Are there any comments on this? If not then I would like to make the type name changes in trunk and then push them back into the 2.2 branch. I don't consider this a show-stopper for the 2.1.7-beta candidate but the conflict does need to be resolved before 2.2 is released.
Brad >>> On Friday, August 26, 2005 at 9:44:31 am, in message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > I am looking for comments from those who helped to implement the > refactored authentication model and those who helped restructure the > authentication modules. > > One of the problems that I discovered while working on the > restructuring of the authnz_ldap module was the name space for the > authorization types. I found that the 2.0 version of mod_auth_ldap > implemented authorization types such as "valid-user", "user" and > "group". After creating mod_authnz_ldap and restructuring the ldap > authorization types, I found that using these authorization type names > conflicted with mod_authz_user and mod_authz_groupfile. Meaning that if > mod_authnz_ldap was loaded along side of mod_authz_user or > mod_authz_groupfile, the authorization module that actually attempted to > handle authorization was at the mercy of the module load order and in > most cases was wrong. In other words, the following configuration would > not be able to accurately determine which authz module should be > handling authorization. > > LoadModule authnz_ldap_module modules/mod_authnz_ldap.so > LoadModule authz_user_module modules/mod_authz_user.so > > <Directory ...> > ... > require user bnicholes > </Directory> > > To resolve this issue I prefixed the ldap authorization types with > "ldap-". > > Looking through the authorization types for the other authz modules > I noticed that there are other similar conflicts. > > mod_authz_dbm file-group, group > mod_authz_groupfile file-group, group > mod_authz_owner file-group > > I would propose that the following renaming or elimination of types > should be done before Apache 2.2 is released in order to resolve the > conflicts > > mod_authz_dbm dbm-group > mod_authz_groupfile group > mod_authz_owner file-group > > > Comments? > > Brad
