Stop trying to set the referral HOP limit on each connection since most SDKs don...

to do anything with it, and causes an error on released openldap levels.

Also moves/remove some macros internal to mod_ldap out of the public header for a major bump.

Reported against APR in PR47501, but httpd shouldn't be asking for the option
by default.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@831542 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index a01dfd862cac7cf5c5b6d9cb7a213ac3ae4f0ee2..d22da358e9d422aabe5b128ff1195bbaad4b5026 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -10,6 +10,11 @@ Changes with Apache 2.3.3
      mod_proxy_ftp: NULL pointer dereference on error paths.
      [Stefan Fritsch <sf fritsch.de>, Joe Orton]
 
+  *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
+     when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
+     LDAPReferralHopLimit is explicitly configured.
+     [Eric Covener]
+
   *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
      [Eric Covener]
 

diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index 76d52f0c5bb57e211a253c83b9c1c39e747cd91e..f98d28c52edf5a2e2f2057a0f5cf49e70be7b557 100644 (file)
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -203,15 +203,16 @@
  * 20091011.0 (2.3.3-dev)  Move preserve_host{,_set} from proxy_server_conf to
  *                         proxy_dir_conf
  * 20091011.1 (2.3.3-dev)  add debug_level to util_ldap_state_t
+ * 20091031.0 (2.3.3-dev)  remove public LDAP referral-related macros
  *
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
 
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
-#define MODULE_MAGIC_NUMBER_MAJOR 20091011
+#define MODULE_MAGIC_NUMBER_MAJOR 20091031
 #endif
-#define MODULE_MAGIC_NUMBER_MINOR 1                     /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 0                     /* 0...n */
 
 /**
  * Determine if the server's current MODULE_MAGIC_NUMBER is at least a

diff --git a/include/util_ldap.h b/include/util_ldap.h
index de5c61743902d69d0de910133823978069e990d1..d4760233bd569cd14d46ff7389bbd58b27ed9bd7 100644 (file)
--- a/include/util_ldap.h
+++ b/include/util_ldap.h
@@ -93,11 +93,6 @@ typedef enum {
     always=LDAP_DEREF_ALWAYS
 } deref_options;
 
-#define AP_LDAP_DEFAULT_HOPLIMIT      5    /* make sure these two stay    */
-#define AP_LDAP_DEFAULT_HOPLIMIT_STR "5"   /*   in synch with each other! */
-#define AP_LDAP_CHASEREFERRALS_OFF 0
-#define AP_LDAP_CHASEREFERRALS_ON 1
-
 /* Structure representing an LDAP connection */
 typedef struct util_ldap_connection_t {
     LDAP *ldap;

diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
index eb962b85b9a941df4db743b132523863b18ea65a..d771fc8ef536001c5554c8cb1ff6a5e568a5eff4 100644 (file)
--- a/modules/ldap/util_ldap.c
+++ b/modules/ldap/util_ldap.c
@@ -62,6 +62,10 @@
 #endif
 #endif
 
+#define AP_LDAP_HOPLIMIT_UNSET -1 
+#define AP_LDAP_CHASEREFERRALS_OFF 0
+#define AP_LDAP_CHASEREFERRALS_ON 1
+
 module AP_MODULE_DECLARE_DATA ldap_module;
 
 #define LDAP_CACHE_LOCK() do {                                  \
@@ -384,8 +388,8 @@ static int uldap_connection_init(request_rec *r,
         return(result->rc);
     }
 
-    if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
-        /* Referral hop limit - only if referrals are enabled */
+    if ((ldc->ReferralHopLimit != AP_LDAP_HOPLIMIT_UNSET) && ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
+        /* Referral hop limit - only if referrals are enabled and a hop limit is explicitly requested */
         ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                      "Setting referral hop limit to %d.",
                      ldc->ReferralHopLimit);
@@ -2410,7 +2414,7 @@ static void *util_ldap_create_dir_config(apr_pool_t *p, char *d) {
 
    /* defaults are AP_LDAP_CHASEREFERRALS_ON and AP_LDAP_DEFAULT_HOPLIMIT */
    dc->ChaseReferrals = AP_LDAP_CHASEREFERRALS_ON;
-   dc->ReferralHopLimit = AP_LDAP_DEFAULT_HOPLIMIT;
+   dc->ReferralHopLimit = AP_LDAP_HOPLIMIT_UNSET;
 
    return dc;
 }
@@ -2764,7 +2768,7 @@ static const command_rec util_ldap_cmds[] = {
     AP_INIT_TAKE1("LDAPReferralHopLimit", util_ldap_set_referral_hop_limit,
                   NULL, OR_AUTHCFG,
                   "Limit the number of referral hops that LDAP can follow. "
-                  "(Integer value, default=" AP_LDAP_DEFAULT_HOPLIMIT_STR ")"),
+                  "(Integer value, Consult LDAP SDK documentation for applicability and defaults"),
 
     AP_INIT_TAKE1("LDAPLibraryDebug", util_ldap_set_debug_level,
                   NULL, RSRC_CONF,