httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [PATCH] Fix "LDAPReferrals off"
Date Thu, 20 Jun 2013 12:55:23 GMT
On Thu, Jun 20, 2013 at 8:49 AM, Jan Kaluža <jkaluza@redhat.com> wrote:
> On 06/20/2013 02:41 PM, Eric Covener wrote:
>>
>> On Thu, Jun 20, 2013 at 8:33 AM, Jan Kaluža <jkaluza@redhat.com> wrote:
>>>
>>> On 06/20/2013 02:25 PM, Eric Covener wrote:
>>>>
>>>>
>>>> Do you think we should tolerate an error turning referrals off?
>>>
>>>
>>>
>>> That's good point.
>>>
>>> I'm not ldap expert, but I would say we should not tolerate that. Admin
>>> has
>>> to explicitly disable referrals and if he does that, he probably has some
>>> reason why to do it.
>>>
>>> But if someone more experienced thinks we should tolerate that error, I'm
>>> not against.
>>
>>
>> I'm only concerned with someone who was getting by with LDAPReferrals
>> OFF because the default gave their SDK an error.  Now OFF would be
>> fatal too.
>>
>> But it's not so easy to do a separate "default" option because other
>> parts of the code need to know if referrals are being chased.
>>
>
> In this case I think we could change the patch to not call ldap_set_option
> for referrals at all unless the admin specifies the value in config file. I
> mean to define AP_LDAP_CHASEREFERRALS_UNSET and if the ldc->chaseReferrals
> == AP_LDAP_CHASEREFERRALS_UNSET, then do nothing. I can submit patch like
> that tomorrow.
>
> This should be good for everyone, right?

I don't know what that means for other and/or older LDAP SDKs, so I
would rather not flip that.

Mime
View raw message