<li><img alt="" src="../images/down.gif" /> <a href="#ldapcacheentries">LDAPCacheEntries</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ldapcachettl">LDAPCacheTTL</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ldapconnectiontimeout">LDAPConnectionTimeout</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ldaplibrarydebug">LDAPLibraryDebug</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ldapopcacheentries">LDAPOpCacheEntries</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ldapopcachettl">LDAPOpCacheTTL</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ldapreferralhoplimit">LDAPReferralHopLimit</a></li>
returned or the module will attempt to connect to a secondary LDAP
server if one is specified. The default is 10 seconds.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPLibraryDebug" id="LDAPLibraryDebug">LDAPLibraryDebug</a> <a name="ldaplibrarydebug" id="ldaplibrarydebug">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable debugging in the LDAP SDK</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPLibraryDebug <var>7</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>disabled</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+ <p>Turns on SDK-specific LDAP debug options that generally cause the LDAP
+ SDK to log verbose trace information to the main Apache error log.
+ The trace messages from the LDAP SDK provide gory details that
+ can be useful during debugging of connectivity problems with backeld LDAP servers</p>
+
+ <p>This option is only configurable when Apache HTTP Server is linked with
+ an LDAP SDK that implements <code>LDAP_OPT_DEBUG</code> or
+ <code>LDAP_OPT_DEBUG_LEVEL</code>, such as OpenLDAP (a value of 7 is verbose)
+ or Tivoli Directory Server (a value of 65535 is verbose).</p>
+
+ <div class="warning">
+ <p>The logged information will likely contain plaintext credentials being used or
+ validated by LDAP authentication, so care should be taken in protecting and purging
+ the error log when this directive is used.</p>
+ </div>
+
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LDAPOpCacheEntries" id="LDAPOpCacheEntries">LDAPOpCacheEntries</a> <a name="ldapopcacheentries" id="ldapopcacheentries">Directive</a></h2>
</usage>
</directivesynopsis>
+<directivesynopsis>
+<name>LDAPLibraryDebug</name>
+<description>Enable debugging in the LDAP SDK</description>
+<syntax>LDAPLibraryDebug <var>7</var></syntax>
+<default>disabled</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>Turns on SDK-specific LDAP debug options that generally cause the LDAP
+ SDK to log verbose trace information to the main Apache error log.
+ The trace messages from the LDAP SDK provide gory details that
+ can be useful during debugging of connectivity problems with backeld LDAP servers</p>
+
+ <p>This option is only configurable when Apache HTTP Server is linked with
+ an LDAP SDK that implements <code>LDAP_OPT_DEBUG</code> or
+ <code>LDAP_OPT_DEBUG_LEVEL</code>, such as OpenLDAP (a value of 7 is verbose)
+ or Tivoli Directory Server (a value of 65535 is verbose).</p>
+
+ <note type="warning">
+ <p>The logged information will likely contain plaintext credentials being used or
+ validated by LDAP authentication, so care should be taken in protecting and purging
+ the error log when this directive is used.</p>
+ </note>
+
+</usage>
+</directivesynopsis>
+
+
</modulesynopsis>
* mod_logio
* 20091011.0 (2.3.3-dev) Move preserve_host{,_set} from proxy_server_conf to
* proxy_dir_conf
+ * 20091011.1 (2.3.3-dev) add debug_level to util_ldap_state_t
*
*/
#ifndef MODULE_MAGIC_NUMBER_MAJOR
#define MODULE_MAGIC_NUMBER_MAJOR 20091011
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 1 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
char *lock_file; /* filename for shm lock mutex */
long connectionTimeout;
int verify_svr_cert;
+ int debug_level; /* SDK debug level */
} util_ldap_state_t;
#define APR_LDAP_SIZELIMIT -1
#endif
+#ifdef LDAP_OPT_DEBUG_LEVEL
+#define AP_LDAP_OPT_DEBUG LDAP_OPT_DEBUG_LEVEL
+#else
+#ifdef LDAP_OPT_DEBUG
+#define AP_LDAP_OPT_DEBUG LDAP_OPT_DEBUG
+#endif
+#endif
+
module AP_MODULE_DECLARE_DATA ldap_module;
#define LDAP_CACHE_LOCK() do { \
return(NULL);
}
+static const char *util_ldap_set_debug_level(cmd_parms *cmd,
+ void *config,
+ const char *arg) {
+ util_ldap_state_t *st =
+ (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
+ &ldap_module);
+
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ if (err != NULL) {
+ return err;
+ }
+
+#ifndef AP_LDAP_OPT_DEBUG
+ return "This directive is not supported with the currently linked LDAP library";
+#endif
+
+ st->debug_level = atoi(arg);
+ return NULL;
+}
+
static const char *util_ldap_set_referral_hop_limit(cmd_parms *cmd,
void *config,
const char *hop_limit)
is being enforced on this setting as well. */
st->connectionTimeout = base->connectionTimeout;
st->verify_svr_cert = base->verify_svr_cert;
+ st->debug_level = base->debug_level;
return st;
}
/* Initialize the rebind callback's cross reference list. */
apr_ldap_rebind_init (p);
+ if (st->debug_level > 0) {
+ result = ldap_set_option(NULL, AP_LDAP_OPT_DEBUG, &st->debug_level);
+ if (result != LDAP_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "LDAP: Could not set the LDAP library debug level to %d:(%d) %s",
+ st->debug_level, result, ldap_err2string(result));
+ }
+ }
+
return(OK);
}
"Limit the number of referral hops that LDAP can follow. "
"(Integer value, default=" AP_LDAP_DEFAULT_HOPLIMIT_STR ")"),
+ AP_INIT_TAKE1("LDAPLibraryDebug", util_ldap_set_debug_level,
+ NULL, RSRC_CONF,
+ "Enable debugging in LDAP SDK (Default: off, values: SDK specific"),
+
{NULL}
};
projects / apache / commitdiff