I like the suggestion as well because I think that would be the right way to implement complex LDAP expressions. But it would probably take adding at least a new util_ldap_filter_search() API to Util_ldap() in order to accomodate this functionality. The advantage of also having an ldap-attribute directive is because if simplicity as well as performance. According to the LDAP docs, doing an ldap_compare_s() is faster than an ldap_search_s(). I will go ahead an commit the patch as-is and also propose a backport for it. But I think that we should look at adding a "require ldap-filter" directive as well for Apache 2.1/2.2.
Brad >>> [EMAIL PROTECTED] Wednesday, November 03, 2004 8:09:35 AM >>> Good suggestion. I am +1 for the patch as-is with the intent of looking into adding the below On Nov 3, 2004, at 5:04 AM, Graham Leggett wrote: > Brad Nicholes wrote: > >> I took a quick look at this patch and it seems to work well as long >> as all of the listed attributes are OR'ed together. I don't have a >> good >> suggestion yet, but is there a way to implement the logic so that >> attributes could be also AND'ed together? Or even a NOT-EQUAL >> operation? > > I think the best way to do this probably is instead of saying "require > ldap-attribute" you say "require LDAP filter". > > In other words, like this: > > require filter (objectclass=specialPerson) > > or > > require filter (host=somehost.com) > > This supports more complicated stuff, like this: > > require filter (&(objectclass=specialPerson)(host=somehost.com)) > > Regards, > Graham > -- > -- ======================================================================= Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/ "There 10 types of people: those who read binary and everyone else."