On 24 Nov 2023, at 14:25, Ruediger Pluem <rpl...@apache.org> wrote: >> + req->dn = dn; > > Don't we need to save the vals as well?
We do - and we also need to apr_pstrdup() the dn to be consistent with the rest. Index: modules/aaa/mod_authnz_ldap.c =================================================================== --- modules/aaa/mod_authnz_ldap.c (revision 1914090) +++ modules/aaa/mod_authnz_ldap.c (working copy) @@ -1453,7 +1453,6 @@ t = require; if (t[0]) { - const char **vals; ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02630) "auth_ldap authorize: checking filter %s", t); @@ -1460,11 +1459,11 @@ /* Search for the user DN */ result = util_ldap_cache_getuserdn(r, ldc, sec->url, sec->basedn, - sec->scope, sec->attributes, t, &dn, &vals); + sec->scope, sec->attributes, t, &dn, &(req->vals)); /* Make sure that the filtered search returned a single dn */ if (result == LDAP_SUCCESS && dn) { - req->dn = dn; + req->dn = apr_pstrdup(r->pool, dn); ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02631) "auth_ldap authorize: require ldap-search: " "authorization successful"); Regards, Graham —