in the Windows System event log.
Any ideas about what is going on here? So far we have been unable to even
reproduce the problem.
Thanks for any help,
Brad Warren
Senior Staff Technologist
Electronic Frontier Foundation
. The Netware version of Winsock
also has it's own implementation of SSL which is why most of the time mod_ssl
is not used by Apache for Netware. Basically, the Apache for Netware make
files should always be building with Winsock.
thanks,
Brad
> Rainer,
> Apologies for the silence, but my
I am a bit confused about the correct way to use the shared memory
functions in the APR library, namely, how do I create/open a shared memory
segment on the first process, and have subsequent processes use the same
shared memory area.
If I do a apr_shm_create and pass a NULL filename, APR uses
I would assume that subsequent callers could use apr_shm_attach to then
attach to an existing shared memory segment, however, it appears that
this
function is not used anywhere in the apache (2.2) code base whatsoever.
(It is used in one or two places in 2.3).
I assume you don't see it in
On a slightly related note - I have seen that the cgi-handler continues to
function for a GET request after a graceful restart, but not for a POST request.
Cheers,
Brad
On Wed, 13 Jan 2010 12:57:10 +0300
Alexey Vlasov ren...@renton.name wrote:
Hi.
It seems to me that graceful restart
should be no? The second issue is what should authnz_ldap do?
Authnz_ldap has already been coded for redundancy if it is configured for it.
If there is a problem in this case, then it is a bug that should be looked at.
Brad
' - surely some will use it for another 5 years
but not for 'new software'. Their 2.2 build is sufficient IMHO.
A totally separate vote/discussion is required on d...@apr.
FWIW, netware still builds and runs in trunk. If you yank the MPM, then I
guess netware really will be done. :(
Brad
On 3/26/2009 at 11:55 AM, in message
49cb6d2b02ac0003c...@lucius.provo.novell.com, Brad Nicholes
bnicho...@novell.com wrote:
On 3/26/2009 at 11:14 AM, in message 49cbb7d9.80...@rowe-clan.net,
William
A. Rowe, Jr. wr...@rowe-clan.net wrote:
traw...@gmail.com wrote:
Votes:
[+1] yank
On 3/26/2009 at 12:07 PM, in message
cc67648e0903261107l1302f629k95494e01834c6...@mail.gmail.com, Jeff Trawick
traw...@gmail.com wrote:
On Thu, Mar 26, 2009 at 7:05 PM, Brad Nicholes bnicho...@novell.com wrote:
On 3/26/2009 at 11:55 AM, in message
49cb6d2b02ac0003c
Brad
? Hopefully someone else has a good idea, or at least
stronger opinions. :-)
I think prefixing it with Authz probably makes more sense.
Brad
authnz directives yet, but it at least builds on
NetWare.
Brad
On 7/11/2008 at 5:30 PM, in message
[EMAIL PROTECTED], Roy T. Fielding
[EMAIL PROTECTED] wrote:
On Jul 11, 2008, at 2:14 PM, Brad Nicholes wrote:
On 7/11/2008 at 12:01 PM, in message
[EMAIL PROTECTED], David Shane
Holden [EMAIL PROTECTED] wrote:
Thanks for the link and description Brad
See inline comments below.
Brad
On 7/11/2008 at 12:26 AM, in message [EMAIL PROTECTED], David Shane
Holden [EMAIL PROTECTED] wrote:
I tried to build Apache from trunk tonight and noticed that this patch
broke something. I'm getting a 403 error when trying to browse to a
clean install
On 7/11/2008 at 12:01 PM, in message [EMAIL PROTECTED], David Shane
Holden [EMAIL PROTECTED] wrote:
Thanks for the link and description Brad. It makes sense now. Explains
why the default config was giving me a 403. The 'Require all denied'
was being inherited from the root directory
On 6/10/2008 at 6:50 PM, in message
[EMAIL PROTECTED], Jim Jagielski
[EMAIL PROTECTED] wrote:
Test tarballs for Apache httpd 2.2.9 are available at:
http://httpd.apache.org/dev/dist/
Your votes please;
+/-1
[ ] Release httpd-2.2.9 as GA
DO NOT begin distributing
On 4/18/2008 at 8:53 AM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
Brad Nicholes wrote:
I could go along with switching the default merging rule from OR to AND,
even within a dir block. The reason why it is OR today was basically
for backward compatibility
Trying to build mod_auth_form.c just produces link errors. I can see where the
optional function is imported as ap_session_set_fn() but then later referenced
as ap_session_set(). The code should be changed to use one or the other right?
Brad
On 4/14/2008 at 3:29 PM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
Brad Nicholes wrote:
This is where it starts to go wrong for me. Where it gets confusing
for somebody who is trying to figure out what the configuration
is doing is:
Directory /www/pages
line above. But if we want to get the
passion back in the project, then it might be time for the project to take some
more risks. Release because it is the right thing to do.
Brad
as desired.
Brad
On 4/14/2008 at 12:21 PM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
Brad Nicholes wrote:
I'm not real excited about adding a new authz directive. Authn and
authz are already very complex and adding a new directive to the mix will
just help to confuse people even
module
load stage rather than the preload stage.
Brad
more powerful and
predictable. I'm just not sure what the right compromise is.
Brad
On 4/10/2008 at 2:00 PM, in message [EMAIL PROTECTED],
Ruediger
Pluem [EMAIL PROTECTED] wrote:
On 10.04.2008 18:11, Brad Nicholes wrote:
On 4/10/2008 at 12:12 AM, in message
[EMAIL PROTECTED],
Ruediger
Pluem [EMAIL PROTECTED] wrote:
On 10.04.2008 00:49, [EMAIL PROTECTED] wrote:
Author
On 4/8/2008 at 10:41 AM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
Brad Nicholes wrote:
Directory /www/pages
Reject ip 127.0.0.1//Or any other Require directive
/Directory
Directory /www/pages/whatever
...
/Directory
Since the /www
On 4/4/2008 at 4:33 PM, in message [EMAIL PROTECTED], Chris
Darroch [EMAIL PROTECTED] wrote:
Brad Nicholes wrote:
So here was the thinking behind it when AuthzMergeRules was introduced.
Maybe there is still a bug here that needs to be addressed.
http://mail-archives.apache.org/mod_mbox
a single directory
block. This avoids having to resolve logic conflicts and precedents between
two different directives, AuthzMergeRules and SatisfyXXX
Brad
the authz refactor.
http://people.apache.org/~bnicholes/presentations/ApacheconUS2007_autharch.ppt
Brad
-dev/200607.mbox/[EMAIL PROTECTED]
Brad
associated with that :)
Please let's get 2.4 out. It would be great to finally have the new Authz
configuration logic see the light of day along with other functionality that
has been sitting around for a while.
Brad
should have a had a more
closer
look on what Brad (no blame game intended against anyone as I
failed to
do
proper review back then) did there in the past to highlight issues
earlier,
but my gut feeling tells me that there are still some surprises in
this
code
regarding bugs
-directory basis, it might get a
little tricky depending on the LDAP SDK that is being used.
Brad
On 1/11/2008 at 7:09 AM, in message
[EMAIL PROTECTED], Jim Jagielski
[EMAIL PROTECTED] wrote:
I am calling for a release VOTE on the above releases of
Apache HTTP Server (1.3.41, 2.0.63 and 2.2.8).
Pre-release tarballs of Apache HTTP Server 1.3.41, 2.0.63
and 2.2.8 are available for
.
Brad
this discussion with somebody a year or more ago. You might want to
check the list archive. Other than that, we would just have to discuss what
the test suite is doing and how it might be reworked.
Brad
Brad
referenced by
somebody (although it shouldn't be).
Brad
to chew on.
Not to mention that it would be good for folks to start exploring
what needs to be fixed in the API, etc.
+1, It's been almost 2 years since the new provider based authorization code
was added to 2.3. I would really like to see how it stands up.
Brad
Sept 6, 2007 and close
Sept 7, unless otherwise noted...
+/-1 (x == +1)
[ ]apache_1.3.39
[ ]httpd-2.0.61
[ ]httpd-2.2.6
Thanks!!
+1 all Netware
Brad
statement exists? According to what you are saying as well as what the code is
currently saying in the other authz modules, the latter is true. And if that
is really the definition of AuthzXXXAuthoritative, then it appears that
authnz_ldap needs to be fixed.
Brad
and authz_ldap, that
splitting them apart was a problem.
Brad
On 8/29/2007 at 3:14 PM, in message
[EMAIL PROTECTED], Eric Covener
[EMAIL PROTECTED] wrote:
On 8/29/07, Brad Nicholes [EMAIL PROTECTED] wrote:
The only real reason why you have to set LDAP to
non-authoritative when using LDAP authn only, is because LDAP
had to combine both authn and authz
related to
Apache, becoming more limited, even that is stretching it. I think that there
are sometimes when lazy consensus needs to override strict RTC. NetWare is one
of them. So for now like Justin said, at least 2 +1's is better than nothing.
:)
Just my thinking,
Brad
, rather than a Tomcat re-write, since the caching,
thread-safety, security, etc. is largely handled by httpd. I'm hoping that
much of the domain-specific logic can be re-used and moved into modules.
Comments anyone? Pros? Cons? Has anyone attempted anything like this?
Thanks.
Brad
--
View
, in the
first place it would no longer be authz but just mod_access again and you
wouldn't be able to include host, IP, ENV, etc. as part of an authorization
rule. But I agree that mod_access_compat name no longer makes sense.
Brad
On 5/2/2007 at 1:47 PM, in message
[EMAIL PROTECTED], Joshua Slive
[EMAIL PROTECTED] wrote:
On 5/2/07, Brad Nicholes [EMAIL PROTECTED] wrote:
Yeah, that's where I mentioned that things might look a little confusing.
There actually is a good reason to have both and yes some
On 4/30/2007 at 10:13 AM, in message
[EMAIL PROTECTED], Patrick Welche
[EMAIL PROTECTED] wrote:
On Fri, Apr 27, 2007 at 03:44:08PM -0600, Brad Nicholes wrote:
On 4/27/2007 at 11:30 AM, in message
[EMAIL PROTECTED], Patrick Welche
[EMAIL PROTECTED] wrote:
...
Using httpd trunk 529626
On 4/30/2007 at 9:54 AM, in message
[EMAIL PROTECTED], Joshua Slive
[EMAIL PROTECTED] wrote:
On 4/27/07, Brad Nicholes [EMAIL PROTECTED] wrote:
It's beginning to look like Order, Allow, Deny, Satisfy can't be deprecated
after all. However I still think that there is a usefulness
of authorization rules defined by require.
Brad
provider based authz.
Brad
On 4/19/2007 at 11:36 AM, in message
[EMAIL PROTECTED], Guenter Knauf
[EMAIL PROTECTED] wrote:
Hi Brad,
I've just found that we have same bug in the AP13 build system as what I
fixed long time ago with the AP2x build system already; in each
NWGNUmakefile.mak you can read:
#
# These flags
On 3/9/2007 at 11:22 AM, in message
[EMAIL PROTECTED], Guenter Knauf
[EMAIL PROTECTED] wrote:
Hi Brad,
can you please commit the attached makefiles to the 'experimental' modules
folder,
and patch the existing NWGNUmakefile in order to pick up the new ones?
Since its no code change probably
not include the
#define.
Brad
On Wed, Mar 7, 2007 at 8:36 AM, in message
[EMAIL PROTECTED], David Jones
[EMAIL PROTECTED] wrote:
Patch to commit if no further comments.
Note that it does not have the ZOS define yet, and does not synch apr- util
with httpd.
to avoid synch problems i could add
Looks good, I think I like your first suggestion better, putting the #ifdef in
apr_ldap.h.in. This seems a little more straight forward rather than hiding
the value in configure.
Brad
On 3/1/2007 at 7:07 PM, in message
[EMAIL PROTECTED], David Jones
[EMAIL PROTECTED] wrote:
How about
that the other platforms or SDKs are
currently working.
Brad
On 2/28/2007 at 8:26 AM, in message
[EMAIL PROTECTED], David Jones
[EMAIL PROTECTED] wrote:
Sorry for the delay.
We use our own z/OS specific SDK. There is also a Tivoli SDK , [see Eric
Covener's appends and
http://issues.apache.org
What LDAP client SDK does z/OS use? (Novell, OpenLDAP, Netscape, Other???)
Brad
On 2/22/2007 at 12:52 PM, in message
[EMAIL PROTECTED], David Jones
[EMAIL PROTECTED] wrote:
Its the z/OS, has LDAP_NO_SIZELIMIT defined. Does not have nor support
LDAP_DEFAULT_SIZELIMIT
On 2/22/07, Brad
because not all of the SDKs
provide a #define yet they all seems to support the functionality. We just
need to validate that theory.
Brad
supporting LDAP_NO_LIMIT and other
supporting LDAP_DEFAULT_SIZELIMIT. The preference should be
LDAP_DEFAULT_SIZELIMIT (-1).
Brad
passing a -1 into OpenLDAP
without complaint, it is also working this way even through there isn't #define
for LDAP_DEFAULT_SIZELIMIT -1. The point being that the patch assumes that 0
and -1 are equivalent, but they aren't.
Brad
On 1/20/2007 at 8:05 AM, in message
[EMAIL PROTECTED], Guenter Knauf
[EMAIL PROTECTED] wrote:
Hi Brad,
I have just created a patch which changes a couple of NWGNU* files in order
to make it possible to specify another basedir during a 'make install' than
using the hardcoded 'Apache2
the problem for Win32. The other solution would be to abstract all of the LDAP
result codes into a set of APR_LDAP_xxx codes which is probably too big of a
changed for 2.2.x.
Other thoughts?
Brad
-2.2.4-win32-src.zip [.asc|.md5]
+/-1
[ ] Release httpd 2.2.4
Let the voting begin, and kick off 2.2.5 efforts. I understand Jim is still
interested in RM'ing 2.2.5 later this month.
Bil
+1 NetWare
Brad
On Mon, Dec 4, 2006 at 1:00 PM, in message
[EMAIL PROTECTED], Johanna Bromberg Craig
[EMAIL PROTECTED] wrote:
Hi,
I've addressed the feedback I received on my patch from Brad Nicholes
as follows:
I've reviewed all instances of util_ldap_compare() and
util_ldap_cache_comparedn
?
Thanks,
Johann
Johanna,
Sorry I haven't been able to get back to this quickly. I have been swamped
with my day job lately. I will try to find some time to review the patch and
hopefully have something to commit soon.
Brad
function as been implemented and
referenced through the authn_provider structure. As you noted in your message,
both authn_file and authn_ldap take care of this through the
authn_file_provider and authn_ldap_provider structures respectively.
Brad
On 11/7/2006 at 1:07 PM, in message
[EMAIL PROTECTED], Johanna Bromberg Craig
[EMAIL PROTECTED] wrote:
Hi,
I've addressed the feedback I received on my patch from Brad Nicholes
as follows:
I've restored AuthLDAPGroupAttribute to its former syntax and added a
new directive
with providers. Using the AuthBasicProvider or
AuthdigestProvider directives, you can specify which authentication providers
will be called for a specific directory or location and in what order.
Apache 2.3 goes even further to allow the same type of thing for authorization.
Brad
directive that defines authentication criteria (ie.
ldap server, bind user and password).
Brad
On 9/5/2006 at 6:54 AM, in message
[EMAIL PROTECTED], Rich Bowen
[EMAIL PROTECTED] wrote:
This went first to users@, but it appears that the auth-fu isn't
strong there right now. ;-)
I was hoping
On 9/1/2006 at 1:25 PM, in message [EMAIL PROTECTED],
William A.
Rowe, Jr. [EMAIL PROTECTED] wrote:
Project Committee Members...
Adopt [EMAIL PROTECTED],
+1
appreciated!
Appears to build and run on NetWare.
Brad
Good point, I have reverted the reject directive being definitive and
determined that I can achieve the same thing through other means. As
far as answering your question. You can do it now, this way:
SatisfyAll
reject ip 10.2
require ip 10.2.1
/SatisfyAll
Brad
need a specialized PAM group
authorization for example, rather than implementing another 'Require
group xxx' directive, you would need to implement a 'pam-group'
authorization type. See mod_authnz_ldap or mod_authz_dbm as examples.
Brad
On 8/2/2006 at 10:53 AM, in message [EMAIL PROTECTED],
Jason
Keltz [EMAIL PROTECTED] wrote:
Brad Nicholes wrote:
On 8/2/2006 at 9:01 AM, in message
[EMAIL PROTECTED],
Jason Keltz
Understand that I have not looked at the auth_pam module so I don't
know exactly what all of the different
rules. At least that is how I understood
access control to be working by default in the past. There was no concept of
inherited authz before 2.3. Also, Joshua pointed out a flaw in my thinking
which I am looking into now.
Brad
On 8/2/2006 at 3:39 PM, in message [EMAIL PROTECTED], Ruediger
Pluem [EMAIL PROTECTED] wrote:
On 08/02/2006 11:00 PM, Brad Nicholes wrote:
No, the default is to merge authz rules. At least that is how I understood
access control to be working by default in the past
in the usual http://httpd.apache.org/dev/dist/
+/-1 Package
[ ] apache_1.3.37
[ ] httpd-2.0.59
[ ] httpd-2.2.3
Many thanks in advance,
your humble RM,
Bil
+1 all NetWare
Brad
configuration for
your example should be
location /
require all granted
reject ip 127.0.0.1
/location
If you wanted it to work as it is now. This would basically be the
same as
location /
order allow,deny
deny from 127.0.0.1
/location
under 2.2 configuration syntax
Brad
it is. There still needs to be a
Require statement in the configuration somewhere.
Brad
Graham Leggett [EMAIL PROTECTED] 6/4/2006 2:42 AM
Brad Nicholes wrote:
Should we define our own macro which uses LDAP_SECURITY_ERROR or
the
more detailed logic, to keep the mainline code cleaner and support
reuse in other paths
I thought about that and couldn't really decide if we should
try to redefine all of
the missing macros and force a dependancy on between httpd and
apr-util, I would just solve it in authnz_ldap. We could certainly
rethink this and try to solve it in apr-util instead.
Brad
failures. The macro is defined as
#define LDAP_RANGE(n,x,y) (((x) = (n)) ((n) = (y)))
#define LDAP_SECURITY_ERROR(n) LDAP_RANGE((n),0x30,0x32) /* 48-50 */
I know that both OpenLDAP and Novell LDAP support this macro.
Brad
On 6/2/2006 at 11:03 AM, in message
[EMAIL PROTECTED],
Fenlason
There has already been a bug submitted on this one PR#39529. I have
committed the patch in trunk and proposed it for backport.
Brad
On 6/2/2006 at 11:59 AM, in message
[EMAIL PROTECTED],
Fenlason,
Josh [EMAIL PROTECTED] wrote:
I'm building with iPlanet (v 5.08) on Unix and the Microsoft
)
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://
www.jaguNET.com/
If you can dodge a wrench, you can dodge a ball.
+1 NetWare
Brad
already or not :/
+1 NetWare
Brad
MD5s:
9c759a9744436de6a6aa2ddbc49d6e81 httpd-2.2.2.tar.bz2
a0d9f7f6f70110a5965340eb7f3a3e66 httpd-2.2.2.tar.gz
Thanks,
-Paul
+1 NetWare
Brad
is a
potential open issue.
+1 NetWare
Brad
and then only caught up after doing stuff anyway.
+1 NetWare
Brad
/Apache2.nlm] Error 1
Seems we have the same missing apu_version_string problem
Brad
symbol: apu_version_string in
# main.o
Errors caused tool to abort.
gmake: *** [Release.o/Apache2.nlm] Error 1
Seems we have the same missing apu_version_string problem
Brad
SVN rev. 391070 resolves the issue for NetWare.
Brad
.
Previous to 1.2.7 Win32 and Netware were borked.
FYI I'm doing a fast delta on win32/unix (Brad, could you shoot me
th
My vote would be first Wait for APR-Util 1.2.7 to be released if this
can happen quickly. Even if the only difference between 1.2.6 and 1.2.7
is the apu_version_string() patch
completely change the way authentication is working. I would suggest
that you go with your second proposal. That would provide the same type
of functionality but without the upgrade surprise.
Brad
in the list must be satisfied according to
it's state and boolean logic.
Brad
but the
Novell LDAP SDK only supports it on a global basis. I would suggest that we
make LDAPConnectionTimeout GLOBAL_ONLY also since having the ability to set the
timeout on a vhost basis has little value anyway.
Brad
. In fact I probably
need to add GLOBAL_ONLY to all of the caching directives even though
nothing would happen even if somebody tried to set a cache directive
inside a vhost.
Brad
On 3/16/2006 at 7:12 am, in message
[EMAIL PROTECTED], Jeff
Trawick
[EMAIL PROTECTED] wrote:
On 3/16/06, Ruediger Pluem [EMAIL PROTECTED] wrote:
On 03/16/2006 03:49 AM, Jeff Trawick wrote:
On 3/15/06, Brad Nicholes wrote:
That is really one pool globally but there is a mutex per
with one from trunk. As far as
compatibility goes, authz functionality remains the same but the module
architecture is different.
Brad
the same .c file rather than merged functionality.
Brad
On 3/16/2006 at 11:34 am, in message
[EMAIL PROTECTED], Jeff
Trawick
[EMAIL PROTECTED] wrote:
On 3/16/06, Brad Nicholes [EMAIL PROTECTED] wrote:
On 3/16/2006 at 7:12 am, in message
[EMAIL PROTECTED],
Jeff
Trawick
[EMAIL PROTECTED] wrote:
On 3/16/06, Ruediger Pluem [EMAIL PROTECTED] wrote
tested this using the worker MPM (3
servers, 25 threads each) and configuring both an ldap protected
directory in the main server and an ldap protected directory in a vhost,
it never had a problem locking the mutex or allocating memory. Am I
missing something?
Brad
1 - 100 of 485 matches
Mail list logo