httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Piotr Wadas <>
Subject httpd 2.0.5x apr_ldap and mod_ldap (util_ldap.c) considerations
Date Sat, 01 Apr 2006 10:44:39 GMT
Sending it here, because mod_ldap is distributed (as experimental), with
apache distribution I have. This is not a bug report, but a 
question what's the sense however it's 
probably discussion starting point

When I tried to use ldap_cache provided by ldap_module in my development 
works, I noticed, that this cache:

a. is not assigned per "ldc" ldap connection object - I mean all 
util_ldap_connectio_t uses the sam cache. I'm not sure whether its OK,
from developer point of view, You'd rather expect to another/new 
connection doesn't use a cache of previously used (currently active or 
not), connection. E.g. if I'd like to use two ldap connection 
independently, I'd expect they'll have separate cache, or at least
be able to set in module configuration, whether I want to use global
cache for all connections, or separate cache for each connection..

b. "inside" an ldap connection, I do parametrized search 
( base, scope etc.) util_ldap_cache_getuserdn call, and assign search 
result to some result object, like this:

result =  util_ldap_cache_getuserdn(r, ldc, conf->url, some_base_dn, 
LDAP_SCOPE_XXX, char* attributes[], filtbuff, &dn, &resultval);

  Next, within the same connection, when I do  the same assignment
again, but I replace "some_base_dn" with "some_another_base_dn", I
still have the same object in result.

So, to have differents result with different searches within the same
connection, I have to setup CacheTTL to 0, which makes ldap_cache useless.
Even, if I create a completely new connection, and within new connection
I do a search with just basedn changed in comparison to previous one, I 
still have the same object from cache. If I set cachettl to 0, everything
works fine, but cache is completely useless :(. I guess, that cached 
entries for a search, are related to a particular search, but matched 
against this search filter, not against filter _AND_ basedn - searches
with the same filter, but different base dn are not the same searches!

c. What about apr_ldap and util_ldap in general? It's quite useful anyway,
however it seems, that they've been designed to do some particular 
operations with ldap, but not to add general ldap support to httpd.
Currently I miss _very_ much a simple function which would return me
an entry object, with char * object_distinguished_name argument, probably 
as some apr_table would be beatiful.. Instead, if I want to use
mod_ldap cache, I need to play with getuserdn function, which actually
returns only and exactly ONE entry (if found), or nothing at all (if not 
found, or if found more than 1 entry).
Of course I could use ldap.h SDK, however they're not util_ldap cached,
and, in this way, I use two different kinds of ldap connections / object 
retrieving methods. Or leave util_ldap completely.. So, some simple
read_only method implementing some ldap_get_object would be ideal, 
regarding to above issues..

Thanks for Your comments :)

View raw message