Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 81840 invoked from network); 22 Feb 2010 17:08:08 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 22 Feb 2010 17:08:08 -0000 Received: (qmail 58081 invoked by uid 500); 22 Feb 2010 17:08:06 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 57992 invoked by uid 500); 22 Feb 2010 17:08:06 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 57981 invoked by uid 99); 22 Feb 2010 17:08:06 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Feb 2010 17:08:06 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of covener@gmail.com designates 216.239.58.185 as permitted sender) Received: from [216.239.58.185] (HELO gv-out-0910.google.com) (216.239.58.185) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Feb 2010 17:08:00 +0000 Received: by gv-out-0910.google.com with SMTP id n40so75730gve.23 for ; Mon, 22 Feb 2010 09:07:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=mYxYgw4Fc9nZuHeq/PQiMR6KBHSRMH4KttW63XaMabY=; b=oP2/2TkNNDf6AAm6Prj6E8DxSwgHa5Nnc2H7B2WlF4SycqCzYbM/ItZQVc+S3cbKq6 Y1yThel/RMr/zBACkJYKgyYOYjQuNkcoWYcPxxuPe+08xBNTCUhkeQXjLAs+8IrWWDxO yLoo464MyqA7Y59RlfEyYgNCyN28CLbSTcCo4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=v+Jh5t/cXJlgIHHK2HQbeoG/aqyKu4dmx6D4set+hye78hjrQSmQIocQKcOCL6qM5K PZQg/gjIcoRIobfwscAjlYWdJup8aL7vY1ntsgS70jJsrOm1RLpXP0yH3FLCtCpbOeWR +KJk5jWl1u6wkbAHOBIoKzle7vj6Z6XZO0TLs= MIME-Version: 1.0 Received: by 10.102.169.26 with SMTP id r26mr1399988mue.27.1266858458467; Mon, 22 Feb 2010 09:07:38 -0800 (PST) In-Reply-To: <5045A4D718CAB644BA24979206486B6006525574@hptimail03.HPTI.COM> References: <1266856492.88283.ezmlm@httpd.apache.org> <5045A4D718CAB644BA24979206486B6006525574@hptimail03.HPTI.COM> Date: Mon, 22 Feb 2010 12:07:38 -0500 Message-ID: <1404e5911002220907x6959ff26o803e6982abc31a26@mail.gmail.com> Subject: Re: [PATCH 48780] Input and improvements requested for suggested enhancement 48780 From: Eric Covener To: dev@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On Mon, Feb 22, 2010 at 11:46 AM, Thomas, Peter wrote: > [ c.f. https://issues.apache.org/bugzilla/show_bug.cgi?id=3D48780 ] > > Eric Covener has commented, and I replied, to my suggested enhancement > for mod_auth_ldap. =A0In this case, I am attempting to use LDAP for > authorization, accepting authentication from another provider--this > would most typically be mod_ssl, but I've seen other "in-family" cases > in Bugzilla's history where people are working to integrate SSO with > other authentication providers such as Kerberos [or more generally > GSSAPI]. > > The as-is implementation re-binds the LDAP connection using the user and > password provided to perform the compare phase. =A0The proposed patch add= s > a [non-default] option to the LDAP provider that causes the compare > phase to occur without a user-specific re-binding. I haven't dug too deeply, but I didn't see how the attached patch changed the authorization-time behavior. Can you elaborate? --=20 Eric Covener covener@gmail.com