httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <>
Subject Re: svn commit: r386776 - in /httpd/httpd/trunk/docs/manual/mod:mod_ldap.html.en mod_ldap.xml
Date Sat, 18 Mar 2006 17:24:37 GMT

>>> Graham Leggett <> 3/18/2006 3:58:42 am >>> wrote:

> URL: 
> Log:
> LDAPConnectionTimeout and LDAPVerifyServerCert can be configured
> per-vhost
>We need to note in addition to this that not all LDAP SDK libraries 
>support the concept of separately configurable "verify server cert" 
>In other words, even though you specify LDAPVerifyServerCert in LDAP 
>connections from vhost A, you end up overriding this when you specify it 
>in vhost B.
>This affects people using the Novell SDK.
>I think putting a note in the directive pointing people to 
> will 
>save some questions on mailing lists.

Now that you mention it, allowing LDAPVerifyServerCert and LDAPConnectionTimeout to be overwritten
in a vhost is still wrong.  According to the code, none of the SDKs support setting verify
server cert on a per-connection basis, therefore GLOBAL_ONLY needs to be put back on this
directive and vhost merging needs to be modify to reflect that.  The connection time out appears
to be supported per-connection for the OpenLDAP SDK but the Novell LDAP SDK only supports
it on a global basis.  I would suggest that we make LDAPConnectionTimeout GLOBAL_ONLY also
since having the ability to set the timeout on a vhost basis has little value anyway.


View raw message