On 24 Nov 2023, at 14:25, Ruediger Pluem <rpl...@apache.org> wrote:
>> + req->dn = dn;
>
> Don't we need to save the vals as well?
We do - and we also need to apr_pstrdup() the dn to be consistent with the rest.
Index: modules/aaa/mod_authnz_ldap.c
===================================================================
--- modules/aaa/mod_authnz_ldap.c (revision 1914090)
+++ modules/aaa/mod_authnz_ldap.c (working copy)
@@ -1453,7 +1453,6 @@
t = require;
if (t[0]) {
- const char **vals;
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02630)
"auth_ldap authorize: checking filter %s", t);
@@ -1460,11 +1459,11 @@
/* Search for the user DN */
result = util_ldap_cache_getuserdn(r, ldc, sec->url, sec->basedn,
- sec->scope, sec->attributes, t, &dn, &vals);
+ sec->scope, sec->attributes, t, &dn, &(req->vals));
/* Make sure that the filtered search returned a single dn */
if (result == LDAP_SUCCESS && dn) {
- req->dn = dn;
+ req->dn = apr_pstrdup(r->pool, dn);
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02631)
"auth_ldap authorize: require ldap-search: "
"authorization successful");
Regards,
Graham
—
