On 08/26/2013 12:43 AM, Eric Covener wrote:
Sorry, just got to it in 1517388. At the last second I did a
s/unset/default (both are kind of misleading in their own way) -- let
me know if you hate the change and I can put it back.
Thanks for the commit. This looks OK.
One of us still owes doc.
Patch attached.
On Thu, Aug 22, 2013 at 8:29 AM, Jan Kaluža <[email protected]> wrote:
On 07/10/2013 02:39 PM, Eric Covener wrote:
attached patch changes LDAPReferrals to tri-state logic.
- "on" - default. Calls apr_ldap_set_option to set referrals on.
- "off" - Calls apr_ldap_set_option to turn referrals off.
- "unset" - Does not call apr_ldap_set_option at all.
+1, will let it stew here first and commit soon. PR54358 followup will
maybe provide something to further control how unset (== enabled on
openldap) will chase referrals but w/o rebind callback.
Hi, any luck with my patch? Do you have some comments regarding it? I would
really like to see this fixed also upstream :).
Regards,
Jan Kaluza
Jan Kaluza
Index: docs/manual/mod/mod_ldap.xml
===================================================================
--- docs/manual/mod/mod_ldap.xml (revision 1517781)
+++ docs/manual/mod/mod_ldap.xml (working copy)
@@ -510,7 +510,7 @@
<directivesynopsis>
<name>LDAPReferrals</name>
<description>Enable referral chasing during queries to the LDAP server.</description>
-<syntax>LDAPReferrals <var>On|Off</var></syntax>
+<syntax>LDAPReferrals <var>On|Off|default</var></syntax>
<default>LDAPReferrals On</default>
<contextlist><context>directory</context><context>.htaccess</context></contextlist>
<override>AuthConfig</override>
@@ -518,11 +518,12 @@
<usage>
<p>Some LDAP servers divide their directory among multiple domains and use referrals
to direct a client when a domain boundary is crossed. By setting <code>LDAPReferrals On</code>
- referrals will be chased (setting it to off causes referrals to be ignored). The directive
- <code>LDAPReferralHopLimit</code> works in conjunction with this directive to limit the
- number of referral hops to follow before terminating the LDAP query. When referral processing
- is enabled client credentials will be provided, via a rebind callback, for any LDAP server
- requiring them. </p>
+ referrals will be chased (setting it to off causes referrals to be ignored, setting it to
+ "default" causes httpd to not even try setting referrals On or Off and keeps the referral
+ chasing untouched). The directive <code>LDAPReferralHopLimit</code> works in conjunction with
+ this directive to limit the number of referral hops to follow before terminating the LDAP query.
+ When referral processing is enabled client credentials will be provided, via a rebind callback,
+ for any LDAP server requiring them. </p>
</usage>
</directivesynopsis>
