You are absolutely right, there are other modules that need to do header conversion. In a previous email, Bill Rowe pointed out that WebDAV also suffers from charset mismatch, but in a different way than auth_ldap. WebDAV needs the URI converted as well as other header entries in order to function correctly. A generalized solution needs to be worked out, but even a generalized header conversion solution still may not solve the problem for authentication modules because of the fact that the authentication data conversion needs to be done at the point when the data is decrypted. In order to solve WebDAV's problem, the scope of this discussion needs to be much broader. Any ideas??
Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com >>> [EMAIL PROTECTED] Thursday, December 12, 2002 2:07:24 PM >>> > The charset conversion that is happening in LDAP is actually quite > specialized. The general functionality of converting from one charset > to another already exists in APR in the form of apr_xlat_xxx(). LDAP is > only interested in converting the user ID from a given charset to UTF-8. > Up until auth_ldap calls ap_get_basic_auth_pw(), the user ID and > password are encrypted in the "Authentication" header entry. Until the > user ID and password have been decrypted, the conversion to UTF-8 can > not occur. Therefore the conversion must take place from within > auth_ldap or any other authentication module after decrypting the user > information. A module or filter outside of the authentication module > that does a blind charset conversion on the header information, would > not work because it would not be able to decrypt the user ID and > password, convert it and re-encrypt it in order to make the process > transparent to all authentication modules. Well you are right, that you first have to decrypt the authentication information before you are able to do charset conversion. And I overlooked that a conversion function already exists, which you are using. My suggestions have been a little bit inconsideratly. Let me try to explain. > I do agree that we need some type of functionality that will convert > requests made in a particular charset to a universal charset that Apache > can rely on. I'm just not sure this is it. It seems to work for > auth_LDAP, but I'm not sure how to generalize it. This is where a much > broader discussion need to take place. I still think mod_auth_ldap won't be the only module doing charset conversion on headers. Or say, the authentication header might not stay the only header which needs to be converted. But if we want to convert headers and we have to guess the incoming charset, we will need a general assignment table, not only for mod_auth_ldap but for all modules interested in converting headers. Or with other words, your conf file might move to another module at a later time. Which could also be done now. But maybe this patch is not the right place to discuss a general new feature. Kess
