On Fri, Jan 16, 2009 at 3:02 PM, Graham Leggett <[email protected]> wrote:
> Jeff Trawick wrote: > > With Ubuntu's packaging of OpenLDAP 2.4.9 and whatever OpenLDAP is in >> Leopard.latest, LDAP_OPT_REFHOPLIMIT is defined in ldap.h but the library >> returns an error when trying to set it to 5 (httpd LDAP's default value). >> This is apparently a wide-spread issue ( >> http://article.gmane.org/gmane.network.openldap.devel/3619). >> >> The intent in apr_ldap_set_option() is apparently to ignore lack of >> support for LDAP_OPT_REFHOPLIMIT, but that is implemented with this >> compile-time check: >> >> #if !defined(LDAP_OPT_REFHOPLIMIT) || APR_HAS_NOVELL_LDAPSDK >> >> How to handle... Ignore failures and return success if >> LDAP_OPT_REFHOPLIMIT defined but the set fails? >> >> (As an aside, this busts httpd trunk's LDAP auth with these libraries >> until you set LDAPReferrals Off.) >> > > I suspect the right way to fix this is for APR to be honest about the > support for LDAP_OPT_REFHOPLIMIT - if the compile time test determines that > REFHOPLIMIT is either truly unsupported or broken, the attempt should return > APR_ENOTIMPL. Since OpenLDAP defines the option but (at least in common levels) fails the option at run-time, I guess you mean a configure test instead of a compile test, using a test program that sets proceeds far enough along with the LDAP setup to see if LDAP_OPT_REFHOPLIMIT works? At some point a run-time check has to decide that LDAP_OPT_ERR from ldap_set_option(..,LDAP_OPT_REFHOPLIMIT...) means not-implemented. Alternatively, many apps should just decide that a failure of that option is not important.
