From 9384f140f72b9b68e4644439501cf870c8aa7f65 Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Wed, 28 Nov 2007 21:17:03 +0000 Subject: [PATCH] * No functional change: Style. Fix linebreaks to make code more readable. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599150 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ldap/util_ldap.c | 292 +++++++++++++++++++++++++-------------- 1 file changed, 188 insertions(+), 104 deletions(-) diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c index 76d80c9dd4..e223d80d00 100644 --- a/modules/ldap/util_ldap.c +++ b/modules/ldap/util_ldap.c @@ -269,8 +269,8 @@ static int uldap_connection_init(request_rec *r, /*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */ #ifdef APR_LDAP_OPT_VERIFY_CERT - apr_ldap_set_option(r->pool, ldc->ldap, - APR_LDAP_OPT_VERIFY_CERT, &(st->verify_svr_cert), &(result)); + apr_ldap_set_option(r->pool, ldc->ldap, APR_LDAP_OPT_VERIFY_CERT, + &(st->verify_svr_cert), &(result)); #else #if defined(LDAPSSL_VERIFY_SERVER) if (st->verify_svr_cert) { @@ -710,9 +710,9 @@ start_over: /* * Does an generic ldap_compare operation. It accepts a cache that it will use * to lookup the compare in the cache. We cache two kinds of compares - * (require group compares) and (require user compares). Each compare has a different - * cache node: require group includes the DN; require user does not because the - * require user cache is owned by the + * (require group compares) and (require user compares). Each compare has a + * different cache node: require group includes the DN; require user does not + * because the require user cache is owned by the * */ static int uldap_cache_compare(request_rec *r, util_ldap_connection_t *ldc, @@ -833,9 +833,12 @@ start_over: { void *junk; - junk = util_ald_cache_insert(curl->compare_cache, &the_compare_node); + junk = util_ald_cache_insert(curl->compare_cache, + &the_compare_node); if(junk == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "] cache_compare: Cache insertion failure.", getpid()); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "[%" APR_PID_T_FMT "] cache_compare: Cache" + " insertion failure.", getpid()); } } else { @@ -861,22 +864,30 @@ start_over: } -static util_compare_subgroup_t* uldap_get_subgroups(request_rec *r, util_ldap_connection_t *ldc, - const char *url, const char *dn, - char **subgroupAttrs, apr_array_header_t *subgroupclasses) { +static util_compare_subgroup_t* uldap_get_subgroups(request_rec *r, + util_ldap_connection_t *ldc, + const char *url, + const char *dn, + char **subgroupAttrs, + apr_array_header_t *subgroupclasses) +{ int failures = 0; int result = LDAP_COMPARE_FALSE; util_compare_subgroup_t *res = NULL; LDAPMessage *sga_res, *entry; - struct mod_auth_ldap_groupattr_entry_t *sgc_ents = (struct mod_auth_ldap_groupattr_entry_t *) subgroupclasses->elts; + struct mod_auth_ldap_groupattr_entry_t *sgc_ents; apr_array_header_t *subgroups = apr_array_make(r->pool, 20, sizeof(char *)); + sgc_ents = (struct mod_auth_ldap_groupattr_entry_t *) subgroupclasses->elts; + if (!subgroupAttrs) { return res; } start_over: - /* 3.B. The cache didn't have any subgrouplist yet. Go check for subgroups. */ + /* + * 3.B. The cache didn't have any subgrouplist yet. Go check for subgroups. + */ if (failures++ > 10) { /* too many failures */ return res; @@ -892,7 +903,8 @@ start_over: (char *)"cn=*", subgroupAttrs, 0, NULL, NULL, NULL, APR_LDAP_SIZELIMIT, &sga_res); if (result == LDAP_SERVER_DOWN) { - ldc->reason = "ldap_search_ext_s() for subgroups failed with server down"; + ldc->reason = "ldap_search_ext_s() for subgroups failed with server" + " down"; uldap_connection_unbind(ldc); goto start_over; } @@ -921,17 +933,21 @@ start_over: if (values) { val_index = 0; /* - * Now we are going to pare the subgroup members of this group to *just* - * the subgroups, add them to the compare_nodep, and then proceed to check - * the new level of subgroups. + * Now we are going to pare the subgroup members of this group + * to *just* the subgroups, add them to the compare_nodep, and + * then proceed to check the new level of subgroups. */ while (values[val_index]) { /* Check if this entry really is a group. */ tmp_sgcIndex = 0; result = LDAP_COMPARE_FALSE; - while ((tmp_sgcIndex < subgroupclasses->nelts) && (result != LDAP_COMPARE_TRUE)) { - result = uldap_cache_compare(r, ldc, url, values[val_index], "objectClass", - sgc_ents[tmp_sgcIndex].name); + while ((tmp_sgcIndex < subgroupclasses->nelts) + && (result != LDAP_COMPARE_TRUE)) { + result = uldap_cache_compare(r, ldc, url, + values[val_index], + "objectClass", + sgc_ents[tmp_sgcIndex].name + ); if (result != LDAP_COMPARE_TRUE) { tmp_sgcIndex++; @@ -957,7 +973,8 @@ start_over: int sgindex; char **group; res = apr_pcalloc(r->pool, sizeof(util_compare_subgroup_t)); - res->subgroupDNs = apr_pcalloc(r->pool, sizeof(char *) * (subgroups->nelts)); + res->subgroupDNs = apr_pcalloc(r->pool, + sizeof(char *) * (subgroups->nelts)); for (sgindex = 0; (group = apr_array_pop(subgroups)); sgindex++) { res->subgroupDNs[sgindex] = apr_pstrdup(r->pool, *group); } @@ -969,42 +986,53 @@ start_over: /* - * Does a recursive lookup operation to try to find a user within (cached) nested - * groups. It accepts a cache that it will use to lookup previous compare attempts. - * We cache two kinds of compares (require group compares) and (require user - * compares). Each compare has a different cache node: require group includes the DN; - * require user does not because the require user cache is owned by the + * Does a recursive lookup operation to try to find a user within (cached) + * nested groups. It accepts a cache that it will use to lookup previous + * compare attempts. We cache two kinds of compares (require group compares) + * and (require user compares). Each compare has a different cache node: + * require group includes the DN; require user does not because the require + * user cache is owned by the * * DON'T CALL THIS UNLESS YOU CALLED uldap_cache_compare FIRST!!!!! + * + * + * 1. Call uldap_cache_compare for each subgroupclass value to check the + * generic, user-agnostic, cached group entry. This will create a new generic + * cache entry if there + * wasn't one. If nothing returns LDAP_COMPARE_TRUE skip to step 5 since we + * have no groups. + * 2. Lock The cache and get the generic cache entry. + * 3. Check if there is already a subgrouplist in this generic group's cache + * entry. + * A. If there is, go to step 4. + * B. If there isn't: + * i) Use ldap_search to get the full list + * of subgroup "members" (which may include non-group "members"). + * ii) Use uldap_cache_compare to strip the list down to just groups. + * iii) Lock and add this stripped down list to the cache of the generic + * group. + * 4. Loop through the sgl and call uldap_cache_compare (using the user info) + * for each + * subgroup to see if the subgroup contains the user and to get the subgroups + * added to the + * cache (with user-afinity, if they aren't already there). + * A. If the user is in the subgroup, then we'll be returning + * LDAP_COMPARE_TRUE. + * B. if the user isn't in the subgroup (LDAP_COMPARE_FALSE via + * uldap_cache_compare) then recursively call this function to get the + * sub-subgroups added... + * 5. Cleanup local allocations. + * 6. Return the final result. */ - /* - * 1. Call uldap_cache_compare for each subgroupclass value to check the generic, - * user-agnostic, cached group entry. This will create a new generic cache entry if there - * wasn't one. If nothing returns LDAP_COMPARE_TRUE skip to step 5 since we have no groups. - * 2. Lock The cache and get the generic cache entry. - * 3. Check if there is already a subgrouplist in this generic group's cache entry. - * A. If there is, go to step 4. - * B. If there isn't: - * i) Use ldap_search to get the full list - * of subgroup "members" (which may include non-group "members"). - * ii) Use uldap_cache_compare to strip the list down to just groups. - * iii) Lock and add this stripped down list to the cache of the generic group. - * 4. Loop through the sgl and call uldap_cache_compare (using the user info) for each - * subgroup to see if the subgroup contains the user and to get the subgroups added to the - * cache (with user-afinity, if they aren't already there). - * A. If the user is in the subgroup, then we'll be returning LDAP_COMPARE_TRUE. - * B. if the user isn't in the subgroup (LDAP_COMPARE_FALSE via uldap_cache_compare) then - * recursively call this function to get the sub-subgroups added... - * 5. Cleanup local allocations. - * 6. Return the final result. - */ - -static int uldap_cache_check_subgroups(request_rec *r, util_ldap_connection_t *ldc, +static int uldap_cache_check_subgroups(request_rec *r, + util_ldap_connection_t *ldc, const char *url, const char *dn, const char *attrib, const char *value, - char **subgroupAttrs, apr_array_header_t *subgroupclasses, - int cur_subgroup_depth, int max_subgroup_depth) + char **subgroupAttrs, + apr_array_header_t *subgroupclasses, + int cur_subgroup_depth, + int max_subgroup_depth) { int result = LDAP_COMPARE_FALSE; util_url_node_t *curl; @@ -1013,26 +1041,35 @@ static int uldap_cache_check_subgroups(request_rec *r, util_ldap_connection_t *l util_compare_node_t the_compare_node; util_compare_subgroup_t *tmp_local_sgl = NULL; int lcl_sgl_processedFlag = 0, sgindex = 0, base_sgcIndex = 0; - struct mod_auth_ldap_groupattr_entry_t *sgc_ents = (struct mod_auth_ldap_groupattr_entry_t *) subgroupclasses->elts; + struct mod_auth_ldap_groupattr_entry_t *sgc_ents; + + sgc_ents = (struct mod_auth_ldap_groupattr_entry_t *) subgroupclasses->elts; util_ldap_state_t *st = (util_ldap_state_t *) ap_get_module_config(r->server->module_config, &ldap_module); - /* Stop looking at deeper levels of nested groups if we have reached the max. - * Since we already checked the top-level group in uldap_cache_compare, we don't - * need to check it again here - so if max_subgroup_depth is set to 0, we won't - * check it (i.e. that is why we check < rather than <=). - * We'll be calling uldap_cache_compare from here to check if the user is in the - * next level before we recurse into that next level looking for more subgroups. + /* + * Stop looking at deeper levels of nested groups if we have reached the + * max. Since we already checked the top-level group in uldap_cache_compare, + * we don't need to check it again here - so if max_subgroup_depth is set + * to 0, we won't check it (i.e. that is why we check < rather than <=). + * We'll be calling uldap_cache_compare from here to check if the user is + * in the next level before we recurse into that next level looking for + * more subgroups. */ if (cur_subgroup_depth >= max_subgroup_depth) { return LDAP_COMPARE_FALSE; } - /* 1. Check the "groupiness" of the specified basedn. Stopping at the first TRUE return. */ - while ((base_sgcIndex < subgroupclasses->nelts) && (result != LDAP_COMPARE_TRUE)) { - result = uldap_cache_compare(r, ldc, url, dn, "objectClass", sgc_ents[base_sgcIndex].name); + /* + * 1. Check the "groupiness" of the specified basedn. Stopping at the first + * TRUE return. + */ + while ((base_sgcIndex < subgroupclasses->nelts) + && (result != LDAP_COMPARE_TRUE)) { + result = uldap_cache_compare(r, ldc, url, dn, "objectClass", + sgc_ents[base_sgcIndex].name); if (result != LDAP_COMPARE_TRUE) { base_sgcIndex++; } @@ -1043,7 +1080,10 @@ static int uldap_cache_check_subgroups(request_rec *r, util_ldap_connection_t *l return result; } - /* 2. Find previously created cache entry and check if there is already a subgrouplist. */ + /* + * 2. Find previously created cache entry and check if there is already a + * subgrouplist. + */ LDAP_CACHE_LOCK(); curnode.url = url; curl = util_ald_cache_fetch(st->util_ldap_cache, &curnode); @@ -1060,27 +1100,38 @@ static int uldap_cache_check_subgroups(request_rec *r, util_ldap_connection_t *l the_compare_node.sgl_processed = 0; the_compare_node.subgroupList = NULL; - compare_nodep = util_ald_cache_fetch(curl->compare_cache, &the_compare_node); + compare_nodep = util_ald_cache_fetch(curl->compare_cache, + &the_compare_node); if (compare_nodep != NULL) { - /* Found the generic group entry... but the user isn't in this group or we wouldn't be here. */ + /* + * Found the generic group entry... but the user isn't in this + * group or we wouldn't be here. + */ lcl_sgl_processedFlag = compare_nodep->sgl_processed; if(compare_nodep->sgl_processed && compare_nodep->subgroupList) { /* Make a local copy of the subgroup list */ int i; - tmp_local_sgl = apr_pcalloc(r->pool, sizeof(util_compare_subgroup_t)); + tmp_local_sgl = apr_pcalloc(r->pool, + sizeof(util_compare_subgroup_t)); tmp_local_sgl->len = compare_nodep->subgroupList->len; - tmp_local_sgl->subgroupDNs = apr_pcalloc(r->pool, sizeof(char *) * compare_nodep->subgroupList->len); + tmp_local_sgl->subgroupDNs = + apr_pcalloc(r->pool, + sizeof(char *) * compare_nodep->subgroupList->len); for (i = 0; i < compare_nodep->subgroupList->len; i++) { - tmp_local_sgl->subgroupDNs[i] = apr_pstrdup(r->pool, compare_nodep->subgroupList->subgroupDNs[i]); + tmp_local_sgl->subgroupDNs[i] = + apr_pstrdup(r->pool, + compare_nodep->subgroupList->subgroupDNs[i]); } } } LDAP_CACHE_UNLOCK(); } else { - /* If we get here, something is wrong. Caches should have been created and - this group entry should be found in the cache. */ + /* + * If we get here, something is wrong. Caches should have been + * created and this group entry should be found in the cache. + */ ldc->reason = "check_subgroups failed to find any caches."; return LDAP_COMPARE_FALSE; } @@ -1089,15 +1140,21 @@ static int uldap_cache_check_subgroups(request_rec *r, util_ldap_connection_t *l if ((lcl_sgl_processedFlag == 0) && (!tmp_local_sgl)) { /* No Cached SGL, retrieve from LDAP */ - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "] util_ldap: no cached SGL for %s, retrieving from LDAP" , getpid(), dn); - tmp_local_sgl = uldap_get_subgroups(r, ldc, url, dn, subgroupAttrs, subgroupclasses); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "[%" APR_PID_T_FMT "] util_ldap: no cached SGL for %s," + " retrieving from LDAP" , getpid(), dn); + tmp_local_sgl = uldap_get_subgroups(r, ldc, url, dn, subgroupAttrs, + subgroupclasses); if (!tmp_local_sgl) { /* No SGL aailable via LDAP either */ - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "] util_ldap: no subgroups for %s" , getpid(), dn); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "]" + " util_ldap: no subgroups for %s" , getpid(), dn); } lcl_sgl_processedFlag = 1; - /* Find the generic group cache entry and add the sgl we just retrieved. */ + /* + * Find the generic group cache entry and add the sgl we just retrieved. + */ LDAP_CACHE_LOCK(); the_compare_node.dn = (char *)dn; @@ -1107,12 +1164,17 @@ static int uldap_cache_check_subgroups(request_rec *r, util_ldap_connection_t *l the_compare_node.sgl_processed = 0; the_compare_node.subgroupList = NULL; - compare_nodep = util_ald_cache_fetch(curl->compare_cache, &the_compare_node); + compare_nodep = util_ald_cache_fetch(curl->compare_cache, + &the_compare_node); if (compare_nodep == NULL) { - /* Didn't find it. This shouldn't happen since we just called uldap_cache_compare. */ + /* + * Didn't find it. This shouldn't happen since we just called + * uldap_cache_compare. + */ LDAP_CACHE_UNLOCK(); - ldc->reason = "check_subgroups failed to find the cache entry to add sub-group list to."; + ldc->reason = "check_subgroups failed to find the cache entry to" + " add sub-group list to."; return LDAP_COMPARE_FALSE; } /* @@ -1121,17 +1183,23 @@ static int uldap_cache_check_subgroups(request_rec *r, util_ldap_connection_t *l */ compare_nodep->sgl_processed = 1; if (tmp_local_sgl) { - compare_nodep->subgroupList = util_ald_sgl_dup(curl->compare_cache, tmp_local_sgl); + compare_nodep->subgroupList = util_ald_sgl_dup(curl->compare_cache, + tmp_local_sgl); } else { - /* We didn't find a single subgroup, next time save us from looking */ + /* + * We didn't find a single subgroup, next time save us from looking + */ compare_nodep->subgroupList = NULL; } LDAP_CACHE_UNLOCK(); } - /* tmp_local_sgl has either been created, or copied out of the cache */ - /* If tmp_local_sgl is NULL, there are no subgroups to process and we'll return false */ + /* + * tmp_local_sgl has either been created, or copied out of the cache + * If tmp_local_sgl is NULL, there are no subgroups to process and we'll + * return false + */ result = LDAP_COMPARE_FALSE; if (!tmp_local_sgl) { return result; @@ -1140,22 +1208,35 @@ static int uldap_cache_check_subgroups(request_rec *r, util_ldap_connection_t *l while ((result != LDAP_COMPARE_TRUE) && (sgindex < tmp_local_sgl->len)) { const char *group = NULL; group = tmp_local_sgl->subgroupDNs[sgindex]; - /* 4. Now loop through the subgroupList and call uldap_cache_compare to check for the user. */ + /* + * 4. Now loop through the subgroupList and call uldap_cache_compare + * to check for the user. + */ result = uldap_cache_compare(r, ldc, url, group, attrib, value); if (result == LDAP_COMPARE_TRUE) { - /* 4.A. We found the user in the subgroup. Return LDAP_COMPARE_TRUE. */ - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "] util_ldap:" - " Found user %s in a subgroup (%s) at level %d of %d.", - getpid(), r->user, group, cur_subgroup_depth+1, max_subgroup_depth); + /* + * 4.A. We found the user in the subgroup. Return + * LDAP_COMPARE_TRUE. + */ + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "]" + " util_ldap: Found user %s in a subgroup (%s) at" + " level %d of %d.", getpid(), r->user, group, + cur_subgroup_depth+1, max_subgroup_depth); } else { - /* 4.B. We didn't find the user in this subgroup, so recurse into it and keep looking. */ - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "] util_ldap:" - " user %s not found in subgroup (%s) at level %d of %d.", - getpid(), r->user, group, cur_subgroup_depth+1, max_subgroup_depth); + /* + * 4.B. We didn't find the user in this subgroup, so recurse into + * it and keep looking. + */ + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "[%" APR_PID_T_FMT "]" + " util_ldap: user %s not found in subgroup (%s) at" + " level %d of %d.", getpid(), r->user, group, + cur_subgroup_depth+1, max_subgroup_depth); result = uldap_cache_check_subgroups(r, ldc, url, group, attrib, - value, subgroupAttrs, subgroupclasses, - cur_subgroup_depth+1, max_subgroup_depth); + value, subgroupAttrs, + subgroupclasses, + cur_subgroup_depth+1, + max_subgroup_depth); } sgindex++; } @@ -1228,7 +1309,8 @@ static int uldap_cache_checkuserid(request_rec *r, util_ldap_connection_t *ldc, while (attrs[k++]); *retvals = apr_pcalloc(r->pool, sizeof(char *) * k); while (search_nodep->vals[i]) { - (*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]); + (*retvals)[i] = apr_pstrdup(r->pool, + search_nodep->vals[i]); i++; } } @@ -1476,7 +1558,8 @@ static int uldap_cache_getuserdn(request_rec *r, util_ldap_connection_t *ldc, while (attrs[k++]); *retvals = apr_pcalloc(r->pool, sizeof(char *) * k); while (search_nodep->vals[i]) { - (*retvals)[i] = apr_pstrdup(r->pool, search_nodep->vals[i]); + (*retvals)[i] = apr_pstrdup(r->pool, + search_nodep->vals[i]); i++; } } @@ -1695,8 +1778,8 @@ static const char *util_ldap_set_cache_ttl(cmd_parms *cmd, void *dummy, st->search_cache_ttl = atol(ttl) * 1000000; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, - "[%" APR_PID_T_FMT "] ldap cache: Setting cache TTL to %ld microseconds.", - getpid(), st->search_cache_ttl); + "[%" APR_PID_T_FMT "] ldap cache: Setting cache TTL to %ld" + " microseconds.", getpid(), st->search_cache_ttl); return NULL; } @@ -1719,8 +1802,8 @@ static const char *util_ldap_set_cache_entries(cmd_parms *cmd, void *dummy, } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, - "[%" APR_PID_T_FMT "] ldap cache: Setting search cache size to %ld entries.", - getpid(), st->search_cache_size); + "[%" APR_PID_T_FMT "] ldap cache: Setting search cache size" + " to %ld entries.", getpid(), st->search_cache_size); return NULL; } @@ -1740,8 +1823,8 @@ static const char *util_ldap_set_opcache_ttl(cmd_parms *cmd, void *dummy, st->compare_cache_ttl = atol(ttl) * 1000000; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, - "[%" APR_PID_T_FMT "] ldap cache: Setting operation cache TTL to %ld microseconds.", - getpid(), st->compare_cache_ttl); + "[%" APR_PID_T_FMT "] ldap cache: Setting operation cache TTL" + " to %ld microseconds.", getpid(), st->compare_cache_ttl); return NULL; } @@ -1764,8 +1847,8 @@ static const char *util_ldap_set_opcache_entries(cmd_parms *cmd, void *dummy, } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, - "[%" APR_PID_T_FMT "] ldap cache: Setting operation cache size to %ld " - "entries.", getpid(), st->compare_cache_size); + "[%" APR_PID_T_FMT "] ldap cache: Setting operation cache size" + " to %ld entries.", getpid(), st->compare_cache_size); return NULL; } @@ -2086,8 +2169,8 @@ static const char *util_ldap_set_connection_timeout(cmd_parms *cmd, st->connectionTimeout = atol(ttl); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, - "[%" APR_PID_T_FMT "] ldap connection: Setting connection timeout to " - "%ld seconds.", getpid(), st->connectionTimeout); + "[%" APR_PID_T_FMT "] ldap connection: Setting connection" + " timeout to %ld seconds.", getpid(), st->connectionTimeout); #else ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, cmd->server, "LDAP: Connection timout option not supported by the " @@ -2415,8 +2498,9 @@ static const command_rec util_ldap_cmds[] = { AP_INIT_FLAG("LDAPVerifyServerCert", util_ldap_set_verify_srv_cert, NULL, RSRC_CONF, - "Set to 'ON' requires that the server certificate be verified " - "before a secure LDAP connection can be establish. Default 'ON'"), + "Set to 'ON' requires that the server certificate be verified" + " before a secure LDAP connection can be establish. Default" + " 'ON'"), AP_INIT_TAKE1("LDAPConnectionTimeout", util_ldap_set_connection_timeout, NULL, RSRC_CONF, -- 2.40.0