revert comments in r1521973, may be more misleadin then good.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1522021 13f79535-47bb-0310-9956-ffa450edef68
author: Eric Covener <covener@apache.org> 2013-09-11 20:24:40 +0000
committer: Eric Covener <covener@apache.org> 2013-09-11 20:24:40 +0000
commit: 751b6e7b44cc9ee415c8ddb8c6f1b3630946f9cf (patch)
tree: d40d9074922e5dc189962f7cbfc26599712de0b2 /modules/ldap
parent: 7ae58cc772e26957d7654e65b3cbd6c33067cdc9 (diff)
download: httpd-751b6e7b44cc9ee415c8ddb8c6f1b3630946f9cf.tar.gz
1 files changed, 1 insertions, 13 deletions
diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
index 0f2324e64f..461e48638a 100644
--- a/modules/ldap/util_ldap.c
+++ b/modules/ldap/util_ldap.c
@@ -1219,7 +1219,6 @@ static util_compare_subgroup_t* uldap_get_subgroups(request_rec *r,
 
     sgc_ents = (struct mod_auth_ldap_groupattr_entry_t *) subgroupclasses->elts;
 
-    /* XXX: attrs should not be required, they're just a secondary filtering */
     if (!subgroupAttrs) {
         return res;
     }
@@ -1243,7 +1242,6 @@ start_over:
     }
 
     /* try to do the search */
-    /* XXX: this filter should include the subgroup object classes! */
     result = ldap_search_ext_s(ldc->ldap, (char *)dn, LDAP_SCOPE_BASE,
                                (char *)"cn=*", subgroupAttrs, 0,
                                NULL, NULL, NULL, APR_LDAP_SIZELIMIT, &sga_res);
@@ -1297,17 +1295,12 @@ start_over:
                  */
                 while (values[val_index]) {
                     /* Check if this entry really is a group. */
-
-                    /* XXX: This has to be wrong, we're iterating over subgroup attributes,
-                     * but checking the objectClass of the subgroup.  This could have been a filter.
-                     */ 
-
                     tmp_sgcIndex = 0;
                     result = LDAP_COMPARE_FALSE;
                     while ((tmp_sgcIndex < subgroupclasses->nelts)
                            && (result != LDAP_COMPARE_TRUE)) {
                         result = uldap_cache_compare(r, ldc, url,
-                                                     values[val_index], /* candidate subgroup DN */
+                                                     values[val_index],
                                                      "objectClass",
                                                      sgc_ents[tmp_sgcIndex].name
                                                      );
@@ -1317,11 +1310,6 @@ start_over:
                         }
                     }
                     /* It's a group, so add it to the array.  */
-
-                    /* XXX: Hold on -- we never actually checked that the subgroup DN had any "subgroupattrs" in it.
-                     * Maybe it's never actually been useful, IOW that objectClass is enough.
-                     */
-
                     if (result == LDAP_COMPARE_TRUE) {
                         char **newgrp = (char **) apr_array_push(subgroups);
                         *newgrp = apr_pstrdup(r->pool, values[val_index]);
author	Eric Covener <covener@apache.org>	2013-09-11 20:24:40 +0000
committer	Eric Covener <covener@apache.org>	2013-09-11 20:24:40 +0000
commit	751b6e7b44cc9ee415c8ddb8c6f1b3630946f9cf (patch)
tree	d40d9074922e5dc189962f7cbfc26599712de0b2 /modules/ldap
parent	7ae58cc772e26957d7654e65b3cbd6c33067cdc9 (diff)
download	httpd-751b6e7b44cc9ee415c8ddb8c6f1b3630946f9cf.tar.gz