Bug 42557

Summary: Missing parameter to control LDAP referral chasing
Product: Apache httpd-2 Reporter: Massimiliano Calandrelli <massimiliano.calandrelli>
Component: mod_ldapAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED DUPLICATE    
Severity: enhancement CC: massimiliano.calandrelli
Priority: P2 Keywords: PatchAvailable
Version: 2.2.4   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Proposed patch to enhance functionality

Description Massimiliano Calandrelli 2007-05-31 08:37:46 UTC 
Referral chasing is an optional feature of a LDAP connection. Maybe because of a
buggy openldap library, maybe because of mod_ldap behaviour, referrals are
chased without a bind DN, even if specified in apache config files.
This leads to an error code 1 returned from LDAP library code to mod_ldap, which
in turn gives up searching the user.
Since Active Directory integration becomes impossible (AD always send referrals)
unless you can turn it off.
This change allows to do so without changing system-wide or user-related
defaults, adding the configuration flag "LDAPChaseReferrals" and the code to
handle it.
Comment 1 Massimiliano Calandrelli 2007-05-31 08:39:27 UTC 
Created attachment 20300 [details]
Proposed patch to enhance functionality
Comment 2 Paul J. Reder 2008-01-23 10:23:41 UTC 
This has been fixed in httpd trunk. Support for the rebind callback was added so
that proper credentials would be returned on a non-anonymous bind while chasing
referrals. Two new directives control the use of this feature. LDAPReferrals
[On|Off] determines if chasing referrals is supported. LDAPReferralHopLimit ##
specifies the maximum number of referral rebind hops that will be chased before
giving up on the search.

*** This bug has been marked as a duplicate of 40268 ***