httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [PATCH 48780] Input and improvements requested for suggested enhancement 48780
Date Mon, 22 Feb 2010 17:07:38 GMT
On Mon, Feb 22, 2010 at 11:46 AM, Thomas, Peter <pthomas@hpti.com> wrote:
> [ c.f. https://issues.apache.org/bugzilla/show_bug.cgi?id=48780 ]
>
> Eric Covener has commented, and I replied, to my suggested enhancement
> for mod_auth_ldap.  In this case, I am attempting to use LDAP for
> authorization, accepting authentication from another provider--this
> would most typically be mod_ssl, but I've seen other "in-family" cases
> in Bugzilla's history where people are working to integrate SSO with
> other authentication providers such as Kerberos [or more generally
> GSSAPI].
>
> The as-is implementation re-binds the LDAP connection using the user and
> password provided to perform the compare phase.  The proposed patch adds
> a [non-default] option to the LDAP provider that causes the compare
> phase to occur without a user-specific re-binding.

I haven't dug too deeply, but I didn't see how the attached patch
changed the authorization-time behavior.  Can you elaborate?

-- 
Eric Covener
covener@gmail.com

Mime
View raw message