+1, allowing mod_authnz_ldap to override the default makes a lot more sense. Unless you are already working on a patch, I will try to put something together today. But after today I will be offline for the next two days.
Brad >>> [EMAIL PROTECTED] Wednesday, February 02, 2005 1:23:51 AM >>> Brad Nicholes said: > The attached patches convert LDAPTrustedMode into a per-directory > directive rather than a per-server. This allows the configuration to > specify which mode should be applied for the associated AuthLDAPURL. > > Thoughts on whether this should be the way to go or if LDAPTrustedMode > should be moved up into mod_authnz_ldap as AuthLDAPTrustedMode? Thinking about this some more - I'm not keen on the idea of adding another directive to mod_authnz_ldap, because when the configuration-via-LDAP happens, and other potential LDAP modules happen, then we end up with directive soup as each module has it's own variation of AuthLDAPTrustedMode. The idea that it be possible to set the SSL mode inside mod_authnz_ldap is still really useful - what we could do is this: AuthLDAPURL ldap://<etc> AuthLDAPURL ldaps://<etc> AuthLDAPURL SSL ldap://<etc> AuthLDAPURL STARTTLS ldap://<etc> In other words, combine the SSL mode in a TAKE12 option, with an optional SSL mode prefix. The LDAPTrustedMode directive could stay so as to define the default (and overriding the default if the user wanted). Thoughts? Regards, Graham --