On 06 Jun 2011, at 11:53 PM, William A. Rowe Jr. wrote:
Since the move from apr-util-ldap to ap_ldap, mod_ldap needs to be
loaded before mod_authnz_ldap. This is somewhat annoying because the
default httpd.conf tries to load mod_authnz_ldap first. Any ideas how
to fix this or do we just change the order in the default httpd.conf?
I believe the entire fix may be an entry point to apr_ldap_parse_uri
(check your own binaries to confirm). Setting up a single entry point
should be trivial, if its appropriate.
This is not so, to fix this, you would need to wrap every single LDAP
API function call[1] in an optional function, and if you did that, you
would solve the problem that caused you to want to remove apr_ldap
from APR in the first place, making the whole exercise pointless - you
may as well just have fixed apr-ldap in place.
In it's current form, this change introduces module ordering bugs to
httpd that we haven't suffered for a decade.
In addition, the autoconf build is currently broken against apr v1.x
on MacOSX, and this is probably broken on other platforms as well.
This introduces serious inconvenience for vendors who have to mess
about trying to make all of this build all over again on all sorts of
platforms.
The timing cannot be worse - an already suboptimal API plus these new
bugs are being dumped into httpd in the final stages of trying to bake
the final version of httpd v2.4.0, which means we will be stuck with
this brokenness through the life of httpd v2.4.
There is no need for this move at all, as httpd works perfectly
against APR v1.x (or did until this change). APR v2.x hasn't gone
through any kind of stabilisation phase, never mind seen an alpha or
beta release, and so httpd v2.4.x being compatible with apr-trunk at
this stage is not necessary, especially seeing that when httpd v2.4 is
released, it's API is set in stone, but APR v2.0's API remains in
flux. Or to put it another way, the fact that apr_ldap is missing from
apr-trunk is not a problem for httpd v2.4, and can be solved after
httpd v2.4.
I am therefore vetoing this move of apr_ldap from APR to httpd.
We need to focus on getting httpd v2.4 out the door before worrying
about some future version of APR.
[1]
http://www-archive.mozilla.org/directory/ietf-docs/draft-ietf-ldapext-ldap-c-api-05.txt
Regards,
Graham
--
