On 07/10/2013 07:22 AM, Jan Kaluža wrote:
On 07/09/2013 07:17 PM, Rainer Jung wrote:
On 09.07.2013 17:47, Joe Orton wrote:
On Thu, Jun 20, 2013 at 08:41:04AM -0400, Eric Covener wrote:
I'm only concerned with someone who was getting by with LDAPReferrals
OFF because the default gave their SDK an error. Now OFF would be
fatal too.
Just revisiting this... at least it seems clear that the docs do not
match the code here, in that "LDAPRerrals off" does something
surprising. So what are the choices?
a) Jan's suggestion: offer a tri-state option on/off/default where
"default" is equivalent to current "off".
Hi,
attached patch changes LDAPReferrals to tri-state logic.
- "on" - default. Calls apr_ldap_set_option to set referrals on.
- "off" - Calls apr_ldap_set_option to turn referrals off.
- "unset" - Does not call apr_ldap_set_option at all.
The "unset" option behaves like current "off" value (as implemented in
trunk) and can be used by admins who use LDAP implementation without
LDAP_OPT_REFERRALS support.
b) change the docs so that it is not implied that "LDAPReferrals off"
really disables referral processing.
c) ...something else?
But it's not so easy to do a separate "default" option because other
parts of the code need to know if referrals are being chased.
I don't follow that: if the intent here is retaining the current
behaviour of "LDAPReferrals off" for users who want that, then we can do
that easily.
Sorry I didn't yet really follow this discussion, but see PR 54358 for a
maybe related issue (platform on which ldap referrals are not
implemented in apr and default "On" leads to status 500).
Having tri-state logic (on/off/default) would fix this. If ldap
referrals are not supported, you would to set it to "default" in config
file and mod_ldap wouldn't try to do anything with ldap referrals.
I'm going to submit a patch here later today.
Regards,
Rainer
Regards,
Jan Kaluza
Regards,
Jan Kaluza
Index: modules/ldap/util_ldap.c
===================================================================
--- modules/ldap/util_ldap.c (revision 1501672)
+++ modules/ldap/util_ldap.c (working copy)
@@ -60,6 +60,7 @@
#endif
#define AP_LDAP_HOPLIMIT_UNSET -1
+#define AP_LDAP_CHASEREFERRALS_UNSET -1
#define AP_LDAP_CHASEREFERRALS_OFF 0
#define AP_LDAP_CHASEREFERRALS_ON 1
@@ -371,7 +372,7 @@
ldap_option = ldc->deref;
ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &ldap_option);
- if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
+ if (ldc->ChaseReferrals != AP_LDAP_CHASEREFERRALS_UNSET) {
/* Set options for rebind and referrals. */
ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, r->server, APLOGNO(01278)
"LDAP: Setting referrals to %s.",
@@ -391,7 +392,9 @@
uldap_connection_unbind(ldc);
return(result->rc);
}
+ }
+ if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
if ((ldc->ReferralHopLimit != AP_LDAP_HOPLIMIT_UNSET) && ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
/* Referral hop limit - only if referrals are enabled and a hop limit is explicitly requested */
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, APLOGNO(01280)
@@ -2574,15 +2577,25 @@
static const char *util_ldap_set_chase_referrals(cmd_parms *cmd,
void *config,
- int mode)
+ const char *arg)
{
util_ldap_config_t *dc = config;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, APLOGNO(01311)
- "LDAP: Setting referral chasing %s",
- (mode == AP_LDAP_CHASEREFERRALS_ON) ? "ON" : "OFF");
+ "LDAP: Setting referral chasing %s", arg);
- dc->ChaseReferrals = mode;
+ if (0 == strcasecmp(arg, "on")) {
+ dc->ChaseReferrals = AP_LDAP_CHASEREFERRALS_ON;
+ }
+ else if (0 == strcasecmp(arg, "off")) {
+ dc->ChaseReferrals = AP_LDAP_CHASEREFERRALS_OFF;
+ }
+ else if (0 == strcasecmp(arg, "unset")) {
+ dc->ChaseReferrals = AP_LDAP_CHASEREFERRALS_UNSET;
+ }
+ else {
+ return "LDAPReferrals must be On, Off or Unset";
+ }
return(NULL);
}
@@ -3106,9 +3119,9 @@
"Specify the LDAP socket connection timeout in seconds "
"(default: 10)"),
- AP_INIT_FLAG("LDAPReferrals", util_ldap_set_chase_referrals,
+ AP_INIT_TAKE1("LDAPReferrals", util_ldap_set_chase_referrals,
NULL, OR_AUTHCFG,
- "Choose whether referrals are chased ['ON'|'OFF']. Default 'ON'"),
+ "Choose whether referrals are chased ['ON'|'OFF'|'UNSET']. Default 'ON'"),
AP_INIT_TAKE1("LDAPReferralHopLimit", util_ldap_set_referral_hop_limit,
NULL, OR_AUTHCFG,
