httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <>
Subject Re: [PATCH] mod_authnz_ldap and satisfy all
Date Thu, 08 Sep 2005 14:20:56 GMT

>>> On Wednesday, September 07, 2005 at 5:47:10 pm, in message

> The requirement I'm trying to fulfill is multiple group requires  
> within ldap.
> I figured making it generic within ldap using satisfy would be a good
> idea,
> though this seems to be blowing up into a much bigger issue.

I haven't given this a lot of thought yet but have you tried using
"require ldap-filter" to do what you want?  You should be able to write
an ldap filter that would satisfy multiple groups.

> Perhaps it would be easier if 'require ldap-group' could have  
> multiple groups
> listed on a single require line?  Something similar to ldap- 
> attribute? Or maybe
> just move the satisfy flag to an ldap specific directive like  
> 'LDAPSatisfyAll'
> to remove any confusion on what it does?

LDAPSatisfyAll might be a possibility but I am a little concerned about
heading down a road for one specific module that might be hard to come
back from when we decide to implement it for all auth modules.  I still
like the concept and I would suggest that an enhancement be submitted in
bugzilla for Apache 2.3.  I don't think that we would be able to make it
for 2.2.


View raw message