On Sat, Jun 25, 2011 at 10:11:20PM +0200, Graham Leggett wrote: > On 06 Jun 2011, at 11:53 PM, William A. Rowe Jr. wrote: > >>Since the move from apr-util-ldap to ap_ldap, mod_ldap needs to be > >>loaded before mod_authnz_ldap. This is somewhat annoying because the > >>default httpd.conf tries to load mod_authnz_ldap first. Any ideas how > >>to fix this or do we just change the order in the default httpd.conf? > > > >I believe the entire fix may be an entry point to apr_ldap_parse_uri > >(check your own binaries to confirm). Setting up a single entry point > >should be trivial, if its appropriate. > > This is not so, to fix this, you would need to wrap every single > LDAP API function call[1] in an optional function, and if you did > that, you would solve the problem that caused you to want to remove > apr_ldap from APR in the first place, making the whole exercise > pointless - you may as well just have fixed apr-ldap in place.
mod_authnz_ldap is an existence proof that we don't need to wrap every LDAP API function call for mod_ldap to be useful in its current form, surely? > In it's current form, this change introduces module ordering bugs to > httpd that we haven't suffered for a decade. Fixed in r1140069. > In addition, the autoconf build is currently broken against apr v1.x > on MacOSX, and this is probably broken on other platforms as well. Can you give details on this? > The timing cannot be worse This is probably true, but it doesn't seem like technical justification for a veto. Release schedules can move at the pace we want them to. > There is no need for this move at all This is strictly true, in the sense that there may be other ways to solve the problems fixed by moving the code. If other solutions are presented, we can have a consensus vote on which to choose. In the absence of other solutions being implemented, asserting that "better solutions exist" can never be sufficient reason to veto a change. Regards, Joe
