Re: svn commit: r386776 - in /httpd/httpd/trunk/docs/manual/mod: mod_ldap.html.en mod_ldap.xml
[EMAIL PROTECTED] wrote: URL: http://svn.apache.org/viewcvs?rev=386776view=rev Log: LDAPConnectionTimeout and LDAPVerifyServerCert can be configured per-vhost We need to note in addition to this that not all LDAP SDK libraries support the concept of separately configurable verify server cert behaviour. In other words, even though you specify LDAPVerifyServerCert in LDAP connections from vhost A, you end up overriding this when you specify it in vhost B. This affects people using the Novell SDK. I think putting a note in the directive pointing people to http://httpd.apache.org/docs/2.2/mod/mod_ldap.html#settingcerts will save some questions on mailing lists. Regards, Graham -- smime.p7s Description: S/MIME Cryptographic Signature
Re: svn commit: r386776 - in /httpd/httpd/trunk/docs/manual/mod: mod_ldap.html.en mod_ldap.xml
On 3/18/06, Graham Leggett [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: URL: http://svn.apache.org/viewcvs?rev=386776view=rev Log: LDAPConnectionTimeout and LDAPVerifyServerCert can be configured per-vhost We need to note in addition to this that not all LDAP SDK libraries support the concept of separately configurable verify server cert behaviour. In other words, even though you specify LDAPVerifyServerCert in LDAP connections from vhost A, you end up overriding this when you specify it in vhost B. This affects people using the Novell SDK. Beyond doc, do you agree we can change the code so that the virtual host configuration is disallowed when APR_HAS_NOVELL_LDAPSDK? I think putting a note in the directive pointing people to http://httpd.apache.org/docs/2.2/mod/mod_ldap.html#settingcerts will save some questions on mailing lists. Sure. If we tweak the code to disallow vhost coding for libraries where we know it doesn't work, that will affect the wording.
Re: svn commit: r386776 - in /httpd/httpd/trunk/docs/manual/mod: mod_ldap.html.en mod_ldap.xml
Can we PLEASE have APU_LDAP_MULTIPLE_CTXS or something like that, defined to reflect the distinction, and make the flexibility of this directive dependent upon the sdk they link to? Bill Graham Leggett wrote: [EMAIL PROTECTED] wrote: URL: http://svn.apache.org/viewcvs?rev=386776view=rev Log: LDAPConnectionTimeout and LDAPVerifyServerCert can be configured per-vhost We need to note in addition to this that not all LDAP SDK libraries support the concept of separately configurable verify server cert behaviour. In other words, even though you specify LDAPVerifyServerCert in LDAP connections from vhost A, you end up overriding this when you specify it in vhost B. This affects people using the Novell SDK. I think putting a note in the directive pointing people to http://httpd.apache.org/docs/2.2/mod/mod_ldap.html#settingcerts will save some questions on mailing lists. Regards, Graham --