Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 90816 invoked from network); 8 Sep 2005 14:21:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 8 Sep 2005 14:21:14 -0000 Received: (qmail 30271 invoked by uid 500); 8 Sep 2005 14:21:10 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 30231 invoked by uid 500); 8 Sep 2005 14:21:10 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 30218 invoked by uid 99); 8 Sep 2005 14:21:09 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Sep 2005 07:21:09 -0700 X-ASF-Spam-Status: No, hits=0.4 required=10.0 tests=DNS_FROM_RFC_ABUSE X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [137.65.81.172] (HELO lucius.provo.novell.com) (137.65.81.172) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Sep 2005 07:21:21 -0700 Received: from INET-PRV1-MTA by lucius.provo.novell.com with Novell_GroupWise; Thu, 08 Sep 2005 08:21:07 -0600 Message-Id: <431FF425.6720.00AC.0@novell.com> X-Mailer: Novell GroupWise Internet Agent 7.0 Date: Thu, 08 Sep 2005 08:20:56 -0600 From: "Brad Nicholes" To: , Cc: Subject: Re: [PATCH] mod_authnz_ldap and satisfy all References: <364AACA5-D646-4AF4-B0A5-B08A8A862FD8@pobox.com> <431C1ADC.1060900@sharp.fm> <431EBA81.6720.00AC.0@novell.com> <6D46407F-DCBF-4B17-976E-9721F176D492@pobox.com> In-Reply-To: <6D46407F-DCBF-4B17-976E-9721F176D492@pobox.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 500/1000/N >>> On Wednesday, September 07, 2005 at 5:47:10 pm, in message <6D46407F-DCBF-4B17-976E-9721F176D492@pobox.com>, rmorgan@pobox.com wrote: > The requirement I'm trying to fulfill is multiple group requires > within ldap. > I figured making it generic within ldap using satisfy would be a good > idea, > though this seems to be blowing up into a much bigger issue. > I haven't given this a lot of thought yet but have you tried using "require ldap-filter" to do what you want? You should be able to write an ldap filter that would satisfy multiple groups. > Perhaps it would be easier if 'require ldap-group' could have > multiple groups > listed on a single require line? Something similar to ldap- > attribute? Or maybe > just move the satisfy flag to an ldap specific directive like > 'LDAPSatisfyAll' > to remove any confusion on what it does? > LDAPSatisfyAll might be a possibility but I am a little concerned about heading down a road for one specific module that might be hard to come back from when we decide to implement it for all auth modules. I still like the concept and I would suggest that an enhancement be submitted in bugzilla for Apache 2.3. I don't think that we would be able to make it for 2.2. Brad