> -----Original Message-----
> From: Graham Leggett
> Sent: Montag, 21. September 2009 12:54
> To: [email protected]
> Subject: Re: svn commit: r817064 - in
> /httpd/httpd/branches/2.2.x: STATUS modules/aaa/mod_authnz_ldap.c
>
> Ruediger Pluem wrote:
>
> >> @@ -559,12 +582,6 @@
> >> #endif
> >> }
> >>
> >> - if (!reqs_arr) {
> >> - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> >> - "[%" APR_PID_T_FMT "] auth_ldap
> authorise: no requirements array", getpid());
> >> - return sec->auth_authoritative? HTTP_UNAUTHORIZED
> : DECLINED;
> >> - }
> >> -
> >
> > Why is this not needed any longer?
>
> I read it that this:
>
> >> - if (!reqs_arr) {
> >> - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> >> - "[%" APR_PID_T_FMT "] auth_ldap
> authorise: no
> requirements array", getpid());
> >> - return sec->auth_authoritative? HTTP_UNAUTHORIZED
> : DECLINED;
> >> - }
> >> -
>
> was replaced by this:
>
> >> + if (!required_ldap) {
> >> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> >> + "[%" APR_PID_T_FMT "] auth_ldap authorise:
> declining to authorise (no ldap requirements)", getpid());
> >> + return DECLINED;
> >> + }
Yes, but the new code always returns DECLINED whereas the old one does
return DECLINED or HTTP_UNAUTHORIZED depending on sec->auth_authoritative.
But maybe it makes sense to return always DECLINED if there is no ldap-
require.
Regards
Rüdiger
