.3.  I don't think that we would be able to make it
for 2.2.

Brad

Mime
View raw message