for modern versions of OpenLDAP, avoiding the overhead of the apr-util
implementation.
* modules/ldap/util_ldap.c:
Define USE_APR_LDAP_REBIND if a modern version of OpenSSL is used.
(uldap_rebind_proc): New function.
(uldap_rebind_init, uldap_rebind_add): Define, using either the
callback or the (bad) APR-util versions.
(uldap_connection_unbind): Clear the rebind pool to remove rebind
references prior to destroying the LDAP *.
Omit for !USE_APR_LDAP_REBIND.
(uldap_connection_init): Use new wrappers, only create the rebind
pool if USE_APR_LDAP_REBIND.
* include/util_ldap.h: Don't include apr_ldap_rebind.h here.
PR: 64414
Github: closes#124
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1878890 13f79535-47bb-0310-9956-ffa450edef68
The cache destruction was not protected by the lock used by other
cache callers.
Pull the static cleanup function into util_ldap.c so it's convenient to
use the existing locking.
Submitted By: Martin Fúsek <mfusek newps.cz>
Commited By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1856735 13f79535-47bb-0310-9956-ffa450edef68
*) mod_ldap: Fix a case where a full LDAP cache would continually fail to
purge old entries and log AH01323. PR61891.
Submitted By: Hendrik Harms <hendrik.harms gmail.com>
Committed By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1818040 13f79535-47bb-0310-9956-ffa450edef68
an error during a compare operation. [Eric Covener]
+ accompanying trace.
Note: the if/else now matches (don't replace unknown compare errors with
LDAP_NO_SUCH_ATTRIBUTE) the logic just above when pulling comparisons
out of the cache.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1687980 13f79535-47bb-0310-9956-ffa450edef68
end-of-request time, and only update it after a round-trip with the LDAP
server rather than every time we check back into the pool.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1607960 13f79535-47bb-0310-9956-ffa450edef68
Changes LDAPReferrals to tri-state:
- "on" - default. Calls apr_ldap_set_option to set referrals on.
- "off" - Calls apr_ldap_set_option to turn referrals off.
- "default" - Does not call apr_ldap_set_option at all.
The default remains ON. If "default" and SDK defaults to ON, no rebind callback
is used.
Submitted By: Jan Kaluza <kaluze AT redhat.com>
Committed By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1517388 13f79535-47bb-0310-9956-ffa450edef68
LDAPConnectionPoolTimeout due to confusion over what "bound" means.
Added some LDAP trace at TRACE5 to track how LDAP connections are
reused and rebound.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1452551 13f79535-47bb-0310-9956-ffa450edef68
Enable SSL by passing secure=1 to apr_ldap_init instead of calling
apr_ldap_set_option(... APR_LDAP_OPT_TLS ...).
This change carefully avoids any change of behavior on non-Solaris LDAP SDKs.
PR: 42682
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209601 13f79535-47bb-0310-9956-ffa450edef68
if called from a virtual host with mod_ldap directives in it. Did not
affect mod_authnz_ldap's usage of mod_ldap. [Eric Covener]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1166823 13f79535-47bb-0310-9956-ffa450edef68
few other paths that have us returning LDAP_OTHER (since
only 'server down' is retryable, we want to work hard to get
it returned when appropriate)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1157677 13f79535-47bb-0310-9956-ffa450edef68
