httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <>
Subject Re: authnz_ldap in 2.2.x
Date Wed, 29 Aug 2007 21:14:52 GMT
On 8/29/07, Brad Nicholes <> wrote:
> The only real reason why you have to set LDAP to
> non-authoritative when using LDAP authn only, is because LDAP
> had to combine both authn and authz into the same module.  This
> is not a good practice in general, but in the case of LDAP there
> was so much code and data overlap between authn_ldap and
> authz_ldap, that splitting them apart was a problem.

To clarify; I understand not duplicating valid-user, but the other
authz modules know to decline when they haven't seen a single
requirement they grok, which allows mod_authz_user to authorize the
request in the case of "Require valid-user".   I don't think the
coupling is a factor there.

Eric Covener

View raw message