DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43196>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43196 ------- Additional Comments From [EMAIL PROTECTED] 2007-08-29 01:50 ------- (In reply to comment #11) Hi Rici, I'm working with Jesus at the thing. > Although the <Location /> block presented above has a 'Require ldap-attribute' > directive in it, I suspect that the configuration actually used to generate > the debugging output did not have that directive, and that the only require > directive in the <Location /> block was "require valid-user". That's > consistent with the debugging output, and demonstrates that the <Location /> > block was merged last (in the second debugging run, with a direct url to the > file); the request succeeds since the userid has been authenticated. You are right the config of the debug output had just "require valid-user" as require directive. > This leaves the question of why mod_autoindex denied access to the file when > creating a directory listing. The answer is that mod_autoindex does a > ap_sub_req_lookup_dirent() to check the file; as far as I know, that version > of sub_req does not do a <Location /> merge. > > If there is a bug here, it's a documentation bug; the documentation for > <Location> correctly states: > Use <Location> to apply directives to content that lives outside > the filesystem. For content that lives in the filesystem, use > <Directory> and <Files>. > > But then goes on to say: > An exception is <Location />, which is an easy way to apply > a configuration to the entire server. > > As can be seen here, attempts to use <Location /> for the purpose of > applying a default configuration to the entire server are likely to > fail, and the documentation possibly should be tightened up. So you are saying that the <Location /> "wins" over the .htaccess inside the directory because is merged last and the thing that we put inside the <Directory> an "AllowOverride All" does non count at all... The fact that mod_autoindex is not showing the files in any case is highly misleading. A non careful administrator could just stop there and conclude that "yes it's working". So either also mod_autoindex shows the files or also mod_authnz_ldap behaves as mod_autoindex. We cannot have to modules that work in so different way on a so crucial thing. Moreover this way the admin lose a lot of power on fine-grained access control and easiness of configuration. But anyway those are just my opinions, on the other hand what is your advice? Just change the <Location /> for the root <Directory ...> and then specify other Locations residing outside that directory if needed? Thanks Stefano -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
