On Tue, Apr 6, 2010 at 1:50 PM, Thomas, Peter <pthomas@xxxxxxxx> wrote: > I've looked at the mod_authnz_ldap code and the documentation. "Out of the > box" it sems like there's no way to turn the "OR" behavior of Require ldap-* > lines into "AND." I've been trying as hard as I can to avoid creating not > only a new provider type but also a new provider. Unfortunately, the more I > dig into mod_authnz_ldap the more it seems like it's not quite what I need. > Is there a "right" way to do this? One thought is creating a hook that > "fakes out" check_user_access by dynamically updating the array of requires > to "present" one ldap-* require line at a time, then aggregating the results > into a single return value. > > I've seen some pretty subtle tricks from all of you--I'm hoping that someone > out there has a better option than building up a new provider. > This comes for free in trunk. I'd review a 2.2.x patch that just changed the way the loop operates to respect an "AND" flag -- my guess is that it is not very hard but I am too swamped to play with it The caveat for the doc would would be that it only made sense in an all ldap-* configuration. This AND behavior for LDAP authz is frequently requested. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|