for modern versions of OpenLDAP, avoiding the overhead of the apr-util
implementation.
* modules/ldap/util_ldap.c:
Define USE_APR_LDAP_REBIND if a modern version of OpenSSL is used.
(uldap_rebind_proc): New function.
(uldap_rebind_init, uldap_rebind_add): Define, using either the
callback or the (bad) APR-util versions.
(uldap_connection_unbind): Clear the rebind pool to remove rebind
references prior to destroying the LDAP *.
Omit for !USE_APR_LDAP_REBIND.
(uldap_connection_init): Use new wrappers, only create the rebind
pool if USE_APR_LDAP_REBIND.
* include/util_ldap.h: Don't include apr_ldap_rebind.h here.
PR: 64414
Github: closes#124
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1878890 13f79535-47bb-0310-9956-ffa450edef68
end-of-request time, and only update it after a round-trip with the LDAP
server rather than every time we check back into the pool.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1607960 13f79535-47bb-0310-9956-ffa450edef68
LDAPConnectionPoolTimeout due to confusion over what "bound" means.
Added some LDAP trace at TRACE5 to track how LDAP connections are
reused and rebound.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1452551 13f79535-47bb-0310-9956-ffa450edef68
with non-MS LDAP SDKs; seen with OpenLDAP against Novell eDirectory.
Submitted by: Filip Valder <filip.valder vsb.cz> (via RH bugzilla)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1348036 13f79535-47bb-0310-9956-ffa450edef68
number of retries (LDAPRetries, default 3) and configurable delay between
retries (LDAPRetryDelay, no delay by default).
The LDAP connection is re-initted every other retry, instead of
on the fifth retry -- this was a much more recent addition then
the basic looping behavior.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1156790 13f79535-47bb-0310-9956-ffa450edef68
ensuring that we only include the include files of the APR / APU LDAP API if
we use 1.x. Move stuff that depends on it inside the APR_HAS_LDAP block.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1150559 13f79535-47bb-0310-9956-ffa450edef68
Incorporate the ap_ldap incomplete API, as there is no interest or effort
at APR to make this a complete abstraction, and it was voted 'off the island'
with APR 2.0. This will allow httpd 2.3 to build against either apr-2.0
or apr+util 1.x.
This also reverts part of r1142938, which needs to be re-done.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/revert-ap-ldap@1150172 13f79535-47bb-0310-9956-ffa450edef68
at APR to make this a complete abstraction, and it was voted 'off the island'
with APR 2.0. This will allow httpd 2.3 to build against either apr-2.0
or apr+util 1.x.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1129808 13f79535-47bb-0310-9956-ffa450edef68
remove unnecessary uldap_connection_cleanup (nothing needed between unbind
and remove)
properly remove rebind callback info when credentials change
maintain a separate pool for the rebind callback storage so it can be cleared
when the connection is unbound.
(major bump for util_ldap function removal)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1081005 13f79535-47bb-0310-9956-ffa450edef68
like bind and search.
For operations other than search, the support of the timeout depends on the
LDAP SDK supporting LDAP_OPT_TIMEOUT (e.g. OpenLDAP >= 2.4.4). An exception is
the ldap_simple_bind() in uldap_connection_open(): Here we put some extra
effort into detecting a timeout in a portable way, to catch an idle connection
having been dropped by a firewall.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@898102 13f79535-47bb-0310-9956-ffa450edef68
and WatchdogMutexPath with a single Mutex directive. Add APIs to
simplify setup and user customization of APR proc and global mutexes.
(See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
respected; set DEFAULT_REL_RUNTIMEDIR instead.
Some existing modules, such as mod_ldap and mod_auth_digest gain
configurability for their mutexes.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@883540 13f79535-47bb-0310-9956-ffa450edef68
to do anything with it, and causes an error on released openldap levels.
Also moves/remove some macros internal to mod_ldap out of the public header for a major bump.
Reported against APR in PR47501, but httpd shouldn't be asking for the option
by default.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@831542 13f79535-47bb-0310-9956-ffa450edef68
tracing in underlying LDAP SDK, where all the interesting tidbits
about all kinds of LDAP errors are hidden.
Unfortunately windows doesn't implement this LDAP_OPT.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@831183 13f79535-47bb-0310-9956-ffa450edef68
for ldap rebind callback while chasing referrals. This allows direct
searches on LDAP servers (in particular MS Active Directory 2003+)
using referrals without the use of the global catalog.
This addresses PRs 26538, 40268, and 42557
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@614605 13f79535-47bb-0310-9956-ffa450edef68
return code of LDAP_UNAVAILABLE as if it were LDAP_SERVER_DOWN.
With this SDK, LDAP_UNAVAIALBLE is returned when the socket had been closed
between LDAP API calls.
PR 39095
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607766 13f79535-47bb-0310-9956-ffa450edef68
provide a local method to completely remove an LDAP backend connection so
we can someday manage/dispose of extra connections in a reasonable way.
Clarify some commentary around the existing murky close/cleanup API
methods.
Minor bump for new members appended to util_ldap_connection_t, which is not
allocated by consumers of the API.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599164 13f79535-47bb-0310-9956-ffa450edef68
never called because it's registered against pconf in the child. LDAP
connections are created in the child and not shared between children, so no
action should be required at child exit
Additionally, clarify comments around uldap_connection_cleanup()
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@592764 13f79535-47bb-0310-9956-ffa450edef68
to authorize an authenticated user via a "require ldap-group X" directive
where the user is not in group X, but is in a subgroup contained in X.
PR 42891 [Paul J. Reder]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@560373 13f79535-47bb-0310-9956-ffa450edef68
warnings: use a long for connectionTimeout since the code expects a
long.
* modules/ldap/util_ldap.c (compare_client_certs): Make static to fix
gcc missing-prototype warning.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153390 13f79535-47bb-0310-9956-ffa450edef68
API for the setting of server and client SSL certificates. Replaced
LDAPTrustedCA directive with LDAPTrustedGlobalCert and
LDAPTrustedClientCert directives to correctly support global certs
(CA certs / Netware client certs) and per connection client certs
as supported by Netware, OpenLDAP and Netscape/Mozilla.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@125645 13f79535-47bb-0310-9956-ffa450edef68
