https://issues.apache.org/bugzilla/show_bug.cgi?id=48340
--- Comment #4 from Eric Covener <[email protected]> 2009-12-08 05:34:19 UTC --- > I'm wondering what we're accomplishing by doing the authorization with the > bound user? We're already using the config-supplied DN and password to bind > during the authentication phase, and your patch still requires authentication > to be provided by mod_authnz_ldap (to cache the password for the authorization > bind), so what are we gaining by binding as the user only in the latter phase? > Reporter has an LDAP server that allows anonymous searches but does not allow anonymous compares [rather it's configured that way]. So he leaves off the bind dn/password to retrieve the DN, but can't do certain types of authz anonymously. If I commit the patch, I will make the directive sound less general and put some time into the doc. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
