httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Kaluža <>
Subject Re: [PATCH] Fix "LDAPReferrals off"
Date Wed, 10 Jul 2013 12:08:11 GMT
On 07/10/2013 07:22 AM, Jan Kaluža wrote:
> On 07/09/2013 07:17 PM, Rainer Jung wrote:
>> On 09.07.2013 17:47, Joe Orton wrote:
>>> On Thu, Jun 20, 2013 at 08:41:04AM -0400, Eric Covener wrote:
>>>> I'm only concerned with someone who was getting by with LDAPReferrals
>>>> OFF because the default gave their SDK an error.  Now OFF would be
>>>> fatal too.
>>> Just revisiting this... at least it seems clear that the docs do not
>>> match the code here, in that "LDAPRerrals off" does something
>>> surprising.  So what are the choices?
>>> a) Jan's suggestion: offer a tri-state option on/off/default where
>>> "default" is equivalent to current "off".


attached patch changes LDAPReferrals to tri-state logic.

- "on" - default. Calls apr_ldap_set_option to set referrals on.
- "off" - Calls apr_ldap_set_option to turn referrals off.
- "unset" - Does not call apr_ldap_set_option at all.

The "unset" option behaves like current "off" value (as implemented in 
trunk) and can be used by admins who use LDAP implementation without 

>>> b) change the docs so that it is not implied that "LDAPReferrals off"
>>> really disables referral processing.
>>> c) ...something else?
>>>> But it's not so easy to do a separate "default" option because other
>>>> parts of the code need to know if referrals are being chased.
>>> I don't follow that: if the intent here is retaining the current
>>> behaviour of "LDAPReferrals off" for users who want that, then we can do
>>> that easily.
>> Sorry I didn't yet really follow this discussion, but see PR 54358 for a
>> maybe related issue (platform on which ldap referrals are not
>> implemented in apr and default "On" leads to status 500).
> Having tri-state logic (on/off/default) would fix this. If ldap
> referrals are not supported, you would to set it to "default" in config
> file and mod_ldap wouldn't try to do anything with ldap referrals.
> I'm going to submit a patch here later today.
>> Regards,
>> Rainer
> Regards,
> Jan Kaluza

Jan Kaluza

View raw message