sec->frontpage_hack = 0;
*/
- sec->secure = 0;
+ sec->secure = -1; /*Initialize to unset*/
sec->user_is_dn = 0;
sec->compare_dn_on_server = 0;
*/
static const char *mod_auth_ldap_parse_url(cmd_parms *cmd,
void *config,
- const char *url)
+ const char *url,
+ const char *mode)
{
int rc;
apr_ldap_url_desc_t *urld;
sec->filter = "objectclass=*";
}
+ if (mode) {
+ if (0 == strcasecmp("NONE", mode)) {
+ sec->secure = APR_LDAP_NONE;
+ }
+ else if (0 == strcasecmp("SSL", mode)) {
+ sec->secure = APR_LDAP_SSL;
+ }
+ else if (0 == strcasecmp("TLS", mode) || 0 == strcasecmp("STARTTLS", mode)) {
+ sec->secure = APR_LDAP_STARTTLS;
+ }
+ else {
+ return "Invalid LDAP connection mode setting: must be one of NONE, "
+ "SSL, or TLS/STARTTLS";
+ }
+ }
+
/* "ldaps" indicates secure ldap connections desired
*/
if (strncasecmp(url, "ldaps", 5) == 0)
{
- sec->secure = 1;
+ sec->secure = APR_LDAP_SSL;
sec->port = urld->lud_port? urld->lud_port : LDAPS_PORT;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
"LDAP: auth_ldap using SSL connections");
}
else
{
- sec->secure = 0;
sec->port = urld->lud_port? urld->lud_port : LDAP_PORT;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server,
"LDAP: auth_ldap not using SSL connections");
}
sec->have_ldap_url = 1;
+
return NULL;
}
static const command_rec authnz_ldap_cmds[] =
{
- AP_INIT_TAKE1("AuthLDAPURL", mod_auth_ldap_parse_url, NULL, OR_AUTHCFG,
+ AP_INIT_TAKE12("AuthLDAPURL", mod_auth_ldap_parse_url, NULL, OR_AUTHCFG,
"URL to define LDAP connection. This should be an RFC 2255 complaint\n"
"URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n"
"<ul>\n"
&(result));
- if (result != NULL) {
+ if (result != NULL && result->rc) {
ldc->reason = result->reason;
}
const char *binddn, const char *bindpw,
deref_options deref, int secure) {
struct util_ldap_connection_t *l, *p; /* To traverse the linked list */
+ int secureflag = secure;
util_ldap_state_t *st =
(util_ldap_state_t *)ap_get_module_config(r->server->module_config,
apr_thread_mutex_lock(st->mutex);
#endif
+ if (secure < APR_LDAP_NONE) {
+ secureflag = st->secure;
+ }
+
/* Search for an exact connection match in the list that is not
* being used.
*/
if ((l->port == port) && (strcmp(l->host, host) == 0) &&
((!l->binddn && !binddn) || (l->binddn && binddn && !strcmp(l->binddn, binddn))) &&
((!l->bindpw && !bindpw) || (l->bindpw && bindpw && !strcmp(l->bindpw, bindpw))) &&
- (l->deref == deref) && (l->secure == secure) &&
+ (l->deref == deref) && (l->secure == secureflag) &&
!compare_client_certs(st->client_certs, l->client_certs)) {
break;
#endif
if ((l->port == port) && (strcmp(l->host, host) == 0) &&
- (l->deref == deref) && (l->secure == secure) &&
+ (l->deref == deref) && (l->secure == secureflag) &&
!compare_client_certs(st->client_certs, l->client_certs)) {
/* the bind credentials have changed */
* If the security setting is NONE, override it to the security
* setting optionally supplied by the admin using LDAPTrustedMode
*/
- l->secure = (APR_LDAP_NONE == secure) ?
- st->secure :
- secure;
+ l->secure = secureflag;
/* save away a copy of the client cert list that is presently valid */
l->client_certs = apr_array_copy_hdr(l->pool, st->client_certs);
projects / apache / commitdiff