httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Morgan <rmor...@pobox.com>
Subject Re: [PATCH] mod_authnz_ldap and satisfy all
Date Tue, 06 Sep 2005 23:23:11 GMT
On Sep 5, 2005, at 3:15 AM, Graham Leggett wrote:

> Ryan Morgan wrote:
>
>>    require ldap-group cn=Engineering,ou=Groups,o=SomeCompany,c=US
>>    require ldap-group cn=QA,ou=Groups,o=SomeCompany,c=US
>>    satisfy all
>
>> Could someone provide feedback on whether this is a feature that   
>> could be
>> added to the ldap module?
>>
>
> Definitely a +1 in concept. Do the other authz modules handle  
> satisfy all in the same way?
>

Great.. Thanks for taking a look Graham.

Other than mod_access, none of the other authz modules handle the  
satisfy
directive.  mod_access uses it to specify how to handle authorization  
when
both the require and allow directives are used.

This patch builds on that concept, but handles the case where  
multiple require
lines are present.  I figured using satisfy made more sense than  
adding another
directive to the ldap module.  It's entirely possible that satisfy  
was not meant
to be used this way, but it seems to fit in nicely.

> A quick eyeball of the patch shows up some C++ comments - can you  
> convert them to C comments?
>

Sorry about that, attached is an updated patch.

-Ryan


Mime
View raw message