I continue to fight with this. I added in "stub" handlers for Access, I've determined that the authorization check of mod_authnz_ldap is being executed in the Access phase of AAA. This isn't documented; it's causing two problems: early auth failure as well as a side-effect of an extra, useless LDAP query with a blank filter. How do I instruct Apache to remove mod_authnz_ldap's authorization handler from the access phase, while leaving it in for authorization? Warmly, --Pete ________________________________
From: Thomas, Peter [mailto:ptho...@hpti.com] Sent: Thursday, February 25, 2010 12:53 PM To: users@httpd.apache.org Subject: [us...@httpd] Controlling which handlers run, and when I'm trying to combine mod_authnz_ldap with a mod_perl PerlAuthenHandler. I've got everything working correctly except that the mod_authnz_ldap handler is being called twice...once before my PerlAuthenHandler [when the request has not been properly configured] and once after. This is a problem. I've been able to see this flow by using AuthzLDAPAuthoritative off. [to get a "DECLINED" out of the first invocation]. When I do, my require ldap-filter, etc., directives are not treated as authoritative on the "second pass" when the request user has been set correctly. --Pete --- Peter L. Thomas, ptho...@hpti.com <mailto:ptho...@hpti.com> (w) 703-682-5308 (c) 703-615-7806 (pgr) 877-383-8910 <<Thomas, Peter L. (ptho...@hpti.com).vcf>>
