>>> On 1/23/2008 at 7:25 PM, in message <[EMAIL PROTECTED]>, "Paul J. Reder" <[EMAIL PROTECTED]> wrote:
> > Ruediger Pluem wrote: >> >> On 01/23/2008 07:14 PM, [EMAIL PROTECTED] wrote: >>> Author: rederpj >>> Date: Wed Jan 23 10:14:41 2008 >>> New Revision: 614605 >>> >>> URL: http://svn.apache.org/viewvc?rev=614605&view=rev >>> Log: >>> This adds Apache support (taking advantage of the new APR capability) >>> for ldap rebind callback while chasing referrals. This allows direct >>> searches on LDAP servers (in particular MS Active Directory 2003+) >>> using referrals without the use of the global catalog. >>> This addresses PRs 26538, 40268, and 42557 > > >> @@ -2614,6 +2710,15 @@ > >> "Specify the LDAP socket connection timeout in seconds > " > >> "(default: 10)"), > >> > >> + AP_INIT_FLAG("LDAPReferrals", util_ldap_set_chase_referrals, > >> + NULL, OR_AUTHCFG, > >> + "Choose whether referrals are chased ['ON'|'OFF']. > Default ON'"), > >> + > >> + AP_INIT_TAKE1("LDAPReferralHopLimit", > util_ldap_set_referral_hop_limit, > >> + NULL, OR_AUTHCFG, > >> + "Limit the number of referral hops that LDAP can > follow. " > >> + "(Integer value, default=5)"), > >> + > >> {NULL} > >> }; > >>> @@ -2638,7 +2743,7 @@ >>> >>> module AP_MODULE_DECLARE_DATA ldap_module = { >>> STANDARD20_MODULE_STUFF, >>> - NULL, /* create dir config */ >>> + util_ldap_create_dir_config, /* create dir config */ >>> NULL, /* merge dir config */ >> >> Why no merge dir config? How do you inherit your settings in this case? > > Now that you ask that question it makes me realize that the better question > is > probably "Should the directives be directory scoped or server scoped?" The > rest > of the util_ldap directives are all server scoped. Is there any compelling > reason > that the referral directives would need to be alterable on a > directory-by-directory > (or htaccess) basis or should it be turned on/off and limited on a > server-wide scope? > I wish I had a better memory, but I vaguely recall going down this path once before between server-merge and dir-merge (mailing list archives might remember better than I do) . I know that when it comes to anything SSL related, not all LDAP SDKs can handle per-directory options. Novell LDAP SDK being one of them. So when it comes to setting options on a per-directory basis, it might get a little tricky depending on the LDAP SDK that is being used. Brad