Re: cvs commit: httpd-2.0/modules/aaa NWGNUauthnzldap mod_authnz_ldap.c NWGNUmakefile
Brad Nicholes wrote: BTW, since I am not a Linux makefile guru, the new authnz_ldap module has not been added to the Linux build scripts. Can somebody make the appropriate changes to the makefiles? Done. Are you going to move util_ldap to the ldap directory, or should I do it? I am not a netware guru, so you would have to do the build scripts :) Can we cvs rm mod_auth_ldap from it's old location? Regards, Graham -- smime.p7s Description: S/MIME Cryptographic Signature
Re: cvs commit: httpd-2.0/modules/aaa NWGNUauthnzldap mod_authnz_ldap.c NWGNUmakefile
If you have time to move it before I do, by all mean, go for it. I probably won't get around to it until this afternoon anyway. Thanks for taking care of the build scripts. I'm pretty sure that I can handle the util_ldap netware build files once it is moved :) Experimental/Mod_auth_ldap should probably be thrown into the attic so we can at least preserve the history. Brad Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com [EMAIL PROTECTED] Wednesday, August 18, 2004 7:24:13 AM Brad Nicholes wrote: BTW, since I am not a Linux makefile guru, the new authnz_ldap module has not been added to the Linux build scripts. Can somebody make the appropriate changes to the makefiles? Done. Are you going to move util_ldap to the ldap directory, or should I do it? I am not a netware guru, so you would have to do the build scripts :) Can we cvs rm mod_auth_ldap from it's old location? Regards, Graham --
Re: cvs commit: httpd-2.0/modules/aaa NWGNUauthnzldap mod_authnz_ldap.c NWGNUmakefile
[EMAIL PROTECTED] wrote: Re-structure the auth_ldap module to fit the new authentication model. The authnz_ldap module provides an ldap authentication provider and an authorization handler. It implements the authorization require values ldap-user, ldap-dn and ldap-group. Extremely cool. This restructure also moves auth_ldap out of the experimental directory. Viva to that and an eclaire for both of us! The util_ldap module also needs to be moved out of the experimental directory (mod_auth*_ldap depends on mod_ldap). Regards, Graham -- smime.p7s Description: S/MIME Cryptographic Signature
Re: cvs commit: httpd-2.0/modules/aaa NWGNUauthnzldap mod_authnz_ldap.c NWGNUmakefile
This is the first attempt to restructure mod_auth_ldap to fit the new authentication model. There are a couple of things to note that I would like some feedback on. 1. The ldap_authn provider and ldap_authz handler exist in the same module. The reason for this is because both handlers depend on the same set of directive values to provide the necessary information for establishing a connection to the ldap server. Rather than having to redefine the AuthLDAPUrl, AuthLDAPBindDN and AuthLDAPBindPassword for two different modules, it seemed to make more sense both from a module perspective and a user interface perspective, to allow them to share the directives. 2. As a result of #1, this leaves the ldap_authz hook registered whether it is ultimately being used or not. Therefore simply reimplementing the require types user and group within the ldap_authz handler would conflict with the same types in other authz modules if loaded and configured in the same directory at the same time. Therefore it seemed to make more since to implement ldap-user and ldap-group which more closely identifies what is happening during the authorization phase anyway. authnz_ldap is still capable of using valid-user, group or user if desired. 3. The directive AuthLDAPFrontPageHack has been removed. The reason for this hack was to allow authorization for frontpage to fallback on a groupfile rather than the LDAP directory. Now that authnz_ldap can be configured to authorize via a authz_groupfile rather than forced to use the directory, this directive didn't seem necessary anymore. Brad Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com [EMAIL PROTECTED] Tuesday, August 17, 2004 5:33:08 PM bnicholes2004/08/17 16:33:07 Modified:modules/aaa NWGNUmakefile Added: modules/aaa NWGNUauthnzldap mod_authnz_ldap.c Log: Re-structure the auth_ldap module to fit the new authentication model. The authnz_ldap module provides an ldap authentication provider and an authorization handler. It implements the authorization require values ldap-user, ldap-dn and ldap-group. This restructure also moves auth_ldap out of the experimental directory. Revision ChangesPath 1.3 +2 -0 httpd-2.0/modules/aaa/NWGNUmakefile Index: NWGNUmakefile === RCS file: /home/cvs/httpd-2.0/modules/aaa/NWGNUmakefile,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- NWGNUmakefile 13 Sep 2002 21:34:27 - 1.2 +++ NWGNUmakefile 17 Aug 2004 23:33:07 - 1.3 @@ -158,9 +158,11 @@ $(OBJDIR)/authndbm.nlm \ $(OBJDIR)/authndef.nlm \ $(OBJDIR)/authnfil.nlm \ + $(OBJDIR)/authnzldap.nlm \ $(OBJDIR)/authzdbm.nlm \ $(OBJDIR)/authzdef.nlm \ $(OBJDIR)/authzgrp.nlm \ + $(OBJDIR)/authzusr.nlm \ $(OBJDIR)/authzusr.nlm \ $(EOLIST) 1.1 httpd-2.0/modules/aaa/NWGNUauthnzldap Index: NWGNUauthnzldap === # # Make sure all needed macro's are defined # # # Get the 'head' of the build environment if necessary. This includes default # targets and paths to tools # ifndef EnvironmentDefined include $(AP_WORK)\build\NWGNUhead.inc endif # # These directories will be at the beginning of the include list, followed by # INCDIRS # XINCDIRS += \ $(AP_WORK)/include \ $(NWOS) \ $(AP_WORK)/srclib/apr/include \ $(AP_WORK)/srclib/apr-util/include \ $(AP_WORK)/srclib/apr \ $(EOLIST) # # These flags will come after CFLAGS # XCFLAGS += \ $(EOLIST) # # These defines will come after DEFINES # XDEFINES += \ $(EOLIST) # # These flags will be added to the link.opt file # XLFLAGS += \ $(EOLIST) # # These values will be appended to the correct variables based on the value of # RELEASE # ifeq $(RELEASE) debug XINCDIRS += \ $(EOLIST) XCFLAGS += \ $(EOLIST) XDEFINES += \ $(EOLIST) XLFLAGS += \ $(EOLIST) endif ifeq $(RELEASE) noopt XINCDIRS += \ $(EOLIST) XCFLAGS += \ $(EOLIST) XDEFINES += \ $(EOLIST) XLFLAGS += \ $(EOLIST) endif ifeq $(RELEASE) release XINCDIRS += \ $(EOLIST) XCFLAGS += \
Re: cvs commit: httpd-2.0/modules/aaa NWGNUauthnzldap mod_authnz_ldap.c NWGNUmakefile
The util_ldap module also needs to be moved out of the experimental directory (mod_auth*_ldap depends on mod_ldap). This is my next task. Where should it be moved to? I was thinking of creating an ldap directory under modules and putting it there. Or does it make sense for one of the existing module directories to be the new home of util_ldap? Brad Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com [EMAIL PROTECTED] Tuesday, August 17, 2004 5:41:12 PM [EMAIL PROTECTED] wrote: Re-structure the auth_ldap module to fit the new authentication model. The authnz_ldap module provides an ldap authentication provider and an authorization handler. It implements the authorization require values ldap-user, ldap-dn and ldap-group. Extremely cool. This restructure also moves auth_ldap out of the experimental directory. Viva to that and an eclaire for both of us! The util_ldap module also needs to be moved out of the experimental directory (mod_auth*_ldap depends on mod_ldap). Regards, Graham --
Re: cvs commit: httpd-2.0/modules/aaa NWGNUauthnzldap mod_authnz_ldap.c NWGNUmakefile
BTW, since I am not a Linux makefile guru, the new authnz_ldap module has not been added to the Linux build scripts. Can somebody make the appropriate changes to the makefiles? Brad Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com [EMAIL PROTECTED] Tuesday, August 17, 2004 5:41:12 PM [EMAIL PROTECTED] wrote: Re-structure the auth_ldap module to fit the new authentication model. The authnz_ldap module provides an ldap authentication provider and an authorization handler. It implements the authorization require values ldap-user, ldap-dn and ldap-group. Extremely cool. This restructure also moves auth_ldap out of the experimental directory. Viva to that and an eclaire for both of us! The util_ldap module also needs to be moved out of the experimental directory (mod_auth*_ldap depends on mod_ldap). Regards, Graham --
Re: cvs commit: httpd-2.0/modules/aaa NWGNUauthnzldap mod_authnz_ldap.c NWGNUmakefile
Brad Nicholes wrote: This is my next task. Where should it be moved to? I was thinking of creating an ldap directory under modules and putting it there. Or does it make sense for one of the existing module directories to be the new home of util_ldap? Not sure if anything else fits - an ldap directory under modules seems to make the most sense. Regards, Graham -- smime.p7s Description: S/MIME Cryptographic Signature