Bug 36564

Summary: make mod_ldap really universal
Product: Apache httpd-2 Reporter: Ondrej Sury <ondrej>
Component: mod_ldapAssignee: Apache HTTPD Bugs Mailing List <bugs>
Severity: enhancement Keywords: MassUpdate
Priority: P5    
Version: 2.0.54   
Target Milestone: ---   
Hardware: Other   
OS: other   
URL: http://modvhostldap.alioth.debian.org/

Description Ondrej Sury 2005-09-08 21:56:12 UTC

documentation for mod_ldap says:
--cut here--
LDAP connection pooling and result caching services for use by other LDAP modules
This module was created to improve the performance of websites relying on
backend connections to LDAP servers. In addition to the functions provided by
the standard LDAP libraries, this module adds an LDAP connection pool and an
LDAP shared memory cache.
--cut here--

But the truth is that mod_ldap is specialized to supply functions for
mod_auth_ldap and doesn't have any universal function with other modules can use.

Therefor I had to abuse util_ldap_cache_getuserdn, while I am really looking up
for virtual host from LDAP:

--cut here--
    apr_snprintf(filtbuf, FILTER_LENGTH,
"(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", cfg->filter,
r->hostname, r->hostname);

    result = util_ldap_cache_getuserdn(r, ldc, cfg->url, cfg->basedn,
cfg->scope, attributes, filtbuf, &dn, &vals);
--cut here--

This is ugly, because error messages could get quite confusing.

I hope we can agree that this should be improved to create more universal
function (util_ldap_cache_find?) and change util_ldap_cache_getuserdn to use
this more universal function.

Comment 1 Brad Nicholes 2005-09-08 22:42:08 UTC
   I'm not sure what it is that you would want to enhance.  The API name might 
be a little misleading for your purpose but the functionality is still exactly 
what you want, isn't it?  Wouldn't the implementation of util_ldap_cache_find 
just end up being:

LDAP_DECLARE(int) util_ldap_cache_find(request_rec *r, 
util_ldap_connection_t *ldc, const char *url, const char *basedn, 
int scope, char **attrs, const char *filter, const char **binddn,
const char ***retvals)

  return util_ldap_cache_getuserdn(r, ldc, url, basedn, scope, attrs, 
   filter, binddn, retvals);
Comment 2 Ondrej Sury 2005-09-08 22:57:19 UTC
You're right that it's pure cosmetic issue, I am merely talking about these lines:

util_ldap.c:1057 ldc->reason = "ldap_search_ext_s() for user failed with server
util_ldap.c:1064 ldc->reason = "ldap_search_ext_s() for user failed";
util_ldap.c:1076 ldc->reason = "User not found";
util_ldap.c:1078 ldc->reason = "User is not unique (search found two or more

Maybe simple replace user to entry will do the trick? (I think snprintf warnings
are overkill :-)

I thought about:
renaming util_ldap_cache_getuserdn to util_ldap_cache_find, replacing user to
entry and creating:

LDAP_DECLARE(int) util_ldap_cache_userdn(request_rec *r, 
util_ldap_connection_t *ldc, const char *url, const char *basedn, 
int scope, char **attrs, const char *filter, const char **binddn,
const char ***retvals)

  return util_ldap_cache_find(r, ldc, url, basedn, scope, attrs, 
   filter, binddn, retvals);

In fact it's just my feeling doing something wrong when using getuserdn, so I
would welcome to clean it a bit, but I would not protest if you just close it as
  WONTFIX bug.

Comment 3 William A. Rowe Jr. 2018-11-07 21:09:55 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.