Parent Directory
| 
Revision Log
| Links to HEAD: | (view) (annotate) |
| Sticky Revision: |
Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex, and WatchdogMutexPath with a single Mutex directive. Add APIs to simplify setup and user customization of APR proc and global mutexes. (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer respected; set DEFAULT_REL_RUNTIMEDIR instead. Some existing modules, such as mod_ldap and mod_auth_digest gain configurability for their mutexes.
Stop trying to set the referral HOP limit on each connection since most SDKs don't seem to do anything with it, and causes an error on released openldap levels. Also moves/remove some macros internal to mod_ldap out of the public header for a major bump. Reported against APR in PR47501, but httpd shouldn't be asking for the option by default.
add LDAPLibraryDebug directive to mod_ldap to turn on tracing in underlying LDAP SDK, where all the interesting tidbits about all kinds of LDAP errors are hidden. Unfortunately windows doesn't implement this LDAP_OPT.
Reduced the bumpiness (from major to minor) and utilized #defines throughout (per Ruediger's suggestions). Still looking at the dir merge.
This adds Apache support (taking advantage of the new APR capability) for ldap rebind callback while chasing referrals. This allows direct searches on LDAP servers (in particular MS Active Directory 2003+) using referrals without the use of the global catalog. This addresses PRs 26538, 40268, and 42557
When using the MS SDK, re-establish LDAP backend connections on a return code of LDAP_UNAVAILABLE as if it were LDAP_SERVER_DOWN. With this SDK, LDAP_UNAVAIALBLE is returned when the socket had been closed between LDAP API calls. PR 39095
Perform all per-LDAP-backend related memory allocations in a standalone pool, provide a local method to completely remove an LDAP backend connection so we can someday manage/dispose of extra connections in a reasonable way. Clarify some commentary around the existing murky close/cleanup API methods. Minor bump for new members appended to util_ldap_connection_t, which is not allocated by consumers of the API.
while technically uldap_connection_cleanup() does leave an entry in the connection list, it is fully disconnected before it's put back. My previous commentary did more harm then good.
Stop registering a cleanup on each LDAP connection created, this cleanup was never called because it's registered against pconf in the child. LDAP connections are created in the child and not shared between children, so no action should be required at child exit Additionally, clarify comments around uldap_connection_cleanup()
mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
to authorize an authenticated user via a "require ldap-group X" directive
where the user is not in group X, but is in a subgroup contained in X.
PR 42891 [Paul J. Reder]
revert revision 555470
This data is passed in an unsafe way to the LDAP SDK if the compiler chooses to use shorts for the enum values. http://www.redbooks.ibm.com/redbooks/SG245992/nn4/SG245992_88.html Submitted by: David Jones
Use correct Doxygen keywords for functions and variables. TODO: figure out whether those keywords are actually necessary. HTML-ify some documentation comments for benefit of Doxygen.
* Add extern "C" linkage to several headers to make it easier to use them in C++ code. PR: 42286 Submitted by: Davi Arnaut <davi haxent.com.br> Reviewed by: rpluem
update license header text
Update the copyright year in all .c, .h and .xml files
Doxygen fixup / cleanup submited by: Neale Ranns neale ranns.org reviewed by: Ian Holsman
Add the LDAPVerifyServerCert directive to util_ldap to force verification of a server certificate when establishing an SSL connection to the LDAP server
Implement the exported function from mod_ldap(util_ldap) as optional functions so that we can eliminate the load ordering of mod_ldap and mod_authnz_ldap.
* include/util_ldap.h (util_ldap_state_t): Fix gcc format string warnings: use a long for connectionTimeout since the code expects a long. * modules/ldap/util_ldap.c (compare_client_certs): Make static to fix gcc missing-prototype warning.
Update copyright year to 2005 and standardize on current copyright owner line.
Added a new LDAPConnectionTimeout directive to util_ldap so that the socket connection timeout value is configurable.
mod_ldap: Updated to use the new apr-util v1.1 apr_ldap_*_option() API for the setting of server and client SSL certificates. Replaced LDAPTrustedCA directive with LDAPTrustedGlobalCert and LDAPTrustedClientCert directives to correctly support global certs (CA certs / Netware client certs) and per connection client certs as supported by Netware, OpenLDAP and Netscape/Mozilla.
Correct the order of includes to follow httpd conventions, and get Win32 compiling again.
general property cleanup
Add util_ldap_cache_getuserdn() prototype to the util_ldap.h header file Submitted by:Jari Ahonen [jah progress.com]
Replace the thread reader/writer lock that protects the shared memory cache to a global mutex so that the shared memory is protected across processes.
Enhance the util_ldap cache-info page to display the current contents of the search, compare and dn_compare caches
Overhaul handling of LDAP error conditions, so that the util_ldap_* functions leave the connections in a sane state after errors have occurred. PR: 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134, 27271 Obtained from: Submitted by: Reviewed by:
fix name of The Apache Software Foundation
fix copyright dates according to the first check in
apply Apache License, Version 2.0
update license to 2004.
Sync with APR-util deprecated functions.
mod_auth_ldap: Fix some segfaults in the cache logic. PR: 18756 Submitted by: Matthieu Estrade <apache@moresecurity.org> Reviewed by: Jeff Trawick
Added support for Novell LDAP SDK and standardized the SSL support across the various LDAP SDKs. Isolated the SSL functionality to mod_ldap rather than speading it across mod_auth_ldap and mod_ldap. Also added LDAPTrustedCA and LDAPTrustedCAType directives to allow for a more common method of specifying the SSL certificate.
finished that boring job: update license to 2003. Happy New Year! ;-))
Change the LDAP modules to export their symbols correctly during a Windows build. Add dsp files for Windows. PR: Obtained from: Submitted by: Andre Schild <A.Schild@aarboard.ch> Reviewed by:
fix a compile problem in util_ldap.c when APU_HAS_LDAP_NETSCAPE_SSL PR: 10324
if APR doesn't support threads, we don't need (and can't have) these thread mutexes
untabify
Update our copyright for this year.
Updated to use the newer locking API's. This file should probably be moved to the httpd-ldap with the rest of the auth_ldap stuff.
Add specified user attributes to the environment when using mod_auth_ldap. This allows you to use mod_include to embed specified user attributes in a page like so: Hello <!--#echo var="AUTHENTICATE_CN"-->, how are you? PR: Obtained from: Submitted by: Reviewed by:
Fixed LDAP cleanup on graceful restarts. LDAP connections are now cleaned up when the connection pool pool is cleaned up. PR: Obtained from: Submitted by: Reviewed by:
Oops - left off the apr_ldap.h file in the commit. PR: Obtained from: Submitted by: Reviewed by:
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
| apache@apache.org | ViewVC Help |
| Powered by ViewVC 1.1.2 |