Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 61352 invoked from network); 18 Mar 2006 12:05:39 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 18 Mar 2006 12:05:38 -0000 Received: (qmail 64579 invoked by uid 500); 18 Mar 2006 12:05:34 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 64522 invoked by uid 500); 18 Mar 2006 12:05:34 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 64511 invoked by uid 99); 18 Mar 2006 12:05:34 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Mar 2006 04:05:34 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of trawick@gmail.com designates 64.233.162.204 as permitted sender) Received: from [64.233.162.204] (HELO zproxy.gmail.com) (64.233.162.204) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Mar 2006 04:05:33 -0800 Received: by zproxy.gmail.com with SMTP id l1so788757nzf for ; Sat, 18 Mar 2006 04:05:12 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Kn/+jO3HImuPJGYNBrDumIOhhzd/BJCZtC03TqvdhqFKRhQNmVkzHH0DaS7olMjQmgvugI+F/rIZnHyIKZ89U9PomT0XzSXwbyZr4M5/hlLym58Qbkj6R8YsHwV7E+W0tdJELwJ3yZpSuX3FiTHHMxpC1k+GfdoKv12VwAZZ+4c= Received: by 10.36.61.10 with SMTP id j10mr5350172nza; Sat, 18 Mar 2006 04:05:04 -0800 (PST) Received: by 10.36.72.17 with HTTP; Sat, 18 Mar 2006 04:05:03 -0800 (PST) Message-ID: Date: Sat, 18 Mar 2006 07:05:03 -0500 From: "Jeff Trawick" To: dev@httpd.apache.org Subject: Re: svn commit: r386776 - in /httpd/httpd/trunk/docs/manual/mod: mod_ldap.html.en mod_ldap.xml In-Reply-To: <441BE7E2.8030801@sharp.fm> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20060318004816.15893.qmail@minotaur.apache.org> <441BE7E2.8030801@sharp.fm> X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N On 3/18/06, Graham Leggett wrote: > trawick@apache.org wrote: > > > URL: http://svn.apache.org/viewcvs?rev=3D386776&view=3Drev > > Log: > > LDAPConnectionTimeout and LDAPVerifyServerCert can be configured > > per-vhost > > We need to note in addition to this that not all LDAP SDK libraries > support the concept of separately configurable "verify server cert" > behaviour. > > In other words, even though you specify LDAPVerifyServerCert in LDAP > connections from vhost A, you end up overriding this when you specify it > in vhost B. > > This affects people using the Novell SDK. Beyond doc, do you agree we can change the code so that the virtual host configuration is disallowed when APR_HAS_NOVELL_LDAPSDK? > I think putting a note in the directive pointing people to > http://httpd.apache.org/docs/2.2/mod/mod_ldap.html#settingcerts will > save some questions on mailing lists. Sure. If we tweak the code to disallow vhost coding for libraries where we know it doesn't work, that will affect the wording.