Bug 42557 - Missing parameter to control LDAP referral chasing
Summary: Missing parameter to control LDAP referral chasing
Status: RESOLVED DUPLICATE of bug 40268
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ldap (show other bugs)
Version: 2.2.4
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: PatchAvailable
Depends on:
Reported: 2007-05-31 08:37 UTC by Massimiliano Calandrelli
Modified: 2008-01-23 10:23 UTC (History)
1 user (show)

Proposed patch to enhance functionality (2.98 KB, patch)
2007-05-31 08:39 UTC, Massimiliano Calandrelli
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Massimiliano Calandrelli 2007-05-31 08:37:46 UTC
Referral chasing is an optional feature of a LDAP connection. Maybe because of a
buggy openldap library, maybe because of mod_ldap behaviour, referrals are
chased without a bind DN, even if specified in apache config files.
This leads to an error code 1 returned from LDAP library code to mod_ldap, which
in turn gives up searching the user.
Since Active Directory integration becomes impossible (AD always send referrals)
unless you can turn it off.
This change allows to do so without changing system-wide or user-related
defaults, adding the configuration flag "LDAPChaseReferrals" and the code to
handle it.
Comment 1 Massimiliano Calandrelli 2007-05-31 08:39:27 UTC
Created attachment 20300 [details]
Proposed patch to enhance functionality
Comment 2 Paul J. Reder 2008-01-23 10:23:41 UTC
This has been fixed in httpd trunk. Support for the rebind callback was added so
that proper credentials would be returned on a non-anonymous bind while chasing
referrals. Two new directives control the use of this feature. LDAPReferrals
[On|Off] determines if chasing referrals is supported. LDAPReferralHopLimit ##
specifies the maximum number of referral rebind hops that will be chased before
giving up on the search.

*** This bug has been marked as a duplicate of 40268 ***