util_ldap.c

Checkout Tools
  • last updated 1 hour ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Avoid duplicated APLOGNO.

In this case, the difference is tiny, but it could ease diagniostic (and numbers are cheap anyway)

PR63305: fix graceful restart crashes in LDAP

The cache destruction was not protected by the lock used by other

cache callers.

Pull the static cleanup function into util_ldap.c so it's convenient to

use the existing locking.

Submitted By: Martin Fúsek <mfusek newps.cz>

Commited By: covener

  1. … 2 more files in changeset.
Axe some dead code.

See PR 60086.

fix bld break in r1831165

I had to disable -Werror in maintainer mode for this file in darwin :/

style fix for r1831165

mod_ldap: log and abort locking errors.

related to PR60296 investigation

RMM corruption is really nasty, so abort on locking failures.

  1. … 2 more files in changeset.
10 years after r567503 , fix this properly.

The lock is created in post_config, so we can't copy it

around in a merge_server_config() callback.

  1. … 1 more file in changeset.
PR61891: looping over mostly full LDAP cache

*) mod_ldap: Fix a case where a full LDAP cache would continually fail to

purge old entries and log AH01323. PR61891.

Submitted By: Hendrik Harms <hendrik.harms gmail.com>

Committed By: covener

  1. … 4 more files in changeset.
Silence a sparse warning about inconsistent indenting + some minor style issues
remove old static ldc->reason

--This line, and those bdelow, will be ignored--

M util_ldap.c

stuff unexpected LDAP errors into ldc->reason, not just in trace messages.

fix some enormously long lines introduced recently.

*) mod_ldap: In some case, LDAP_NO_SUCH_ATTRIBUTE could be returned instead of

an error during a compare operation. [Eric Covener]

+ accompanying trace.

Note: the if/else now matches (don't replace unknown compare errors with

LDAP_NO_SUCH_ATTRIBUTE) the logic just above when pulling comparisons

out of the cache.

  1. … 1 more file in changeset.
Fix directive name in error message + fix some style issue
LDAP connection pool did not release/close connections with

"LDAPConnectionPoolTTL 0". PR58037.

Submitted by: Ted Phelps <phelps gnusto.com>

committed by: covener

  1. … 1 more file in changeset.
Give a better hint.

In 2.4.10, AuthLDAPBindDN might not be used for some LDAP searches, causing

LDAP authz failures if AuthLDAPBindDN was able to search through more of

LDAP than web users.

make LDAPConnectionPoolTTL more conservative, use r->request_time rather than

end-of-request time, and only update it after a round-trip with the LDAP

server rather than every time we check back into the pool.

  1. … 4 more files in changeset.
Don't use a hardcoded cn=* in case the subgroup has no CN.

Submitted By: David Hawes <dhawes vt.edu>

Committed By: Eric Covener

  1. … 1 more file in changeset.
arrange previous fix.

Follow-up to r1526436: Fix compilation error
Fix for PR 54626.

  1. … 1 more file in changeset.
revert comments in r1521973, may be more misleadin then good.

comments only, before I task switch.

Subgroup checking is cached, but very inefficient for large groups.

"LDAPReferrals off" does not disable LDAPReferrals feature. Default OpenLDAP value for LDAP_OPT_REFERRALS is ON and the current code does not set it to OFF even when there is "LDAPReferrals off" directive in the config file.

Changes LDAPReferrals to tri-state:

- "on" - default. Calls apr_ldap_set_option to set referrals on.

- "off" - Calls apr_ldap_set_option to turn referrals off.

- "default" - Does not call apr_ldap_set_option at all.

The default remains ON. If "default" and SDK defaults to ON, no rebind callback

is used.

Submitted By: Jan Kaluza <kaluze AT redhat.com>

Committed By: covener

  1. … 1 more file in changeset.
remove nested retry loop, uldap_connection_open retries.

add TRACE5 messages around each LDAP retry

retry during a timeout in uldap_cache_checkuserid(), like other paths that check

server down and TIMEOUT together.

don't retry if uldap_connection_open() fails, because it has already

retried internally

re-try LDAP connections in a few authz paths.

  1. … 1 more file in changeset.
Drop severity of "LDAP: Setting referrals to ON" from DEBUG to TRACE4