Re: [PATCH]: LDAP Authz (was: Ldap Authorization)

2004-11-04 Thread Graham Leggett
Brad Nicholes wrote: According to the LDAP docs, doing an ldap_compare_s() is faster than an ldap_search_s(). I will go ahead an commit the patch as-is and also propose a backport for it. But I think that we should look at adding a require ldap-filter directive as well for Apache 2.1/2.2. +1

Re: [PATCH]: LDAP Authz (was: Ldap Authorization)

2004-11-03 Thread Graham Leggett
Brad Nicholes wrote: I took a quick look at this patch and it seems to work well as long as all of the listed attributes are OR'ed together. I don't have a good suggestion yet, but is there a way to implement the logic so that attributes could be also AND'ed together? Or even a NOT-EQUAL

Re: [PATCH]: LDAP Authz (was: Ldap Authorization)

2004-11-03 Thread Jim Jagielski
Good suggestion. I am +1 for the patch as-is with the intent of looking into adding the below On Nov 3, 2004, at 5:04 AM, Graham Leggett wrote: Brad Nicholes wrote: I took a quick look at this patch and it seems to work well as long as all of the listed attributes are OR'ed together. I don't

Re: [PATCH]: LDAP Authz (was: Ldap Authorization)

2004-11-03 Thread Brad Nicholes
I like the suggestion as well because I think that would be the right way to implement complex LDAP expressions. But it would probably take adding at least a new util_ldap_filter_search() API to Util_ldap() in order to accomodate this functionality. The advantage of also having an

Re: [PATCH]: LDAP Authz (was: Ldap Authorization)

2004-11-03 Thread Jim Jagielski
Brad Nicholes wrote: I like the suggestion as well because I think that would be the right way to implement complex LDAP expressions. But it would probably take adding at least a new util_ldap_filter_search() API to Util_ldap() in order to accomodate this functionality. The advantage of

Re: [PATCH]: LDAP Authz (was: Ldap Authorization)

2004-11-02 Thread Brad Nicholes
I took a quick look at this patch and it seems to work well as long as all of the listed attributes are OR'ed together. I don't have a good suggestion yet, but is there a way to implement the logic so that attributes could be also AND'ed together? Or even a NOT-EQUAL operation? Brad [EMAIL

Re: [PATCH]: LDAP Authz (was: Ldap Authorization)

2004-11-02 Thread Ryan Morgan
Thats a tricky one.. We could introduce a new directive AuthLDAPRequireAll on|off that would control this behavior. I'm open to other ideas too.. -Ryan On Nov 2, 2004, at 5:19 PM, Brad Nicholes wrote: I took a quick look at this patch and it seems to work well as long as all of the listed

[PATCH]: LDAP Authz (was: Ldap Authorization)

2004-10-31 Thread Ryan Morgan
I've opened an enhancement in bugzilla: http://issues.apache.org/bugzilla/show_bug.cgi?id=31913 I have attached the patch here for review. I'd also like to get this committed to the 2.0 tree so people can start taking advantage of the feature without waiting for 2.2. Thoughts? Index: