Attachment #30516 for bug #55178

View | Details | Raw Unified | Return to bug 55178
Collapse All | Expand All

Lines 183-188 for HTTP Basic authentication.</description> Link Here

(-)a/docs/manual/mod/mod_authnz_ldap.xml (-2 / +32 lines)
183	<td>An optional password to bind	183	<td>An optional password to bind
184	with during the search phase.</td>	184	with during the search phase.</td>
185	</tr>	185	</tr>
		186
		187	<tr>
		188	<td><directive
		189	module="mod_authnz_ldap">AuthLDAPBindSASLMech</directive></td>
		190
		191	<td>An optional SASL mechanism to use for bind
		192	with during the search phase.</td>
		193	</tr>
186	</table>	194	</table>
187	</section>	195	</section>
188		196
Lines 890-897 to perform a DN lookup</description> Link Here
890		898
891	<usage>	899	<usage>
892	<p>An optional DN used to bind to the server when searching for	900	<p>An optional DN used to bind to the server when searching for
893	entries. If not provided, <module>mod_authnz_ldap</module> will use	901	entries. If not provided, and simple bind (not SASL) is used,
894	an anonymous bind.</p>	902	<module>mod_authnz_ldap</module> will use an anonymous bind.</p>
895	</usage>	903	</usage>
896	</directivesynopsis>	904	</directivesynopsis>
897		905
Lines 929-934 AuthLDAPBindPassword "exec:/path/to/otherProgram argument1" Link Here
929	</directivesynopsis>	937	</directivesynopsis>
930		938
931	<directivesynopsis>	939	<directivesynopsis>
		940	<name>AuthLDAPBindSASLMech</name>
		941	<description>Optional SASL mechanism to use in binding to the LDAP server</description>
		942	<syntax>AuthLDAPBindSASLMech <em>sasl-mech</em></syntax>
		943	<contextlist><context>directory</context><context>.htaccess</context>
		944	</contextlist>
		945	<override>AuthConfig</override>
		946
		947	<usage>
		948	<p>An optional SASL mechanism used to bind to the server when
		949	searching for entries. Multiple mechanisms can be used,
		950	separated with commas. If not provided,
		951	<module>mod_authnz_ldap</module> will use simple bind.</p>
		952
		953	<example><pre>
		954	#Authenticate with Kerberos GSSAPI
		955	AuthLDAPBindSASLMech "GSSAPI"
		956	</pre></example>
		957
		958	</usage>
		959	</directivesynopsis>
		960
		961	<directivesynopsis>
932	<name>AuthLDAPCharsetConfig</name>	962	<name>AuthLDAPCharsetConfig</name>
933	<description>Language to charset conversion configuration file</description>	963	<description>Language to charset conversion configuration file</description>
934	<syntax>AuthLDAPCharsetConfig <em>file-path</em></syntax>	964	<syntax>AuthLDAPCharsetConfig <em>file-path</em></syntax>

Lines 132-138 var prettyPrint; Link Here

(-)a/docs/manual/style/scripts/prettify.js (-1 / +1 lines)
132	var SH_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "case,done,elif,esac,eval,fi," +	132	var SH_KEYWORDS = [FLOW_CONTROL_KEYWORDS, "case,done,elif,esac,eval,fi," +
133	"function,in,local,set,then,until,echo"];	133	"function,in,local,set,then,until,echo"];
134	var CONFIG_ENVS = ["User-Agent,HTTP_USER_AGENT,HTTP_REFERER,HTTP_COOKIE,HTTP_FORWARDED,HTTP_HOST,HTTP_PROXY_CONNECTION,HTTP_ACCEPT,REMOTE_ADDR,REMOTE_HOST,REMOTE_PORT,REMOTE_USER,REMOTE_IDENT,REQUEST_METHOD,SCRIPT_FILENAME,PATH_INFO,QUERY_STRING,AUTH_TYPE,DOCUMENT_ROOT,SERVER_ADMIN,SERVER_NAME,SERVER_ADDR,SERVER_PORT,SERVER_PROTOCOL,SERVER_SOFTWARE,TIME_YEAR,TIME_MON,TIME_DAY,TIME_HOUR,TIME_MIN,TIME_SEC,TIME_WDAY,TIME,API_VERSION,THE_REQUEST,REQUEST_URI,REQUEST_FILENAME,IS_SUBREQ,HTTPS,REQUEST_SCHEME"];	134	var CONFIG_ENVS = ["User-Agent,HTTP_USER_AGENT,HTTP_REFERER,HTTP_COOKIE,HTTP_FORWARDED,HTTP_HOST,HTTP_PROXY_CONNECTION,HTTP_ACCEPT,REMOTE_ADDR,REMOTE_HOST,REMOTE_PORT,REMOTE_USER,REMOTE_IDENT,REQUEST_METHOD,SCRIPT_FILENAME,PATH_INFO,QUERY_STRING,AUTH_TYPE,DOCUMENT_ROOT,SERVER_ADMIN,SERVER_NAME,SERVER_ADDR,SERVER_PORT,SERVER_PROTOCOL,SERVER_SOFTWARE,TIME_YEAR,TIME_MON,TIME_DAY,TIME_HOUR,TIME_MIN,TIME_SEC,TIME_WDAY,TIME,API_VERSION,THE_REQUEST,REQUEST_URI,REQUEST_FILENAME,IS_SUBREQ,HTTPS,REQUEST_SCHEME"];
135	var CONFIG_KEYWORDS = ["Macro,UndefMacro,Use,AuthLDAPURL,AcceptFilter,AcceptPathInfo,AccessFileName,Action,AddAlt,AddAltByEncoding,AddAltByType,AddCharset,AddDefaultCharset,AddDescription,AddEncoding,AddHandler,AddIcon,AddIconByEncoding,AddIconByType,AddInputFilter,AddLanguage,AddModuleInfo,AddOutputFilter,AddOutputFilterByType,AddType,Alias,AliasMatch,Allow,AllowCONNECT,AllowEncodedSlashes,AllowMethods,AllowOverride,AllowOverrideList,Anonymous,Anonymous_LogEmail,Anonymous_MustGiveEmail,Anonymous_NoUserID,Anonymous_VerifyEmail,AsyncRequestWorkerFactor,AuthBasicAuthoritative,AuthBasicProvider,AuthDBDUserPWQuery,AuthDBDUserRealmQuery,AuthDBMGroupFile,AuthDBMType,AuthDBMUserFile,AuthDigestAlgorithm,AuthDigestDomain,AuthDigestNcCheck,AuthDigestNonceFormat,AuthDigestNonceLifetime,AuthDigestProvider,AuthDigestQop,AuthDigestShmemSize,AuthFormAuthoritative,AuthFormBody,AuthFormDisableNoStore,AuthFormFakeBasicAuth,AuthFormLocation,AuthFormLoginRequiredLocation,AuthFormLoginSuccessLocation,AuthFormLogoutLocation,AuthFormMethod,AuthFormMimetype,AuthFormPassword,AuthFormProvider,AuthFormSitePassphrase,AuthFormSize,AuthFormUsername,AuthGroupFile,AuthLDAPAuthorizePrefix,AuthLDAPBindAuthoritative,AuthLDAPBindDN,AuthLDAPBindPassword,AuthLDAPCharsetConfig,AuthLDAPCompareAsUser,AuthLDAPCompareDNOnServer,AuthLDAPDereferenceAliases,AuthLDAPGroupAttribute,AuthLDAPGroupAttributeIsDN,AuthLDAPInitialBindAsUser,AuthLDAPInitialBindPattern,AuthLDAPMaxSubGroupDepth,AuthLDAPRemoteUserAttribute,AuthLDAPRemoteUserIsDN,AuthLDAPSearchAsUser,AuthLDAPSubGroupAttribute,AuthLDAPSubGroupClass,AuthLDAPUrl,AuthMerging,AuthName,AuthnCacheContext,AuthnCacheEnable,AuthnCacheProvideFor,AuthnCacheSOCache,AuthnCacheTimeout,<AuthnProviderAlias>,AuthType,AuthUserFile,AuthzDBDLoginToReferer,AuthzDBDQuery,AuthzDBDRedirectQuery,AuthzDBMType,<AuthzProviderAlias>,AuthzSendForbiddenOnFailure,BalancerGrowth,BalancerMember,BrowserMatch,BrowserMatchNoCase,BufferedLogs,BufferSize,CacheDefaultExpire,CacheDetailHeader,CacheDirLength,CacheDirLevels,CacheDisable,CacheEnable,CacheFile,CacheHeader,CacheIgnoreCacheControl,CacheIgnoreHeaders,CacheIgnoreNoLastMod,CacheIgnoreQueryString,CacheIgnoreURLSessionIdentifiers,CacheKeyBaseURL,CacheLastModifiedFactor,CacheLock,CacheLockMaxAge,CacheLockPath,CacheMaxExpire,CacheMaxFileSize,CacheMinExpire,CacheMinFileSize,CacheNegotiatedDocs,CacheQuickHandler,CacheReadSize,CacheReadTime,CacheRoot,CacheStaleOnError,CacheStoreExpired,CacheStoreNoStore,CacheStorePrivate,CGIMapExtension,CharsetDefault,CharsetOptions,CharsetSourceEnc,CheckCaseOnly,CheckSpelling,ChrootDir,ContentDigest,CookieDomain,CookieExpires,CookieName,CookieStyle,CookieTracking,CoreDumpDirectory,CustomLog,Dav,DavDepthInfinity,DavGenericLockDB,DavLockDB,DavMinTimeout,DBDExptime,DBDInitSQL,DBDKeep,DBDMax,DBDMin,DBDParams,DBDPersist,DBDPrepareSQL,DBDriver,DefaultIcon,DefaultLanguage,DefaultRuntimeDir,DefaultType,Define,DeflateBufferSize,DeflateCompressionLevel,DeflateFilterNote,DeflateMemLevel,DeflateWindowSize,Deny,<Directory>,DirectoryIndex,DirectoryIndexRedirect,<DirectoryMatch>,DirectorySlash,DocumentRoot,DTracePrivileges,DumpIOInput,DumpIOOutput,<Else>,<ElseIf>,EnableExceptionHook,EnableMMAP,EnableSendfile,Error,ErrorDocument,ErrorLog,ErrorLogFormat,Example,ExpiresActive,ExpiresByType,ExpiresDefault,ExtendedStatus,ExtFilterDefine,ExtFilterOptions,FallbackResource,FileETag,<Files>,<FilesMatch>,FilterChain,FilterDeclare,FilterProtocol,FilterProvider,FilterTrace,ForceLanguagePriority,ForceType,ForensicLog,GprofDir,GracefulShutdownTimeout,Group,Header,HeaderName,HeartbeatAddress,HeartbeatListen,HeartbeatMaxServers,HeartbeatStorage,HeartbeatStorage,HostnameLookups,IdentityCheck,IdentityCheckTimeout,<If>,<IfDefine>,<IfModule>,<IfVersion>,ImapBase,ImapDefault,ImapMenu,Include,IncludeOptional,IndexHeadInsert,IndexIgnore,IndexIgnoreReset,IndexOptions,IndexOrderDefault,IndexStyleSheet,InputSed,ISAPIAppendLogToErrors,ISAPIAppendLogToQuery,ISAPICacheFile,ISAPIFakeAsync,ISAPILogNotSupported,ISAPIReadAheadBuffer,KeepAlive,KeepAliveTimeout,KeptBodySize,LanguagePriority,LDAPCacheEntries,LDAPCacheTTL,LDAPConnectionPoolTTL,LDAPConnectionTimeout,LDAPLibraryDebug,LDAPOpCacheEntries,LDAPOpCacheTTL,LDAPReferralHopLimit,LDAPReferrals,LDAPRetries,LDAPRetryDelay,LDAPSharedCacheFile,LDAPSharedCacheSize,LDAPTimeout,LDAPTrustedClientCert,LDAPTrustedGlobalCert,LDAPTrustedMode,LDAPVerifyServerCert,<Limit>,<LimitExcept>,LimitInternalRecursion,LimitRequestBody,LimitRequestFields,LimitRequestFieldSize,LimitRequestLine,LimitXMLRequestBody,Listen,ListenBackLog,LoadFile,LoadModule,<Location>,<LocationMatch>,LogFormat,LogLevel,LogMessage,LuaCodeCache,LuaHookAccessChecker,LuaHookAuthChecker,LuaAuthzProvider,LuaHookCheckUserID,LuaHookFixups,LuaHookInsertFilter,LuaHookMapToStorage,LuaHookTranslateName,LuaHookTypeChecker,LuaInherit,LuaInputFilter,LuaMapHandler,LuaOutputFilter,LuaPackageCPath,LuaPackagePath,LuaQuickHandler,LuaRoot,LuaScope,MaxConnectionsPerChild,MaxKeepAliveRequests,MaxMemFree,MaxRangeOverlaps,MaxRangeReversals,MaxRanges,MaxRequestWorkers,MaxSpareServers,MaxSpareThreads,MaxThreads,MetaDir,MetaFiles,MetaSuffix,MimeMagicFile,MinSpareServers,MinSpareThreads,MMapFile,ModemStandard,ModMimeUsePathInfo,MultiviewsMatch,Mutex,NameVirtualHost,NoProxy,NWSSLTrustedCerts,NWSSLUpgradeable,Options,Order,OutputSed,PassEnv,PidFile,PrivilegesMode,Protocol,ProtocolEcho,<Proxy>,ProxyAddHeaders,ProxyBadHeader,ProxyBlock,ProxyDomain,ProxyErrorOverride,ProxyExpressDBMFile,ProxyExpressDBMType,ProxyExpressEnable,ProxyFtpDirCharset,ProxyFtpEscapeWildcards,ProxyFtpListOnWildcard,ProxyHTMLBufSize,ProxyHTMLCharsetOut,ProxyHTMLDocType,ProxyHTMLEnable,ProxyHTMLEvents,ProxyHTMLExtended,ProxyHTMLFixups,ProxyHTMLInterp,ProxyHTMLLinks,ProxyHTMLStripComments,ProxyHTMLURLMap,ProxyIOBufferSize,<ProxyMatch>,ProxyMaxForwards,ProxyPass,ProxyPassInterpolateEnv,ProxyPassMatch,ProxyPassReverse,ProxyPassReverseCookieDomain,ProxyPassReverseCookiePath,ProxyPreserveHost,ProxyReceiveBufferSize,ProxyRemote,ProxyRemoteMatch,ProxyRequests,ProxySCGIInternalRedirect,ProxySCGISendfile,ProxySet,ProxySourceAddress,ProxyStatus,ProxyTimeout,ProxyVia,ReadmeName,ReceiveBufferSize,Redirect,RedirectMatch,RedirectPermanent,RedirectTemp,ReflectorHeader,RemoteIPHeader,RemoteIPInternalProxy,RemoteIPInternalProxyList,RemoteIPProxiesHeader,RemoteIPTrustedProxy,RemoteIPTrustedProxyList,RemoveCharset,RemoveEncoding,RemoveHandler,RemoveInputFilter,RemoveLanguage,RemoveOutputFilter,RemoveType,RequestHeader,RequestReadTimeout,Require,<RequireAll>,<RequireAny>,<RequireNone>,RewriteBase,RewriteCond,RewriteEngine,RewriteMap,RewriteOptions,RewriteRule,RLimitCPU,RLimitMEM,RLimitNPROC,Satisfy,ScoreBoardFile,Script,ScriptAlias,ScriptAliasMatch,ScriptInterpreterSource,ScriptLog,ScriptLogBuffer,ScriptLogLength,ScriptSock,SecureListen,SeeRequestTail,SendBufferSize,ServerAdmin,ServerAlias,ServerLimit,ServerName,ServerPath,ServerRoot,ServerSignature,ServerTokens,Session,SessionCookieName,SessionCookieName2,SessionCookieRemove,SessionCryptoCipher,SessionCryptoDriver,SessionCryptoPassphrase,SessionCryptoPassphraseFile,SessionDBDCookieName,SessionDBDCookieName2,SessionDBDCookieRemove,SessionDBDDeleteLabel,SessionDBDInsertLabel,SessionDBDPerUser,SessionDBDSelectLabel,SessionDBDUpdateLabel,SessionEnv,SessionExclude,SessionHeader,SessionInclude,SessionMaxAge,SetEnv,SetEnvIf,SetEnvIfExpr,SetEnvIfNoCase,SetHandler,SetInputFilter,SetOutputFilter,SSIEndTag,SSIErrorMsg,SSIETag,SSILastModified,SSILegacyExprParser,SSIStartTag,SSITimeFormat,SSIUndefinedEcho,SSLCACertificateFile,SSLCACertificatePath,SSLCADNRequestFile,SSLCADNRequestPath,SSLCARevocationCheck,SSLCARevocationFile,SSLCARevocationPath,SSLCertificateChainFile,SSLCertificateFile,SSLCertificateKeyFile,SSLCipherSuite,SSLCryptoDevice,SSLEngine,SSLFIPS,SSLHonorCipherOrder,SSLInsecureRenegotiation,SSLOCSPDefaultResponder,SSLOCSPEnable,SSLOCSPOverrideResponder,SSLOCSPResponderTimeout,SSLOCSPResponseMaxAge,SSLOCSPResponseTimeSkew,SSLOptions,SSLPassPhraseDialog,SSLProtocol,SSLProxyCACertificateFile,SSLProxyCACertificatePath,SSLProxyCARevocationCheck,SSLProxyCARevocationFile,SSLProxyCARevocationPath,SSLProxyCheckPeerCN,SSLProxyCheckPeerExpire,SSLProxyCipherSuite,SSLProxyEngine,SSLProxyMachineCertificateChainFile,SSLProxyMachineCertificateFile,SSLProxyMachineCertificatePath,SSLProxyProtocol,SSLProxyVerify,SSLProxyVerifyDepth,SSLRandomSeed,SSLRenegBufferSize,SSLRequire,SSLRequireSSL,SSLSessionCache,SSLSessionCacheTimeout,SSLSessionTicketKeyFile,SSLStaplingCache,SSLStaplingErrorCacheTimeout,SSLStaplingFakeTryLater,SSLStaplingForceURL,SSLStaplingResponderTimeout,SSLStaplingResponseMaxAge,SSLStaplingResponseTimeSkew,SSLStaplingReturnResponderErrors,SSLStaplingStandardCacheTimeout,SSLStrictSNIVHostCheck,SSLUserName,SSLUseStapling,SSLVerifyClient,SSLVerifyDepth,StartServers,StartThreads,Substitute,Suexec,SuexecUserGroup,ThreadLimit,ThreadsPerChild,ThreadStackSize,TimeOut,TraceEnable,TransferLog,TypesConfig,UnDefine,UnsetEnv,UseCanonicalName,UseCanonicalPhysicalPort,User,UserDir,VHostCGIMode,VHostCGIPrivs,VHostGroup,VHostPrivs,VHostSecure,VHostUser,VirtualDocumentRoot,VirtualDocumentRootIP,<VirtualHost>,VirtualScriptAlias,VirtualScriptAliasIP,WatchdogInterval,XBitHack,xml2EncAlias,xml2EncDefault,xml2StartParse,RewriteLog,RewriteLogLevel"];	135	var CONFIG_KEYWORDS = ["Macro,UndefMacro,Use,AuthLDAPURL,AcceptFilter,AcceptPathInfo,AccessFileName,Action,AddAlt,AddAltByEncoding,AddAltByType,AddCharset,AddDefaultCharset,AddDescription,AddEncoding,AddHandler,AddIcon,AddIconByEncoding,AddIconByType,AddInputFilter,AddLanguage,AddModuleInfo,AddOutputFilter,AddOutputFilterByType,AddType,Alias,AliasMatch,Allow,AllowCONNECT,AllowEncodedSlashes,AllowMethods,AllowOverride,AllowOverrideList,Anonymous,Anonymous_LogEmail,Anonymous_MustGiveEmail,Anonymous_NoUserID,Anonymous_VerifyEmail,AsyncRequestWorkerFactor,AuthBasicAuthoritative,AuthBasicProvider,AuthDBDUserPWQuery,AuthDBDUserRealmQuery,AuthDBMGroupFile,AuthDBMType,AuthDBMUserFile,AuthDigestAlgorithm,AuthDigestDomain,AuthDigestNcCheck,AuthDigestNonceFormat,AuthDigestNonceLifetime,AuthDigestProvider,AuthDigestQop,AuthDigestShmemSize,AuthFormAuthoritative,AuthFormBody,AuthFormDisableNoStore,AuthFormFakeBasicAuth,AuthFormLocation,AuthFormLoginRequiredLocation,AuthFormLoginSuccessLocation,AuthFormLogoutLocation,AuthFormMethod,AuthFormMimetype,AuthFormPassword,AuthFormProvider,AuthFormSitePassphrase,AuthFormSize,AuthFormUsername,AuthGroupFile,AuthLDAPAuthorizePrefix,AuthLDAPBindAuthoritative,AuthLDAPBindDN,AuthLDAPBindPassword,AuthLDAPBindSASLMech,AuthLDAPCharsetConfig,AuthLDAPCompareAsUser,AuthLDAPCompareDNOnServer,AuthLDAPDereferenceAliases,AuthLDAPGroupAttribute,AuthLDAPGroupAttributeIsDN,AuthLDAPInitialBindAsUser,AuthLDAPInitialBindPattern,AuthLDAPMaxSubGroupDepth,AuthLDAPRemoteUserAttribute,AuthLDAPRemoteUserIsDN,AuthLDAPSearchAsUser,AuthLDAPSubGroupAttribute,AuthLDAPSubGroupClass,AuthLDAPUrl,AuthMerging,AuthName,AuthnCacheContext,AuthnCacheEnable,AuthnCacheProvideFor,AuthnCacheSOCache,AuthnCacheTimeout,<AuthnProviderAlias>,AuthType,AuthUserFile,AuthzDBDLoginToReferer,AuthzDBDQuery,AuthzDBDRedirectQuery,AuthzDBMType,<AuthzProviderAlias>,AuthzSendForbiddenOnFailure,BalancerGrowth,BalancerMember,BrowserMatch,BrowserMatchNoCase,BufferedLogs,BufferSize,CacheDefaultExpire,CacheDetailHeader,CacheDirLength,CacheDirLevels,CacheDisable,CacheEnable,CacheFile,CacheHeader,CacheIgnoreCacheControl,CacheIgnoreHeaders,CacheIgnoreNoLastMod,CacheIgnoreQueryString,CacheIgnoreURLSessionIdentifiers,CacheKeyBaseURL,CacheLastModifiedFactor,CacheLock,CacheLockMaxAge,CacheLockPath,CacheMaxExpire,CacheMaxFileSize,CacheMinExpire,CacheMinFileSize,CacheNegotiatedDocs,CacheQuickHandler,CacheReadSize,CacheReadTime,CacheRoot,CacheStaleOnError,CacheStoreExpired,CacheStoreNoStore,CacheStorePrivate,CGIMapExtension,CharsetDefault,CharsetOptions,CharsetSourceEnc,CheckCaseOnly,CheckSpelling,ChrootDir,ContentDigest,CookieDomain,CookieExpires,CookieName,CookieStyle,CookieTracking,CoreDumpDirectory,CustomLog,Dav,DavDepthInfinity,DavGenericLockDB,DavLockDB,DavMinTimeout,DBDExptime,DBDInitSQL,DBDKeep,DBDMax,DBDMin,DBDParams,DBDPersist,DBDPrepareSQL,DBDriver,DefaultIcon,DefaultLanguage,DefaultRuntimeDir,DefaultType,Define,DeflateBufferSize,DeflateCompressionLevel,DeflateFilterNote,DeflateMemLevel,DeflateWindowSize,Deny,<Directory>,DirectoryIndex,DirectoryIndexRedirect,<DirectoryMatch>,DirectorySlash,DocumentRoot,DTracePrivileges,DumpIOInput,DumpIOOutput,<Else>,<ElseIf>,EnableExceptionHook,EnableMMAP,EnableSendfile,Error,ErrorDocument,ErrorLog,ErrorLogFormat,Example,ExpiresActive,ExpiresByType,ExpiresDefault,ExtendedStatus,ExtFilterDefine,ExtFilterOptions,FallbackResource,FileETag,<Files>,<FilesMatch>,FilterChain,FilterDeclare,FilterProtocol,FilterProvider,FilterTrace,ForceLanguagePriority,ForceType,ForensicLog,GprofDir,GracefulShutdownTimeout,Group,Header,HeaderName,HeartbeatAddress,HeartbeatListen,HeartbeatMaxServers,HeartbeatStorage,HeartbeatStorage,HostnameLookups,IdentityCheck,IdentityCheckTimeout,<If>,<IfDefine>,<IfModule>,<IfVersion>,ImapBase,ImapDefault,ImapMenu,Include,IncludeOptional,IndexHeadInsert,IndexIgnore,IndexIgnoreReset,IndexOptions,IndexOrderDefault,IndexStyleSheet,InputSed,ISAPIAppendLogToErrors,ISAPIAppendLogToQuery,ISAPICacheFile,ISAPIFakeAsync,ISAPILogNotSupported,ISAPIReadAheadBuffer,KeepAlive,KeepAliveTimeout,KeptBodySize,LanguagePriority,LDAPCacheEntries,LDAPCacheTTL,LDAPConnectionPoolTTL,LDAPConnectionTimeout,LDAPLibraryDebug,LDAPOpCacheEntries,LDAPOpCacheTTL,LDAPReferralHopLimit,LDAPReferrals,LDAPRetries,LDAPRetryDelay,LDAPSharedCacheFile,LDAPSharedCacheSize,LDAPTimeout,LDAPTrustedClientCert,LDAPTrustedGlobalCert,LDAPTrustedMode,LDAPVerifyServerCert,<Limit>,<LimitExcept>,LimitInternalRecursion,LimitRequestBody,LimitRequestFields,LimitRequestFieldSize,LimitRequestLine,LimitXMLRequestBody,Listen,ListenBackLog,LoadFile,LoadModule,<Location>,<LocationMatch>,LogFormat,LogLevel,LogMessage,LuaCodeCache,LuaHookAccessChecker,LuaHookAuthChecker,LuaAuthzProvider,LuaHookCheckUserID,LuaHookFixups,LuaHookInsertFilter,LuaHookMapToStorage,LuaHookTranslateName,LuaHookTypeChecker,LuaInherit,LuaInputFilter,LuaMapHandler,LuaOutputFilter,LuaPackageCPath,LuaPackagePath,LuaQuickHandler,LuaRoot,LuaScope,MaxConnectionsPerChild,MaxKeepAliveRequests,MaxMemFree,MaxRangeOverlaps,MaxRangeReversals,MaxRanges,MaxRequestWorkers,MaxSpareServers,MaxSpareThreads,MaxThreads,MetaDir,MetaFiles,MetaSuffix,MimeMagicFile,MinSpareServers,MinSpareThreads,MMapFile,ModemStandard,ModMimeUsePathInfo,MultiviewsMatch,Mutex,NameVirtualHost,NoProxy,NWSSLTrustedCerts,NWSSLUpgradeable,Options,Order,OutputSed,PassEnv,PidFile,PrivilegesMode,Protocol,ProtocolEcho,<Proxy>,ProxyAddHeaders,ProxyBadHeader,ProxyBlock,ProxyDomain,ProxyErrorOverride,ProxyExpressDBMFile,ProxyExpressDBMType,ProxyExpressEnable,ProxyFtpDirCharset,ProxyFtpEscapeWildcards,ProxyFtpListOnWildcard,ProxyHTMLBufSize,ProxyHTMLCharsetOut,ProxyHTMLDocType,ProxyHTMLEnable,ProxyHTMLEvents,ProxyHTMLExtended,ProxyHTMLFixups,ProxyHTMLInterp,ProxyHTMLLinks,ProxyHTMLStripComments,ProxyHTMLURLMap,ProxyIOBufferSize,<ProxyMatch>,ProxyMaxForwards,ProxyPass,ProxyPassInterpolateEnv,ProxyPassMatch,ProxyPassReverse,ProxyPassReverseCookieDomain,ProxyPassReverseCookiePath,ProxyPreserveHost,ProxyReceiveBufferSize,ProxyRemote,ProxyRemoteMatch,ProxyRequests,ProxySCGIInternalRedirect,ProxySCGISendfile,ProxySet,ProxySourceAddress,ProxyStatus,ProxyTimeout,ProxyVia,ReadmeName,ReceiveBufferSize,Redirect,RedirectMatch,RedirectPermanent,RedirectTemp,ReflectorHeader,RemoteIPHeader,RemoteIPInternalProxy,RemoteIPInternalProxyList,RemoteIPProxiesHeader,RemoteIPTrustedProxy,RemoteIPTrustedProxyList,RemoveCharset,RemoveEncoding,RemoveHandler,RemoveInputFilter,RemoveLanguage,RemoveOutputFilter,RemoveType,RequestHeader,RequestReadTimeout,Require,<RequireAll>,<RequireAny>,<RequireNone>,RewriteBase,RewriteCond,RewriteEngine,RewriteMap,RewriteOptions,RewriteRule,RLimitCPU,RLimitMEM,RLimitNPROC,Satisfy,ScoreBoardFile,Script,ScriptAlias,ScriptAliasMatch,ScriptInterpreterSource,ScriptLog,ScriptLogBuffer,ScriptLogLength,ScriptSock,SecureListen,SeeRequestTail,SendBufferSize,ServerAdmin,ServerAlias,ServerLimit,ServerName,ServerPath,ServerRoot,ServerSignature,ServerTokens,Session,SessionCookieName,SessionCookieName2,SessionCookieRemove,SessionCryptoCipher,SessionCryptoDriver,SessionCryptoPassphrase,SessionCryptoPassphraseFile,SessionDBDCookieName,SessionDBDCookieName2,SessionDBDCookieRemove,SessionDBDDeleteLabel,SessionDBDInsertLabel,SessionDBDPerUser,SessionDBDSelectLabel,SessionDBDUpdateLabel,SessionEnv,SessionExclude,SessionHeader,SessionInclude,SessionMaxAge,SetEnv,SetEnvIf,SetEnvIfExpr,SetEnvIfNoCase,SetHandler,SetInputFilter,SetOutputFilter,SSIEndTag,SSIErrorMsg,SSIETag,SSILastModified,SSILegacyExprParser,SSIStartTag,SSITimeFormat,SSIUndefinedEcho,SSLCACertificateFile,SSLCACertificatePath,SSLCADNRequestFile,SSLCADNRequestPath,SSLCARevocationCheck,SSLCARevocationFile,SSLCARevocationPath,SSLCertificateChainFile,SSLCertificateFile,SSLCertificateKeyFile,SSLCipherSuite,SSLCryptoDevice,SSLEngine,SSLFIPS,SSLHonorCipherOrder,SSLInsecureRenegotiation,SSLOCSPDefaultResponder,SSLOCSPEnable,SSLOCSPOverrideResponder,SSLOCSPResponderTimeout,SSLOCSPResponseMaxAge,SSLOCSPResponseTimeSkew,SSLOptions,SSLPassPhraseDialog,SSLProtocol,SSLProxyCACertificateFile,SSLProxyCACertificatePath,SSLProxyCARevocationCheck,SSLProxyCARevocationFile,SSLProxyCARevocationPath,SSLProxyCheckPeerCN,SSLProxyCheckPeerExpire,SSLProxyCipherSuite,SSLProxyEngine,SSLProxyMachineCertificateChainFile,SSLProxyMachineCertificateFile,SSLProxyMachineCertificatePath,SSLProxyProtocol,SSLProxyVerify,SSLProxyVerifyDepth,SSLRandomSeed,SSLRenegBufferSize,SSLRequire,SSLRequireSSL,SSLSessionCache,SSLSessionCacheTimeout,SSLSessionTicketKeyFile,SSLStaplingCache,SSLStaplingErrorCacheTimeout,SSLStaplingFakeTryLater,SSLStaplingForceURL,SSLStaplingResponderTimeout,SSLStaplingResponseMaxAge,SSLStaplingResponseTimeSkew,SSLStaplingReturnResponderErrors,SSLStaplingStandardCacheTimeout,SSLStrictSNIVHostCheck,SSLUserName,SSLUseStapling,SSLVerifyClient,SSLVerifyDepth,StartServers,StartThreads,Substitute,Suexec,SuexecUserGroup,ThreadLimit,ThreadsPerChild,ThreadStackSize,TimeOut,TraceEnable,TransferLog,TypesConfig,UnDefine,UnsetEnv,UseCanonicalName,UseCanonicalPhysicalPort,User,UserDir,VHostCGIMode,VHostCGIPrivs,VHostGroup,VHostPrivs,VHostSecure,VHostUser,VirtualDocumentRoot,VirtualDocumentRootIP,<VirtualHost>,VirtualScriptAlias,VirtualScriptAliasIP,WatchdogInterval,XBitHack,xml2EncAlias,xml2EncDefault,xml2StartParse,RewriteLog,RewriteLogLevel"];
136	var CONFIG_OPTIONS = /^[\\+\\-]?(AuthConfig\|IncludesNOEXEC\|ExecCGI\|FollowSymLinks\|MultiViews\|Includes\|Indexes\|SymLinksIfOwnerMatch)\b/i;	136	var CONFIG_OPTIONS = /^[\\+\\-]?(AuthConfig\|IncludesNOEXEC\|ExecCGI\|FollowSymLinks\|MultiViews\|Includes\|Indexes\|SymLinksIfOwnerMatch)\b/i;
137	var ALL_KEYWORDS = [	137	var ALL_KEYWORDS = [
138	CPP_KEYWORDS, CSHARP_KEYWORDS, JSCRIPT_KEYWORDS, PERL_KEYWORDS +	138	CPP_KEYWORDS, CSHARP_KEYWORDS, JSCRIPT_KEYWORDS, PERL_KEYWORDS +

Lines 113-118 typedef struct util_ldap_connection_t { Link Here

(-)a/include/util_ldap.h (-2 / +3 lines)
113		113
114	const char binddn; / DN to bind to server (can be NULL) */	114	const char binddn; / DN to bind to server (can be NULL) */
115	const char bindpw; / Password to bind to server (can be NULL) */	115	const char bindpw; / Password to bind to server (can be NULL) */
		116	const char bindsaslmech; / SASL Mechanism to use for server bind (can be NULL) */
116		117
117	int bound; /* Flag to indicate whether this connection is bound yet */	118	int bound; /* Flag to indicate whether this connection is bound yet */
118		119
Lines 238-245 APR_DECLARE_OPTIONAL_FN(apr_status_t,uldap_connection_unbind,(void *param)); Link Here
238	* int netscapessl, int starttls)	239	* int netscapessl, int starttls)
239	*/	240	*/
240	APR_DECLARE_OPTIONAL_FN(util_ldap_connection_t ,uldap_connection_find,(request_rec r, const char *host, int port,	241	APR_DECLARE_OPTIONAL_FN(util_ldap_connection_t ,uldap_connection_find,(request_rec r, const char *host, int port,
241	const char binddn, const char bindpw, deref_options deref,	242	const char binddn, const char bindpw, const char *bindsaslmech,
242	int secure));	243	deref_options deref, int secure));
243		244
244	/**	245	/**
245	* Compare two DNs for sameness	246	* Compare two DNs for sameness




    deref_options deref;            /* how to handle alias dereferening */
    char *binddn;                   /* DN to bind to server (can be NULL) */
    char *bindpw;                   /* Password to bind to server (can be NULL) */
    char *bindsaslmech;             /* SASL Mechanism to use for server bind (can be NULL) */
    int bind_authoritative;         /* If true, will return errors when bind fails */

    int user_is_dn;                 /* If true, connection->user is DN instead of userid */

    sec->host = NULL;
    sec->binddn = NULL;
    sec->bindpw = NULL;
    sec->bindsaslmech = NULL;
    sec->bind_authoritative = 1;
    sec->deref = always;
    sec->group_attrib_is_dn = 1;


    char *binddn = sec->binddn;
    char *bindpw = sec->bindpw;
    char *bindsaslmech = sec->bindsaslmech;

    /* If the per-request config isn't set, we didn't authenticate this user, and leave the default credentials */
    if (req && req->password &&

          (type == LDAP_COMPARE_AND_SEARCH && sec->compare_as_user && sec->search_as_user))){
            binddn = req->dn;
            bindpw = req->password;
            bindsaslmech = NULL;
    }

    return util_ldap_connection_find(r, sec->host, sec->port,
                                     binddn, bindpw, bindsaslmech,
                                     sec->deref, sec->secure);
}
/*

    if (sec->host) {
        const char *binddn = sec->binddn;
        const char *bindpw = sec->bindpw;
        const char *bindsaslmech = sec->bindsaslmech;
        if (sec->initial_bind_as_user) {
            bindpw = password;
            binddn = ldap_determine_binddn(r, user);
            bindsaslmech = NULL;
        }

        ldc = util_ldap_connection_find(r, sec->host, sec->port,
                                       binddn, bindpw, bindsaslmech,
                                       sec->deref, sec->secure);
    }
    else {

    AP_INIT_TAKE1("AuthLDAPBindPassword", set_bind_password, NULL, OR_AUTHCFG,
                  "Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),

    AP_INIT_TAKE1("AuthLDAPBindSASLMech", ap_set_string_slot,
                  (void *)APR_OFFSETOF(authn_ldap_config_t, bindsaslmech), OR_AUTHCFG,
                  "SASL Mechanism to use to bind to LDAP server. If not provided, simple authentication will be done."),

    AP_INIT_FLAG("AuthLDAPBindAuthoritative", ap_set_flag_slot,
                  (void *)APR_OFFSETOF(authn_ldap_config_t, bind_authoritative), OR_AUTHCFG,
                  "Set to 'on' to return failures when user-specific bind fails - defaults to on."),




}

/*
 * SASL credentials conversation function. Does nothing really useful yet,
 * is around just because it is required.
 *
 * Always returns LDAP_SUCCESS
 */

static int uldap_sasl_interact(LDAP *ld,
                               unsigned flags,
                               void *defaults,
                               void *sasl_interact)
{
    return LDAP_SUCCESS;
}

/*
 * Replacement function for ldap_simple_bind_s() with a timeout.
 * To do this in a portable way, we have to use ldap_simple_bind() and
 * ldap_result().
 *
 * Returns LDAP_SUCCESS on success; and an error code on failure
 */
static int uldap_bind(util_ldap_connection_t *ldc, char *binddn,
                      char* bindpw, char *bindsaslmech,
                      struct timeval *timeout)
{
    LDAPMessage *result;
    int rc;

    if (bindsaslmech) {
        rc = ldap_sasl_interactive_bind_s(ldc->ldap, binddn, bindsaslmech,
                                          NULL, NULL, LDAP_SASL_QUIET,
                                          uldap_sasl_interact, NULL);
        if (rc == -1) {
            ldc->reason = "LDAP: ldap_sasl_interactive_bind_s() failed";
            /* -1 is LDAP_SERVER_DOWN in openldap, use something else */
            return uldap_ld_errno(ldc);
        }
    } else {
        LDAPMessage *result;
        int msgid;

        msgid = ldap_simple_bind(ldc->ldap, binddn, bindpw);
        if (msgid == -1) {
            ldc->reason = "LDAP: ldap_simple_bind() failed";
            return uldap_ld_errno(ldc);
        }
        rc = ldap_result(ldc->ldap, msgid, 0, timeout, &result);
        if (rc == -1) {
            ldc->reason = "LDAP: ldap_simple_bind() result retrieval failed";
            /* -1 is LDAP_SERVER_DOWN in openldap, use something else */
            return uldap_ld_errno(ldc);
        } else if (rc == 0) {
            ldc->reason = "LDAP: ldap_simple_bind() timed out";
            rc = LDAP_TIMEOUT;
        } else if (ldap_parse_result(ldc->ldap, result, &rc, NULL, NULL, NULL,
                                     NULL, 1) == -1) {
            ldc->reason = "LDAP: ldap_simple_bind() parse result failed";
            return uldap_ld_errno(ldc);
        }
    }

    ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp bind", ldc);
    return rc;
}


        if (failures > 0 && st->retry_delay > 0) {
            apr_sleep(st->retry_delay);
        }
        rc = uldap_bind(ldc, (char *)ldc->binddn, (char *)ldc->bindpw,
                        (char *)ldc->bindsaslmech, st->opTimeout);

        if (rc == LDAP_SUCCESS) break;


    if (LDAP_SUCCESS != rc)
    {
        uldap_connection_unbind(ldc);
        ldc->reason = "LDAP: bind failed";
    }
    else {
        ldc->bound = 1;

            uldap_connection_find(request_rec *r,
                                  const char *host, int port,
                                  const char *binddn, const char *bindpw,
                                  const char *bindsaslmech,
                                  deref_options deref, int secure)
{
    struct util_ldap_connection_t *l, *p; /* To traverse the linked list */

                                             && !strcmp(l->binddn, binddn)))
            && ((!l->bindpw && !bindpw) || (l->bindpw && bindpw
                                             && !strcmp(l->bindpw, bindpw)))
            && ((!l->bindsaslmech && !bindsaslmech) || (l->bindsaslmech && bindsaslmech
                                             && !strcmp(l->bindsaslmech, bindsaslmech)))
            && (l->deref == deref) && (l->secure == secureflag)
            && !compare_client_certs(dc->client_certs, l->client_certs))
        {

                l->must_rebind = 1;
                util_ldap_strdup((char**)&(l->binddn), binddn);
                util_ldap_strdup((char**)&(l->bindpw), bindpw);
                util_ldap_strdup((char**)&(l->bindsaslmech), bindsaslmech);
                break;
            }
#if APR_HAS_THREADS

        l->deref = deref;
        util_ldap_strdup((char**)&(l->binddn), binddn);
        util_ldap_strdup((char**)&(l->bindpw), bindpw);
        util_ldap_strdup((char**)&(l->bindsaslmech), bindsaslmech);
        l->ChaseReferrals = dc->ChaseReferrals;
        l->ReferralHopLimit = dc->ReferralHopLimit;


     * fails, it means that the password is wrong (the dn obviously
     * exists, since we just retrieved it)
     */
    result = uldap_bind(ldc, (char *)*binddn, (char *)bindpw, NULL,
                        st->opTimeout);
    if (AP_LDAP_IS_SERVER_DOWN(result) ||
        (result == LDAP_TIMEOUT && failures == 0)) {
        if (AP_LDAP_IS_SERVER_DOWN(result))
- 

Return to bug 55178

Lines 59-64 typedef struct { Link Here

(-)a/modules/aaa/mod_authnz_ldap.c (-2 / +12 lines)
59	deref_options deref; /* how to handle alias dereferening */	59	deref_options deref; /* how to handle alias dereferening */
60	char binddn; / DN to bind to server (can be NULL) */	60	char binddn; / DN to bind to server (can be NULL) */
61	char bindpw; / Password to bind to server (can be NULL) */	61	char bindpw; / Password to bind to server (can be NULL) */
		62	char bindsaslmech; / SASL Mechanism to use for server bind (can be NULL) */
62	int bind_authoritative; /* If true, will return errors when bind fails */	63	int bind_authoritative; /* If true, will return errors when bind fails */
63		64
64	int user_is_dn; /* If true, connection->user is DN instead of userid */	65	int user_is_dn; /* If true, connection->user is DN instead of userid */
Lines 344-349 static void create_authnz_ldap_dir_config(apr_pool_t p, char *d) Link Here
344	sec->host = NULL;	345	sec->host = NULL;
345	sec->binddn = NULL;	346	sec->binddn = NULL;
346	sec->bindpw = NULL;	347	sec->bindpw = NULL;
		348	sec->bindsaslmech = NULL;
347	sec->bind_authoritative = 1;	349	sec->bind_authoritative = 1;
348	sec->deref = always;	350	sec->deref = always;
349	sec->group_attrib_is_dn = 1;	351	sec->group_attrib_is_dn = 1;
Lines 439-444 static util_ldap_connection_t get_connection_for_authz(request_rec r, enum aut Link Here
439		441
440	char *binddn = sec->binddn;	442	char *binddn = sec->binddn;
441	char *bindpw = sec->bindpw;	443	char *bindpw = sec->bindpw;
		444	char *bindsaslmech = sec->bindsaslmech;
442		445
443	/* If the per-request config isn't set, we didn't authenticate this user, and leave the default credentials */	446	/* If the per-request config isn't set, we didn't authenticate this user, and leave the default credentials */
444	if (req && req->password &&	447	if (req && req->password &&
Lines 447-456 static util_ldap_connection_t get_connection_for_authz(request_rec r, enum aut Link Here
447	(type == LDAP_COMPARE_AND_SEARCH && sec->compare_as_user && sec->search_as_user))){	450	(type == LDAP_COMPARE_AND_SEARCH && sec->compare_as_user && sec->search_as_user))){
448	binddn = req->dn;	451	binddn = req->dn;
449	bindpw = req->password;	452	bindpw = req->password;
		453	bindsaslmech = NULL;
450	}	454	}
451		455
452	return util_ldap_connection_find(r, sec->host, sec->port,	456	return util_ldap_connection_find(r, sec->host, sec->port,
453	binddn, bindpw,	457	binddn, bindpw, bindsaslmech,
454	sec->deref, sec->secure);	458	sec->deref, sec->secure);
455	}	459	}
456	/*	460	/*
Lines 497-509 static authn_status authn_ldap_check_password(request_rec r, const char user, Link Here
497	if (sec->host) {	501	if (sec->host) {
498	const char *binddn = sec->binddn;	502	const char *binddn = sec->binddn;
499	const char *bindpw = sec->bindpw;	503	const char *bindpw = sec->bindpw;
		504	const char *bindsaslmech = sec->bindsaslmech;
500	if (sec->initial_bind_as_user) {	505	if (sec->initial_bind_as_user) {
501	bindpw = password;	506	bindpw = password;
502	binddn = ldap_determine_binddn(r, user);	507	binddn = ldap_determine_binddn(r, user);
		508	bindsaslmech = NULL;
503	}	509	}
504		510
505	ldc = util_ldap_connection_find(r, sec->host, sec->port,	511	ldc = util_ldap_connection_find(r, sec->host, sec->port,
506	binddn, bindpw,	512	binddn, bindpw, bindsaslmech,
507	sec->deref, sec->secure);	513	sec->deref, sec->secure);
508	}	514	}
509	else {	515	else {
Lines 1621-1626 static const command_rec authnz_ldap_cmds[] = Link Here
1621	AP_INIT_TAKE1("AuthLDAPBindPassword", set_bind_password, NULL, OR_AUTHCFG,	1627	AP_INIT_TAKE1("AuthLDAPBindPassword", set_bind_password, NULL, OR_AUTHCFG,
1622	"Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),	1628	"Password to use to bind to LDAP server. If not provided, will do an anonymous bind."),
1623		1629
		1630	AP_INIT_TAKE1("AuthLDAPBindSASLMech", ap_set_string_slot,
		1631	(void *)APR_OFFSETOF(authn_ldap_config_t, bindsaslmech), OR_AUTHCFG,
		1632	"SASL Mechanism to use to bind to LDAP server. If not provided, simple authentication will be done."),
		1633
1624	AP_INIT_FLAG("AuthLDAPBindAuthoritative", ap_set_flag_slot,	1634	AP_INIT_FLAG("AuthLDAPBindAuthoritative", ap_set_flag_slot,
1625	(void *)APR_OFFSETOF(authn_ldap_config_t, bind_authoritative), OR_AUTHCFG,	1635	(void *)APR_OFFSETOF(authn_ldap_config_t, bind_authoritative), OR_AUTHCFG,
1626	"Set to 'on' to return failures when user-specific bind fails - defaults to on."),	1636	"Set to 'on' to return failures when user-specific bind fails - defaults to on."),

Lines 490-528 static int uldap_ld_errno(util_ldap_connection_t *ldc) Link Here

(-)a/modules/ldap/util_ldap.c (-32 / +63 lines)
490	}	490	}
491		491
492	/*	492	/*
		493	* SASL credentials conversation function. Does nothing really useful yet,
		494	* is around just because it is required.
		495	*
		496	* Always returns LDAP_SUCCESS
		497	*/
		498
		499	static int uldap_sasl_interact(LDAP *ld,
		500	unsigned flags,
		501	void *defaults,
		502	void *sasl_interact)
		503	{
		504	return LDAP_SUCCESS;
		505	}
		506
		507	/*
493	* Replacement function for ldap_simple_bind_s() with a timeout.	508	* Replacement function for ldap_simple_bind_s() with a timeout.
494	* To do this in a portable way, we have to use ldap_simple_bind() and	509	* To do this in a portable way, we have to use ldap_simple_bind() and
495	* ldap_result().	510	* ldap_result().
496	*	511	*
497	* Returns LDAP_SUCCESS on success; and an error code on failure	512	* Returns LDAP_SUCCESS on success; and an error code on failure
498	*/	513	*/
499	static int uldap_simple_bind(util_ldap_connection_t ldc, char binddn,	514	static int uldap_bind(util_ldap_connection_t ldc, char binddn,
500	char* bindpw, struct timeval *timeout)	515	char* bindpw, char *bindsaslmech,
		516	struct timeval *timeout)
501	{	517	{
502	LDAPMessage *result;
503	int rc;	518	int rc;
504	int msgid = ldap_simple_bind(ldc->ldap, binddn, bindpw);	519
505	if (msgid == -1) {	520	if (bindsaslmech) {
506	ldc->reason = "LDAP: ldap_simple_bind() failed";	521	rc = ldap_sasl_interactive_bind_s(ldc->ldap, binddn, bindsaslmech,
507	return uldap_ld_errno(ldc);	522	NULL, NULL, LDAP_SASL_QUIET,
508	}	523	uldap_sasl_interact, NULL);
509	rc = ldap_result(ldc->ldap, msgid, 0, timeout, &result);	524	if (rc == -1) {
510	if (rc == -1) {	525	ldc->reason = "LDAP: ldap_sasl_interactive_bind_s() failed";
511	ldc->reason = "LDAP: ldap_simple_bind() result retrieval failed";	526	/* -1 is LDAP_SERVER_DOWN in openldap, use something else */
512	/* -1 is LDAP_SERVER_DOWN in openldap, use something else */	527	return uldap_ld_errno(ldc);
513	return uldap_ld_errno(ldc);	528	}
514	}	529	} else {
515	else if (rc == 0) {	530	LDAPMessage *result;
516	ldc->reason = "LDAP: ldap_simple_bind() timed out";	531	int msgid;
517	rc = LDAP_TIMEOUT;	532
518	} else if (ldap_parse_result(ldc->ldap, result, &rc, NULL, NULL, NULL,	533	msgid = ldap_simple_bind(ldc->ldap, binddn, bindpw);
519	NULL, 1) == -1) {	534	if (msgid == -1) {
520	ldc->reason = "LDAP: ldap_simple_bind() parse result failed";	535	ldc->reason = "LDAP: ldap_simple_bind() failed";
521	return uldap_ld_errno(ldc);	536	return uldap_ld_errno(ldc);
522	}	537	}
523	else {	538	rc = ldap_result(ldc->ldap, msgid, 0, timeout, &result);
524	ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp bind", ldc);	539	if (rc == -1) {
525	}	540	ldc->reason = "LDAP: ldap_simple_bind() result retrieval failed";
		541	/* -1 is LDAP_SERVER_DOWN in openldap, use something else */
		542	return uldap_ld_errno(ldc);
		543	} else if (rc == 0) {
		544	ldc->reason = "LDAP: ldap_simple_bind() timed out";
		545	rc = LDAP_TIMEOUT;
		546	} else if (ldap_parse_result(ldc->ldap, result, &rc, NULL, NULL, NULL,
		547	NULL, 1) == -1) {
		548	ldc->reason = "LDAP: ldap_simple_bind() parse result failed";
		549	return uldap_ld_errno(ldc);
		550	}
		551	}
		552
		553	ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp bind", ldc);
526	return rc;	554	return rc;
527	}	555	}
528		556
Lines 585-592 static int uldap_connection_open(request_rec *r, Link Here
585	if (failures > 0 && st->retry_delay > 0) {	613	if (failures > 0 && st->retry_delay > 0) {
586	apr_sleep(st->retry_delay);	614	apr_sleep(st->retry_delay);
587	}	615	}
588	rc = uldap_simple_bind(ldc, (char )ldc->binddn, (char )ldc->bindpw,	616	rc = uldap_bind(ldc, (char )ldc->binddn, (char )ldc->bindpw,
589	st->opTimeout);	617	(char *)ldc->bindsaslmech, st->opTimeout);
590		618
591	if (rc == LDAP_SUCCESS) break;	619	if (rc == LDAP_SUCCESS) break;
592		620
Lines 625-631 static int uldap_connection_open(request_rec *r, Link Here
625	if (LDAP_SUCCESS != rc)	653	if (LDAP_SUCCESS != rc)
626	{	654	{
627	uldap_connection_unbind(ldc);	655	uldap_connection_unbind(ldc);
628	ldc->reason = "LDAP: ldap_simple_bind() failed";	656	ldc->reason = "LDAP: bind failed";
629	}	657	}
630	else {	658	else {
631	ldc->bound = 1;	659	ldc->bound = 1;
Lines 690-695 static util_ldap_connection_t * Link Here
690	uldap_connection_find(request_rec *r,	718	uldap_connection_find(request_rec *r,
691	const char *host, int port,	719	const char *host, int port,
692	const char binddn, const char bindpw,	720	const char binddn, const char bindpw,
		721	const char *bindsaslmech,
693	deref_options deref, int secure)	722	deref_options deref, int secure)
694	{	723	{
695	struct util_ldap_connection_t l, p; /* To traverse the linked list */	724	struct util_ldap_connection_t l, p; /* To traverse the linked list */
Lines 723-728 static util_ldap_connection_t * Link Here
723	&& !strcmp(l->binddn, binddn)))	752	&& !strcmp(l->binddn, binddn)))
724	&& ((!l->bindpw && !bindpw) \|\| (l->bindpw && bindpw	753	&& ((!l->bindpw && !bindpw) \|\| (l->bindpw && bindpw
725	&& !strcmp(l->bindpw, bindpw)))	754	&& !strcmp(l->bindpw, bindpw)))
		755	&& ((!l->bindsaslmech && !bindsaslmech) \|\| (l->bindsaslmech && bindsaslmech
		756	&& !strcmp(l->bindsaslmech, bindsaslmech)))
726	&& (l->deref == deref) && (l->secure == secureflag)	757	&& (l->deref == deref) && (l->secure == secureflag)
727	&& !compare_client_certs(dc->client_certs, l->client_certs))	758	&& !compare_client_certs(dc->client_certs, l->client_certs))
728	{	759	{
Lines 782-788 static util_ldap_connection_t * Link Here
782	l->must_rebind = 1;	813	l->must_rebind = 1;
783	util_ldap_strdup((char**)&(l->binddn), binddn);	814	util_ldap_strdup((char**)&(l->binddn), binddn);
784	util_ldap_strdup((char**)&(l->bindpw), bindpw);	815	util_ldap_strdup((char**)&(l->bindpw), bindpw);
785		816	util_ldap_strdup((char**)&(l->bindsaslmech), bindsaslmech);
786	break;	817	break;
787	}	818	}
788	#if APR_HAS_THREADS	819	#if APR_HAS_THREADS
Lines 834-839 static util_ldap_connection_t * Link Here
834	l->deref = deref;	865	l->deref = deref;
835	util_ldap_strdup((char**)&(l->binddn), binddn);	866	util_ldap_strdup((char**)&(l->binddn), binddn);
836	util_ldap_strdup((char**)&(l->bindpw), bindpw);	867	util_ldap_strdup((char**)&(l->bindpw), bindpw);
		868	util_ldap_strdup((char**)&(l->bindsaslmech), bindsaslmech);
837	l->ChaseReferrals = dc->ChaseReferrals;	869	l->ChaseReferrals = dc->ChaseReferrals;
838	l->ReferralHopLimit = dc->ReferralHopLimit;	870	l->ReferralHopLimit = dc->ReferralHopLimit;
839		871
Lines 1779-1786 start_over: Link Here
1779	* fails, it means that the password is wrong (the dn obviously	1811	* fails, it means that the password is wrong (the dn obviously
1780	* exists, since we just retrieved it)	1812	* exists, since we just retrieved it)
1781	*/	1813	*/
1782	result = uldap_simple_bind(ldc, (char )binddn, (char *)bindpw,	1814	result = uldap_bind(ldc, (char )binddn, (char *)bindpw, NULL,
1783	st->opTimeout);	1815	st->opTimeout);
1784	if (AP_LDAP_IS_SERVER_DOWN(result) \|\|	1816	if (AP_LDAP_IS_SERVER_DOWN(result) \|\|
1785	(result == LDAP_TIMEOUT && failures == 0)) {	1817	(result == LDAP_TIMEOUT && failures == 0)) {
1786	if (AP_LDAP_IS_SERVER_DOWN(result))	1818	if (AP_LDAP_IS_SERVER_DOWN(result))
1787	-