summaryrefslogtreecommitdiff
path: root/modules/ldap
Commit message (Collapse)AuthorAgeFilesLines
* LDAPConnectionPoolTTL should accept negative values in order to allowChristophe Jaillet2023-01-271-2/+4
| | | | | | | connections of any age to be reused. Up to now, a negative value was handled as an error when parsing the configuration file. PR 66421. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907024 13f79535-47bb-0310-9956-ffa450edef68
* mod_ldap: Use the LDAP API directly to implement the rebind callbackJoe Orton2020-06-161-8/+43
| | | | | | | | | | | | | | | | | | | | | | | | for modern versions of OpenLDAP, avoiding the overhead of the apr-util implementation. * modules/ldap/util_ldap.c: Define USE_APR_LDAP_REBIND if a modern version of OpenSSL is used. (uldap_rebind_proc): New function. (uldap_rebind_init, uldap_rebind_add): Define, using either the callback or the (bad) APR-util versions. (uldap_connection_unbind): Clear the rebind pool to remove rebind references prior to destroying the LDAP *. Omit for !USE_APR_LDAP_REBIND. (uldap_connection_init): Use new wrappers, only create the rebind pool if USE_APR_LDAP_REBIND. * include/util_ldap.h: Don't include apr_ldap_rebind.h here. PR: 64414 Github: closes #124 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1878890 13f79535-47bb-0310-9956-ffa450edef68
* Add missing pool tags to help debugging.Yann Ylavic2020-04-161-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876599 13f79535-47bb-0310-9956-ffa450edef68
* Fix spelling errors found by codespell. [skip ci]Mike Rumph2020-02-131-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1873985 13f79535-47bb-0310-9956-ffa450edef68
* PR62989: DOCTYPE tags in server-generated HTML. Eric Covener2020-01-311-1/+1
| | | | | | | | | Submitted By: Andra Farkas <deepbluemistake gmail.com>, Giovanni Bechis <giovanni paclan.it> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1873397 13f79535-47bb-0310-9956-ffa450edef68
* Avoid duplicated APLOGNO.Christophe Jaillet2019-06-141-2/+2
| | | | | | In this case, the difference is tiny, but it could ease diagniostic (and numbers are cheap anyway) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1861336 13f79535-47bb-0310-9956-ffa450edef68
* PR63305: fix graceful restart crashes in LDAPEric Covener2019-04-012-24/+45
| | | | | | | | | | | | | | | The cache destruction was not protected by the lock used by other cache callers. Pull the static cleanup function into util_ldap.c so it's convenient to use the existing locking. Submitted By: Martin Fúsek <mfusek newps.cz> Commited By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1856735 13f79535-47bb-0310-9956-ffa450edef68
* * modules/ldap/util_ldap_cache_mgr.c (util_ald_create_caches): DestroyJoe Orton2018-10-051-5/+9
| | | | | | | | rather than leak caches if all three cannot be allocated (Coverity warning). Remove unnecessary pointer. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842898 13f79535-47bb-0310-9956-ffa450edef68
* Axe some dead code.Christophe Jaillet2018-05-241-1/+1
| | | | | | See PR 60086. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832202 13f79535-47bb-0310-9956-ffa450edef68
* fix bld break in r1831165Eric Covener2018-05-081-1/+1
| | | | | | | | I had to disable -Werror in maintainer mode for this file in darwin :/ git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831172 13f79535-47bb-0310-9956-ffa450edef68
* style fix for r1831165Eric Covener2018-05-081-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831171 13f79535-47bb-0310-9956-ffa450edef68
* mod_ldap: log and abort locking errors.Eric Covener2018-05-081-42/+56
| | | | | | | | | | | | related to PR60296 investigation RMM corruption is really nasty, so abort on locking failures. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831165 13f79535-47bb-0310-9956-ffa450edef68
* mod_ldap: fix format warnings.Yann Ylavic2018-03-202-4/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1827366 13f79535-47bb-0310-9956-ffa450edef68
* 10 years after r567503 , fix this properly.Eric Covener2018-02-191-3/+2
| | | | | | | | | The lock is created in post_config, so we can't copy it around in a merge_server_config() callback. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1824811 13f79535-47bb-0310-9956-ffa450edef68
* PR61891: looping over mostly full LDAP cacheEric Covener2017-12-134-7/+31
| | | | | | | | | | | | | | *) mod_ldap: Fix a case where a full LDAP cache would continually fail to purge old entries and log AH01323. PR61891. Submitted By: Hendrik Harms <hendrik.harms gmail.com> Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1818040 13f79535-47bb-0310-9956-ffa450edef68
* https://bz.apache.org/bugzilla/show_bug.cgi?id=58855Jim Jagielski2017-01-091-1/+1
| | | | | | | Optimize check for empty strings git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1778067 13f79535-47bb-0310-9956-ffa450edef68
* Fix spelling in comments and text files.Rainer Jung2016-08-111-1/+1
| | | | | | | | No functional change. PR 59990 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1756038 13f79535-47bb-0310-9956-ffa450edef68
* Fix some style issues on files that can easily be synch'ed with 2.4.xChristophe Jaillet2015-09-301-4/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1705983 13f79535-47bb-0310-9956-ffa450edef68
* Silence a sparse warning about inconsistent indenting + some minor style issuesChristophe Jaillet2015-08-311-12/+12
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1700330 13f79535-47bb-0310-9956-ffa450edef68
* remove old static ldc->reasonEric Covener2015-07-071-1/+0
| | | | | | | | | --This line, and those bdelow, will be ignored-- M util_ldap.c git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1689698 13f79535-47bb-0310-9956-ffa450edef68
* stuff unexpected LDAP errors into ldc->reason, not just in trace messages.Eric Covener2015-07-071-3/+12
| | | | | | | | fix some enormously long lines introduced recently. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1689694 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_ldap: In some case, LDAP_NO_SUCH_ATTRIBUTE could be returned instead ofEric Covener2015-06-281-4/+9
| | | | | | | | | | | | | | an error during a compare operation. [Eric Covener] + accompanying trace. Note: the if/else now matches (don't replace unknown compare errors with LDAP_NO_SUCH_ATTRIBUTE) the logic just above when pulling comparisons out of the cache. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1687980 13f79535-47bb-0310-9956-ffa450edef68
* Fix directive name in error message + fix some style issueChristophe Jaillet2015-06-151-8/+9
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1685659 13f79535-47bb-0310-9956-ffa450edef68
* LDAP connection pool did not release/close connections with Eric Covener2015-06-151-2/+3
| | | | | | | | | | | "LDAPConnectionPoolTTL 0". PR58037. Submitted by: Ted Phelps <phelps gnusto.com> committed by: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1685650 13f79535-47bb-0310-9956-ffa450edef68
* Give a better hint.Eric Covener2015-04-281-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1676593 13f79535-47bb-0310-9956-ffa450edef68
* Fix strange indent.Christophe Jaillet2014-10-201-3/+5
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1633031 13f79535-47bb-0310-9956-ffa450edef68
* In 2.4.10, AuthLDAPBindDN might not be used for some LDAP searches, causing Eric Covener2014-07-261-1/+1
| | | | | | | | | LDAP authz failures if AuthLDAPBindDN was able to search through more of LDAP than web users. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1613682 13f79535-47bb-0310-9956-ffa450edef68
* make LDAPConnectionPoolTTL more conservative, use r->request_time rather thanEric Covener2014-07-051-4/+10
| | | | | | | | | end-of-request time, and only update it after a round-trip with the LDAP server rather than every time we check back into the pool. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1607960 13f79535-47bb-0310-9956-ffa450edef68
* Don't use a hardcoded cn=* in case the subgroup has no CN.Eric Covener2013-10-011-1/+1
| | | | | | | | | Submitted By: David Hawes <dhawes vt.edu> Committed By: Eric Covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1528143 13f79535-47bb-0310-9956-ffa450edef68
* arrange previous fix.Jean-Frederic Clere2013-09-261-4/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1526499 13f79535-47bb-0310-9956-ffa450edef68
* Follow-up to r1526436: Fix compilation errorJeff Trawick2013-09-261-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1526473 13f79535-47bb-0310-9956-ffa450edef68
* Fix for PR 54626.Jean-Frederic Clere2013-09-261-0/+12
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1526436 13f79535-47bb-0310-9956-ffa450edef68
* revert comments in r1521973, may be more misleadin then good.Eric Covener2013-09-111-13/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1522021 13f79535-47bb-0310-9956-ffa450edef68
* comments only, before I task switch. Eric Covener2013-09-111-1/+13
| | | | | | | Subgroup checking is cached, but very inefficient for large groups. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1521973 13f79535-47bb-0310-9956-ffa450edef68
* "LDAPReferrals off" does not disable LDAPReferrals feature. Default OpenLDAP ↵Eric Covener2013-08-251-7/+20
| | | | | | | | | | | | | | | | | | | | value for LDAP_OPT_REFERRALS is ON and the current code does not set it to OFF even when there is "LDAPReferrals off" directive in the config file. Changes LDAPReferrals to tri-state: - "on" - default. Calls apr_ldap_set_option to set referrals on. - "off" - Calls apr_ldap_set_option to turn referrals off. - "default" - Does not call apr_ldap_set_option at all. The default remains ON. If "default" and SDK defaults to ON, no rebind callback is used. Submitted By: Jan Kaluza <kaluze AT redhat.com> Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1517388 13f79535-47bb-0310-9956-ffa450edef68
* remove nested retry loop, uldap_connection_open retries.Eric Covener2013-08-041-5/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1510086 13f79535-47bb-0310-9956-ffa450edef68
* add TRACE5 messages around each LDAP retryEric Covener2013-08-041-0/+10
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1510085 13f79535-47bb-0310-9956-ffa450edef68
* retry during a timeout in uldap_cache_checkuserid(), like other paths that ↵Eric Covener2013-08-041-0/+8
| | | | | | | | | | check server down and TIMEOUT together. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1510084 13f79535-47bb-0310-9956-ffa450edef68
* don't retry if uldap_connection_open() fails, because it has already Eric Covener2013-08-041-5/+1
| | | | | | | retried internally git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1510083 13f79535-47bb-0310-9956-ffa450edef68
* Unlikely potential memory leak.Christophe Jaillet2013-07-171-1/+1
| | | | | | Point 12 of PR 54936 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1504276 13f79535-47bb-0310-9956-ffa450edef68
* re-try LDAP connections in a few authz paths.Eric Covener2013-06-241-2/+10
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1496207 13f79535-47bb-0310-9956-ffa450edef68
* Drop severity of "LDAP: Setting referrals to ON" from DEBUG to TRACE4Eric Covener2013-06-241-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1496178 13f79535-47bb-0310-9956-ffa450edef68
* uldap_simple_bind was subsequently rewritten to use the op_timeout with ↵Eric Covener2013-06-241-8/+0
| | | | | | | | | | | ldap_result() which is portable, which means LDAPTimeout is used for bind & search regardless of this LDAP options availability. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1496177 13f79535-47bb-0310-9956-ffa450edef68
* prevent excessive delays retrying new connections that timed out.Eric Covener2013-06-241-0/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1496176 13f79535-47bb-0310-9956-ffa450edef68
* PR54587: LDAP connections used for authn were not respecting Eric Covener2013-03-041-7/+36
| | | | | | | | | | | LDAPConnectionPoolTimeout due to confusion over what "bound" means. Added some LDAP trace at TRACE5 to track how LDAP connections are reused and rebound. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1452551 13f79535-47bb-0310-9956-ffa450edef68
* No need to clear memory that is fully initialized just the line after.Christophe Jaillet2012-12-101-5/+5
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1419719 13f79535-47bb-0310-9956-ffa450edef68
* CVE-2012-3499Stefan Fritsch2012-12-081-1/+1
| | | | | | | add missing html escaping git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1418752 13f79535-47bb-0310-9956-ffa450edef68
* No need it apr_pcalloc here, the memory is fully initialized the line just afterChristophe Jaillet2012-10-141-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1398040 13f79535-47bb-0310-9956-ffa450edef68
* make LDAPSharedCacheFile relative to DefaultRuntimeDirJeff Trawick2012-08-101-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1371684 13f79535-47bb-0310-9956-ffa450edef68
* NetWare build tweaks.Guenter Knauf2012-08-091-1/+1
| | | | | | | | | Make more use of internal makefile macros; axed now obsolete include paths. Submitted by: normw gknw net. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1371177 13f79535-47bb-0310-9956-ffa450edef68
View Lorry Controller Status