Rici Lake wrote:
I also wonder about the two apr_array_append calls at line 1671 in util_ldap_merge_config. The second one would mean that the client certs specified in LDAPTrustedClientCerts would be appended to the list of client certs inherited from some containing section. This might be counter-intuitive if the certs are supposed to be directory scoped. I'm not sure what the use case for this directive would be, so it's hard to know for sure.
The LDAPTrustedClientCerts directive sets a client certificate (if any) that is valid for LDAP connection attempts within the scope of the directive. There may be a number of different LDAP connection defined in the config, for any number of uses (not just authentication), and each of these can have their own client cert.
This looks very broken. Will take a look at it over this weekend, if someone doesn't beat me to it.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
