DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40075>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40075 ------- Additional Comments From [EMAIL PROTECTED] 2007-01-16 10:41 ------- In the last patch that I included against TRUNK, that return has been removed. This return statement as well as the comment that you are referring to is exactly why I stated in reply #11 that I think that the original intent of AuthLDAPGroupAttributeIsDN was broken. In the attached patch, if the LDAP search fails, a DEBUG level message will be written but the request processing won't stop. The check that replicates the RequireDN-like functionality comes about 10 lines below there when sec->group_attrib_is_dn is checked. If sec->group_attrib_is_dn (ie. AuthLDAPGroupAttributeIsDN) is true, the request is denied. If it is false and a user id exists, then the request is allowed to continue and the user id is compared against the membership attributes. Take a look at the 12/19 patch that I attached against TRUNK. FYI, this patch (or any other patch) will have to be applied against TRUNK first and then backported to 2.2 if accepted. So all further coding and evaluation should be done with TRUNK and not the 2.2 branch. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
