httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Gustafson <...@soe.ucsc.edu>
Subject Re: [users@httpd] Question about mod_ldap and the LDAP Cache
Date Thu, 03 Mar 2011 00:05:45 GMT
>> I need to figure out some way of invalidating the LDAP
>> cache so that the user is then prompted for their new
>> password

> I don't think there's currently any way to do this, but it
> sounds like a useful feature if you want to open an enhancement
> request. I suspect a directive could be added that invalidated
> the cached stuff for the currently logged in user, and you'd
> wrap it in a Directory/Location container that would trigger
> when the passwd-changing URL was accessed

Well, I figured out a work-around for now.  In my PHP code, if the LDAP bind fails, I'm sending
back the same "401/Unauthorized" headers that mod_ldap would send if the password didn't match
the cache, which causes the browser to prompt for the update login name and password.  This
seems to work well for me.

But, it may be worth noting that mod_ldap ought to allow the cache to be cleared somehow,
or at least for me to be able to tell mod_ldap to not cache credential information for a particular
<VirtualHost>, <Location> or <Directory>, rather than having the cache settings
be server-wide only.

Tim Gustafson
Baskin School of Engineering
UC Santa Cruz
tjg@soe.ucsc.edu
831-459-5354

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message