I am willing to contribute a patch to mod_authnz_ldap to enable it to do
dynamic group lookup (basically there are attributes in a group entry
whose values are LDAP URIs that describe a search that will contain
group members).
My feature request and initial patch are at
http://issues.apache.org/bugzilla/show_bug.cgi?id=38515, but I would
like some more input before I make a final drive at completing the
modification.
Some of my questions are:
*What needs to be customizable? The 'memberURL' attribute that contains
LDAP URI's is pretty universal, but I'm not sure if it is a standard or
if other LDAP implementation use something else.
*How robust should the processing be of the returned LDAP URI's? It
might be theoretically possible for the URI to reference another LDAP
server and hence the need to establish another connection! Is it worth
doing this? Is this even a common occurrence?
*To whom can I direct specific questions regarding mod_authnz_ldap and
util_ldap?
Thank you for your time,
Gregory Szorc
[EMAIL PROTECTED]
