When checking direct group membership, interpret LDAP_NO_SUCH_ATTRIBUTE the same as

LDAP_COMPARE_FALSE and continue on to subgroup (nested group) processing. This triggers when the group has no "direct" members but may have entries that represent nested groups to check. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@950249 13f79535-47bb-0310-9956-ffa450edef68
author: Eric Covener <covener@apache.org> 2010-06-01 23:26:28 +0200
committer: Eric Covener <covener@apache.org> 2010-06-01 23:26:28 +0200
commit: 67f3df7be50c8ad58f789e0eb8c0bb30449bfd96 (patch)
tree: f0e0a85ede0b6cfdfde03b233f385ccdf4f1df2b /modules/aaa/mod_authnz_ldap.c
parent: mod_authnz_ldap: Search or Comparison during authorization phase (diff)
download: apache2-67f3df7be50c8ad58f789e0eb8c0bb30449bfd96.tar.xz
apache2-67f3df7be50c8ad58f789e0eb8c0bb30449bfd96.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 2a6826f10d..750b085981 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -898,6 +898,7 @@ static authz_status ldapgroup_check_authorization(request_rec *r,
                 set_request_vars(r, LDAP_AUTHZ);
                 return AUTHZ_GRANTED;
             }
+            case LDAP_NO_SUCH_ATTRIBUTE: 
             case LDAP_COMPARE_FALSE: {
                 /* nested groups need searches and compares, so grab a new handle */
                 authnz_ldap_cleanup_connection_close(ldc);
author	Eric Covener <covener@apache.org>	2010-06-01 23:26:28 +0200
committer	Eric Covener <covener@apache.org>	2010-06-01 23:26:28 +0200
commit	67f3df7be50c8ad58f789e0eb8c0bb30449bfd96 (patch)
tree	f0e0a85ede0b6cfdfde03b233f385ccdf4f1df2b /modules/aaa/mod_authnz_ldap.c
parent	mod_authnz_ldap: Search or Comparison during authorization phase (diff)
download	apache2-67f3df7be50c8ad58f789e0eb8c0bb30449bfd96.tar.xz apache2-67f3df7be50c8ad58f789e0eb8c0bb30449bfd96.zip