DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40075>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40075 ------- Additional Comments From [EMAIL PROTECTED] 2006-12-29 20:11 ------- Although I like the concept, I am still uncomfortable with the implementation from a configuration point of view. I have attached a patch which is actually closer to your first patch except it maintains the original functionality while enhancing the AuthLDAPGroupAttribute directive to support attributes that may contain a full DN. Actually, I think that was the original intent of AuthLDAPGroupAttributeIsDN but it appears to have been broken along the way. Anyway the proposed new syntax for AuthLDAPGroupAttribute is: AuthLDAPGroupAttribute attribute [DN | UN] ... where the keywords "DN" (Distinguished Name) and "UN" (User Name) can optionally follow each attribute in the list. If neither of the keywords are specified, then the attribute type follows the AuthLDAPGroupAttributeIsDN setting. The AuthLDAPGroupAttributeIsDN setting determines if a DN is required in the group comparison or not. If the AuthLDAPGroupAttribute list contains any UN's, then AuthLDAPGroupAttributeIsDN must be set to OFF otherwise the authorization will fail since it would be expecting to be able to resolve the user object to a DN within the LDAP directory. Let me know if this works for you, BTW, this patch is against trunk rather than the 2.2.x branch. If accepted, it would then need to be back ported. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
