(root)/mod_ldap_userdir/head : /mod_ldap_userdir.c (revision 35)

/*

 * mod_ldap_userdir - LDAP UserDir module for the Apache web server

 * Copyright 1999, 2000-9, John Morrissey <jwm@horde.net>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA02111-1307, USA.

 *

 *

 * Furthermore, John Morrissey gives permission to link this program with

 * OpenSSL, and distribute the resulting executable, without including the

 * source code for OpenSSL in the source distribution.

 */

/*

 * mod_ldap_userdir v1.1.16

 *

 * Description: A module for the Apache web server that performs UserDir

 * (home directory) lookups from an LDAP directory.

 *

 * Example (request for /~bar/one/two.html):

 *

 * LDAPUserDir public_html       -> ~bar/public_html/one/two.html

 * LDAPUserDir /usr/web          -> /usr/web/bar/one/two.html

 * LDAPUserDir /home/ * /www     -> /home/bar/www/one/two.html

 *       NOTE: these ^ ^ spaces are here to allow this to work in a C-style

 *             comment; they should not be included in your configuration.

 * LDAPUserDir http://x/users/ * -> (302) http://x/users/bar/one/two.html

 *       NOTE:           this ^ space is here to allow this to work in a

 *             C-style comment; they should not be included in your

 *             configuration.

 * LDAPUserDir http://x/ * /y    -> (302) http://x/bar/y/one/two.html

 *       NOTE:    these ^ ^ spaces are here to allow this to work in a

 *             C-style comment; they should not be included in your

 *             configuration.

 *

 * You can use multiple entries, to specify alternate user

 * directories (a la DirectoryIndex). For example:

 *

 * LDAPUserDir public_html public_www

 * LDAPUserDir public_html /usr/web http://www.xyz.com/users

 */

#include "config.h"

#include "httpd.h"

#include "http_config.h"

#include "http_log.h"

#include "http_request.h"

/* httpd.h, please don't complain about my strtoul() usage.

 * sunos4 doesn't matter much to me.

 */

#undef strtoul

#ifdef STANDARD20_MODULE_STUFF

# define APR_WANT_STRFUNC

# include "apr_hash.h"

# include "apr_strings.h"

# include "apr_want.h"

# include <time.h>

# define AP_POOL apr_pool_t

# define AP_PSTRDUP apr_pstrdup

# define AP_PSTRCAT apr_pstrcat

# define AP_PCALLOC apr_pcalloc

# define AP_STRSTR ap_strstr

# define AP_STRSTR_C ap_strstr_c

# define AP_STRCHR_C ap_strchr_c

# define AP_TABLE_SETN apr_table_setn

# define AP_MAKE_ARRAY apr_array_make

# define AP_PUSH_ARRAY apr_array_push

# if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE)

#  define HAVE_UNIX_SUEXEC

#  include "unixd.h"  /* Contains the suexec_identity hook used on Unix */

# endif

#else /* STANDARD20_MODULE_STUFF */

# define AP_POOL pool

# define AP_PSTRDUP ap_pstrdup

# define AP_PSTRCAT ap_pstrcat

# define AP_PCALLOC ap_pcalloc

# define AP_STRSTR strstr

# define AP_STRSTR_C strstr

# define AP_STRCHR_C strchr

# define AP_TABLE_SETN ap_table_setn

# define AP_MAKE_ARRAY ap_make_array

# define AP_PUSH_ARRAY ap_push_array

# if !defined(NETWARE)

#  include <sys/types.h>

# endif

# include <sys/stat.h>

# if !defined(WIN32)

#  include <unistd.h>

# endif

#endif /* STANDARD20_MODULE_STUFF */

#include <lber.h>

#include <ldap.h>

#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_VENDOR_VERSION >= 192)

# define HAS_LDAP_UNBIND_EXT_S

#endif

#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_VENDOR_VERSION >= 19905)

# define HAS_LDAP_INITIALIZE

#endif

#if LDAP_API_VERSION >= 2000

# define LDAP_VALUE(values, i) (values[i]->bv_val)

# define LDAP_VALUE_FREE(values) (ldap_value_free_len(values))

#else

# define LDAP_VALUE(values, i) (values[i])

# define LDAP_VALUE_FREE(values) (ldap_value_free(values))

#endif

#ifdef HAS_LDAP_UNBIND_EXT_S

# define LDAP_UNBIND(ld) (ldap_unbind_ext_s(ld, NULL, NULL))

#else

# define LDAP_UNBIND(ld) (ldap_unbind_s(ld, NULL, NULL))

#endif

/* Thanks, Sun. */

#ifndef LDAP_OPT_SUCCESS

# define LDAP_OPT_SUCCESS LDAP_SUCCESS

#endif

#ifdef STANDARD20_MODULE_STUFF

module AP_MODULE_DECLARE_DATA ldap_userdir_module;

#else

module MODULE_VAR_EXPORT ldap_userdir_module;

#endif

typedef struct ldap_userdir_config {

	char *userdir;

#ifdef STANDARD20_MODULE_STUFF

	apr_array_header_t *servers;

#else

	array_header *servers;

#endif

	unsigned int cur_server_index;

#if LDAP_API_VERSION >= 2000

	char *url;

#else /* LDAP_API_VERSION >= 2000 */

	char *server;

	int port;

#endif /* LDAP_API_VERSION >= 2000 */

	char *ldap_dn, *dn_pass,

	     *basedn, *filter_template,

	     *home_attr, *username_attr, *uidNumber_attr, *gidNumber_attr;

	int search_scope, protocol_version;

#ifdef STANDARD20_MODULE_STUFF

	int cache_timeout;

#endif

#ifdef TLS

	int use_tls;

#endif

	LDAP *ld;

	unsigned int got_url;

#ifdef STANDARD20_MODULE_STUFF

	apr_hash_t *homedirHt;

#endif /* STANDARD20_MODULE_STUFF */

} ldap_userdir_config;

#ifdef STANDARD20_MODULE_STUFF

struct hash_entry {

	time_t inserted_at;

	char *homedir;

	char *posix_username;

	char *uid;

	char *gid;

};

#endif /* STANDARD20_MODULE_STUFF */

static void *

create_ldap_userdir_config(AP_POOL *p, server_rec *s)

{

	ldap_userdir_config *newcfg = (ldap_userdir_config *) AP_PCALLOC(p, sizeof(ldap_userdir_config));

	newcfg->servers = AP_MAKE_ARRAY(p, 2, sizeof(char *));

#if LDAP_API_VERSION < 2000

	newcfg->port = -1;

#endif /* LDAP_API_VERSION < 2000 */

	newcfg->search_scope = -1;

	newcfg->protocol_version = -1;

#ifdef STANDARD20_MODULE_STUFF

	newcfg->cache_timeout = -1;

#endif

#ifdef TLS

	newcfg->use_tls = -1;

#endif /* TLS */

#ifdef STANDARD20_MODULE_STUFF

	newcfg->homedirHt = apr_hash_make(p);

#endif /* STANDARD20_MODULE_STUFF */

	return (void *)newcfg;

}

static void *

merge_ldap_userdir_config(AP_POOL *p, void *server1_conf, void *server2_conf)

{

	ldap_userdir_config *s_cfg1 = (ldap_userdir_config *) server1_conf,

	                    *s_cfg2 = (ldap_userdir_config *) server2_conf;

	ldap_userdir_config *merged_cfg =

		(ldap_userdir_config *) AP_PCALLOC(p, sizeof(ldap_userdir_config));

	memcpy(merged_cfg, s_cfg2, sizeof(ldap_userdir_config));

	if (!merged_cfg->userdir) {

		merged_cfg->userdir = AP_PSTRDUP(p, s_cfg1->userdir);

	}

	if (!merged_cfg->servers) {

		merged_cfg->servers = apr_array_copy_hdr(p, s_cfg1->servers);

	}

#if LDAP_API_VERSION >= 2000

	if (!merged_cfg->url) {

		merged_cfg->url = AP_PSTRDUP(p, s_cfg1->url);

	}

#else /* LDAP_API_VERSION >= 2000 */

	if (!merged_cfg->server) {

		merged_cfg->server = AP_PSTRDUP(p, s_cfg1->server);

	}

	if (merged_cfg->port == -1) {

		merged_cfg->port = s_cfg1->port;

	}

#endif /* LDAP_API_VERSION >= 2000 */

	if (!merged_cfg->ldap_dn) {

		merged_cfg->ldap_dn = AP_PSTRDUP(p, s_cfg1->ldap_dn);

	}

	if (!merged_cfg->dn_pass) {

		merged_cfg->dn_pass = AP_PSTRDUP(p, s_cfg1->dn_pass);

	}

	if (!merged_cfg->basedn) {

		merged_cfg->basedn = AP_PSTRDUP(p, s_cfg1->basedn);

	}

	if (!merged_cfg->filter_template) {

		merged_cfg->filter_template = AP_PSTRDUP(p, s_cfg1->filter_template);

	}

	if (!merged_cfg->home_attr) {

		merged_cfg->home_attr = AP_PSTRDUP(p, s_cfg1->home_attr);

	}

	if (!merged_cfg->username_attr) {

		merged_cfg->username_attr = AP_PSTRDUP(p, s_cfg1->username_attr);

	}

	if (!merged_cfg->uidNumber_attr) {

		merged_cfg->uidNumber_attr = AP_PSTRDUP(p, s_cfg1->uidNumber_attr);

	}

	if (!merged_cfg->gidNumber_attr) {

		merged_cfg->gidNumber_attr = AP_PSTRDUP(p, s_cfg1->gidNumber_attr);

	}

	if (merged_cfg->search_scope == -1) {

		merged_cfg->search_scope = s_cfg1->search_scope;

	}

	if (merged_cfg->protocol_version == -1) {

		merged_cfg->protocol_version = s_cfg1->protocol_version;

	}

#ifdef STANDARD20_MODULE_STUFF

	if (merged_cfg->cache_timeout == -1) {

		merged_cfg->cache_timeout = s_cfg1->cache_timeout;

	}

#endif /* STANDARD20_MODULE_STUFF */

#ifdef TLS

	if (merged_cfg->use_tls == -1) {

		merged_cfg->use_tls = s_cfg1->use_tls;

	}

#endif /* TLS */

	return (void *) merged_cfg;

}

static const char *

set_ldap_user_dir(cmd_parms *cmd, void *dummy, const char *arg)

{

	ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(cmd->server->module_config, &ldap_userdir_module);

	if (strlen(arg) == 0) {

		return "LDAPUserDir must be supplied with the public subdirectory in users' home directories (e.g., 'public_html').";

	}

	s_cfg->userdir = AP_PSTRDUP(cmd->pool, arg);

	return NULL;

}

static const char *

set_url(cmd_parms *cmd, void *dummy, const char *arg)

{

	ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(cmd->server->module_config, &ldap_userdir_module);

	LDAPURLDesc *url;

#if LDAP_API_VERSION < 2000

	if (s_cfg->server) {

		return "LDAPUserDirServerURL can't be combined with LDAPUserDirServer.";

	}

#endif /* LDAP_API_VERSION < 2000 */

	if (s_cfg->basedn || s_cfg->filter_template || s_cfg->search_scope != -1) {

		return "LDAPUserDirServerURL can't be combined with LDAPUserDirBaseDN, LDAPUserDirFilter, or LDAPUserDirSearchScope.";

	}

	s_cfg->got_url = 1;

	if (ldap_url_parse(arg, &url) != LDAP_SUCCESS) {

		return "LDAPUserDirServerURL must be supplied with a valid LDAP URL.";

	}

#ifdef HAVE_LDAPURLDESC_LUD_SCHEME

# define SCHEME_IS(scheme) \

	((strlen(url->lud_scheme) == strlen(scheme) - 1) && \

	 (strncasecmp(url->lud_scheme, scheme, strlen(scheme) - 1) == 0))

#else /* HAVE_LDAPURLDESC_LUD_SCHEME */

# define SCHEME_IS(scheme) (strncasecmp(arg, scheme, strlen(scheme)) == 0)

#endif /* HAVE_LDAPURLDESC_LUD_SCHEME */

	if (!SCHEME_IS("ldaps:") && !SCHEME_IS("ldap:")) {

		return "Invalid scheme specified by LDAPUserDirServerURL. Valid schemes are 'ldap' or 'ldaps'.";

	}

#ifdef TLS

	if (SCHEME_IS("ldaps:") && s_cfg->use_tls != -1) {

		return "ldaps:// scheme in LDAPUserDirServerURL can't be combined with LDAPUserDirUseTLS.";

	}

#endif /* TLS */

	ldap_free_urldesc(url);

	*(char **)AP_PUSH_ARRAY(s_cfg->servers) = AP_PSTRDUP(cmd->pool, arg);

	return NULL;

}

static const char *

set_server(cmd_parms *cmd, void *dummy, const char *arg)

{

	ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(cmd->server->module_config, &ldap_userdir_module);

	if (s_cfg->got_url) {

		return "LDAPUserDirServer can't be combined with LDAPUserDirServerURL.";

	}

	if (strlen(arg) == 0) {

		return "LDAPUserDirServer must be supplied with the name of an LDAP server.";

	}

	*(char **)AP_PUSH_ARRAY(s_cfg->servers) = AP_PSTRDUP(cmd->pool, arg);

	return NULL;

}

static const char *

set_ldap_dninfo(cmd_parms *cmd, void *dummy,

                const char *dn, const char *pass)

{

	ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(cmd->server->module_config, &ldap_userdir_module);

	if (strlen(dn) == 0) {

		return "LDAPUserDirDNInfo must be supplied with a LDAP DN to bind as.";

	}

	if (strlen(pass) == 0) {

		return "LDAPUserDirDNInfo must be supplied with a password to bind with.";

	}

	s_cfg->ldap_dn = (char *)dn;

	s_cfg->dn_pass = (char *)pass;

	return NULL;

}

static const char *

set_basedn(cmd_parms *cmd, void *dummy, const char *arg)

{

	ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(cmd->server->module_config, &ldap_userdir_module);

	if (s_cfg->got_url) {

		return "LDAPUserDirBaseDN can't be combined with LDAPUserDirServerURL.";

	}

	if (strlen(arg) == 0) {

		return "LDAPUserDirBaseDN must be supplied with the LDAP base DN to use for UserDir lookups.";

	}

	s_cfg->basedn = AP_PSTRDUP(cmd->pool, arg);

	return NULL;

}

static const char *

set_filter_template(cmd_parms *cmd, void *dummy, const char *arg)

{

	ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(cmd->server->module_config, &ldap_userdir_module);

	if (s_cfg->got_url) {

		return "LDAPUserDirFilter can't be combined with LDAPUserDirServerURL.";

	}

	if (strlen(arg) == 0) {

		return "LDAPUserDirFilter must be supplied with a filter template to use for LDAP UserDir lookups.";

	}

	s_cfg->filter_template = AP_PSTRDUP(cmd->pool, arg);

	return NULL;

}

static const char *

set_search_scope(cmd_parms *cmd, void *dummy, const char *arg)

{

	ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(cmd->server->module_config, &ldap_userdir_module);

	if (s_cfg->got_url) {

		return "LDAPUserDirSearchScope can't be combined with LDAPUserDirServerURL.";

	}

	if (strlen(arg) == 0) {

		return "LDAPUserDirSearchScope must be supplied with a search scope (\"onelevel\" or \"subtree\")";

	}

	if (strcasecmp(arg, "onelevel") == 0) {

		s_cfg->search_scope = LDAP_SCOPE_ONELEVEL;

		return NULL;

	} else if (strcasecmp(arg, "subtree") == 0) {

		s_cfg->search_scope = LDAP_SCOPE_SUBTREE;

		return NULL;

	}

	return "LDAPUserDirSearchScope must be either \"onelevel\" or \"subtree\".";

}

static const char *

set_use_tls(cmd_parms *cmd, void *dummy, int arg)

{

#ifdef TLS

	ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(cmd->server->module_config, &ldap_userdir_module);

	if (arg == 1 && s_cfg->got_url &&

	    strncasecmp(s_cfg->url, "ldaps:", 6) == 0) {

		return "LDAPUserDirUseTLS can't be combined with ldaps:// in LDAPUserDirServerURL.";

	}

	if (s_cfg->protocol_version < 3 && s_cfg->protocol_version != -1) {

		return "LDAPProtocolVersion must be set to version 3 to use the LDAPUserDirUseTLS directive.";

	}

	s_cfg->use_tls = arg;

	return NULL;

#else

	return "mod_ldap_userdir was not built with LDAP TLS support.";

#endif /* TLS */

}

static const char *

set_attr_name(cmd_parms *cmd, void *dummy,

              const char *our_attr, const char *their_attr)

{

	ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(cmd->server->module_config, &ldap_userdir_module);

	if (strlen(their_attr) == 0) {

		return "LDAPAttributeName must be supplied with a non-empty attribute name for its second argument, such as \"homeDirectory\"";

	}

	if (strcasecmp(our_attr, "homeDirectory") == 0) {

		s_cfg->home_attr = AP_PSTRDUP(cmd->pool, their_attr);

	} else if (strcasecmp(our_attr, "uid") == 0) {

		s_cfg->username_attr = AP_PSTRDUP(cmd->pool, their_attr);

	} else if (strcasecmp(our_attr, "uidNumber") == 0) {

		s_cfg->uidNumber_attr = AP_PSTRDUP(cmd->pool, their_attr);

	} else if (strcasecmp(our_attr, "gidNumber") == 0) {

		s_cfg->gidNumber_attr = AP_PSTRDUP(cmd->pool, their_attr);

	} else {

		return "LDAPAttributeName accepts only \"homeDirectory\", \"uid\", \"uidNumber\", or \"gidNumber\" for its first argument.";

	}

	return NULL;

}

#ifdef STANDARD20_MODULE_STUFF

static const char *

set_cache_timeout(cmd_parms *cmd, void *dummy, const char *arg)

{

	char *invalid_char = NULL;

	ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(cmd->server->module_config, &ldap_userdir_module);

	s_cfg->cache_timeout = strtol(arg, &invalid_char, 10);

	if (arg[0] == '\0' || *invalid_char != '\0') {

		return "LDAPUserDirCacheTimeout must be supplied with a numeric cache timeout.";

	}

	return NULL;

}

#endif

static const char *

set_ldap_protocol_version(cmd_parms *cmd, void *dummy, const char *arg)

{

	char *invalid_char = NULL;

	ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(cmd->server->module_config, &ldap_userdir_module);

	s_cfg->protocol_version = strtol(arg, &invalid_char, 10);

	if (arg[0] == '\0' || *invalid_char != '\0' ||

	    (s_cfg->protocol_version != 2 && s_cfg->protocol_version != 3)) {

		return "LDAPProtocolVersion must be set as version 2 or version 3.";

	}

#ifdef TLS

	if (s_cfg->protocol_version < 3 && s_cfg->use_tls != -1) {

		return "LDAPProtocolVersion must be set to version 3 to use the LDAPUserDirUseTLS directive.";

	}

#endif /* TLS */

	return NULL;

}

static void

apply_config_defaults(ldap_userdir_config *cfg)

{

	if (!cfg->home_attr) {

		cfg->home_attr = "homeDirectory";

	}

	if (!cfg->username_attr) {

		cfg->username_attr = "uid";

	}

	if (!cfg->uidNumber_attr) {

		cfg->uidNumber_attr = "uidNumber";

	}

	if (!cfg->gidNumber_attr) {

		cfg->gidNumber_attr = "gidNumber";

	}

#if LDAP_API_VERSION < 2000

	if (cfg->port == -1) {

		cfg->port = LDAP_PORT;

	}

#endif /* LDAP_API_VERSION < 2000 */

	if (cfg->search_scope == -1) {

		cfg->search_scope = LDAP_SCOPE_SUBTREE;

	}

#ifdef STANDARD20_MODULE_STUFF

	if (cfg->cache_timeout == -1) {

		cfg->cache_timeout = 300;

	}

#endif /* STANDARD20_MODULE_STUFF */

	if (cfg->protocol_version == -1) {

		cfg->protocol_version = 3;

	}

#ifdef TLS

	if (cfg->use_tls == -1) {

		cfg->use_tls = 0;

	}

#endif /* TLS */

}

#ifdef STANDARD20_MODULE_STUFF

static int

init_ldap_userdir(AP_POOL *pconf, AP_POOL *plog,

                  AP_POOL *ptemp, server_rec *s)

{

	for (; s; s = s->next) {

		ldap_userdir_config *s_cfg =

			(ldap_userdir_config *) ap_get_module_config(s->module_config, &ldap_userdir_module);

		apply_config_defaults(s_cfg);

	}

	ap_add_version_component(pconf, "mod_ldap_userdir/1.1.16");

	return OK;

}

#else /* STANDARD20_MODULE_STUFF */

static void

init_ldap_userdir(server_rec *s, AP_POOL *p)

{

	for (; s; s = s->next) {

		ldap_userdir_config *s_cfg =

 			(ldap_userdir_config *) ap_get_module_config(s->module_config, &ldap_userdir_module);

		apply_config_defaults(s_cfg);

	}

	ap_add_version_component("mod_ldap_userdir/1.1.16");

}

#endif /* STANDARD20_MODULE_STUFF */

static char *

result2errmsg(const request_rec *r, LDAP *ld, LDAPMessage *result)

{

	int ret;

	char *result_errmsg, *errmsg;

#if LDAP_API_VERSION >= 2000

	ret = ldap_parse_result(ld, result, NULL, NULL, &result_errmsg,

		NULL, NULL, 0);

	if (ret == LDAP_SUCCESS) {

		errmsg = AP_PSTRDUP(r->pool, result_errmsg);

		ldap_memfree(result_errmsg);

	} else {

		errmsg = "Unknown";

	}

#else

	errmsg = ldap_err2string(ldap_result2error(ld, result, 0));

#endif

	return errmsg;

}

static int

_ldap_connect(ldap_userdir_config *s_cfg)

{

	int ret, sizelimit = 2, version;

#if LDAP_API_VERSION >= 2000

	struct berval bindcred;

#endif

#ifdef HAS_LDAP_INITIALIZE

	ret = ldap_initialize(&(s_cfg->ld), s_cfg->url);

	if (ret != LDAP_SUCCESS) {

# ifdef STANDARD20_MODULE_STUFF

		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, NULL, "mod_ldap_userdir: ldap_initialize() to %s failed: %s", s_cfg->url, strerror(ret));

# else

		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL, "mod_ldap_userdir: ldap_initialize() to %s failed: %s", s_cfg->url, strerror(ret));

# endif

		return -1;

	}

#else /* HAS_LDAP_INITIALIZE */

	if ((s_cfg->ld = (LDAP *) ldap_init(s_cfg->server, s_cfg->port)) == NULL) {

# ifdef STANDARD20_MODULE_STUFF

		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, NULL, "mod_ldap_userdir: ldap_init() to %s failed: %s", s_cfg->server, strerror(errno));

# else

		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL, "mod_ldap_userdir: ldap_init() to %s failed: %s", s_cfg->server, strerror(errno));

# endif

		return -1;

	}

#endif /* HAS_LDAP_INITIALIZE */

	switch (s_cfg->protocol_version) {

	case 2:

		version = LDAP_VERSION2;

		break;

	case 3:

	default:

		version = LDAP_VERSION3;

		break;

	}

	if ((ret = ldap_set_option(s_cfg->ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_OPT_SUCCESS) {

#ifdef STANDARD20_MODULE_STUFF

			ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, NULL, "mod_ldap_userdir: Setting LDAP version option failed: %s", ldap_err2string(ret));

#else

			ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL, "mod_ldap_userdir: Setting LDAP version option failed: %s", ldap_err2string(ret));

#endif

			LDAP_UNBIND(s_cfg->ld);

			s_cfg->ld = NULL;

			return -1;

		}

#ifdef TLS

	if (s_cfg->use_tls) {

		if ((ret = ldap_start_tls_s(s_cfg->ld, NULL, NULL)) != LDAP_SUCCESS) {

#ifdef STANDARD20_MODULE_STUFF

			ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, NULL, "mod_ldap_userdir: Starting TLS failed: %s", ldap_err2string(ret));

#else

			ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL, "mod_ldap_userdir: Starting TLS failed: %s", ldap_err2string(ret));

#endif

			LDAP_UNBIND(s_cfg->ld);

			s_cfg->ld = NULL;

			return -1;

		}

	}

#endif /* TLS */

#if LDAP_API_VERSION >= 2000

	bindcred.bv_val = s_cfg->dn_pass;

	if (s_cfg->dn_pass != NULL) {

		bindcred.bv_len = strlen(s_cfg->dn_pass);

	} else {

		bindcred.bv_len = 0;

	}

	ret = ldap_sasl_bind_s(s_cfg->ld, s_cfg->ldap_dn, NULL, &bindcred, NULL, NULL, NULL);

#else /* LDAP_API_VERSION >= 2000 */

	ret = ldap_simple_bind_s(s_cfg->ld, s_cfg->ldap_dn, s_cfg->dn_pass);

#endif /* LDAP_API_VERSION >= 2000 */

	if (ret != LDAP_SUCCESS) {

#ifdef STANDARD20_MODULE_STUFF

		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, NULL, "mod_ldap_userdir: bind as %s failed: %s", s_cfg->ldap_dn, ldap_err2string(ret));

#else

		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL, "mod_ldap_userdir: bind as %s failed: %s", s_cfg->ldap_dn, ldap_err2string(ret));

#endif

		return -1;

	}

	/* I couldn't think of a better way to do this without having autoconf

	 * jump through hoops to detect whether ldap_set_option is present.

	 * I think this works fairly well, though, as we're sure to need

	 * LDAP_OPT_SIZELIMIT to use ldap_set_option in this case. :-)

	 */

#ifdef LDAP_OPT_SIZELIMIT

	if ((ret = ldap_set_option(s_cfg->ld, LDAP_OPT_SIZELIMIT, (void *)&sizelimit)) != LDAP_OPT_SUCCESS)

#ifdef STANDARD20_MODULE_STUFF

		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, NULL, "mod_ldap_userdir: ldap_set_option() unable to set query size limit to 2 entries: %s", ldap_err2string(ret));

#else /* STANDARD20_MODULE_STUFF */

		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL, "mod_ldap_userdir: ldap_set_option() unable to set query size limit to 2 entries: %s", ldap_err2string(ret));

#endif /* STANDARD20_MODULE_STUFF */

#else /* LDAP_OPT_SIZELIMIT */

	s_cfg->ld->ld_sizelimit = sizelimit;

#endif /* LDAP_OPT_SIZELIMIT */

	return 1;

}

static int

connect_ldap_userdir(request_rec *r, ldap_userdir_config *s_cfg)

{

	int start_server_index;

	char *item;

	LDAPURLDesc *url;

	start_server_index = s_cfg->cur_server_index;

	do {

		/* We won't have any configured servers if no

		 * LDAPUserDirServer* directives were specified.

		 * Fall back and use the SDK default if so.

		 */

		if (s_cfg->servers->nelts) {

			item = ((char **)(s_cfg->servers->elts))[s_cfg->cur_server_index];

			if (ldap_is_ldap_url(item)) {

				if (ldap_url_parse(item, &url) != LDAP_URL_SUCCESS) {

#ifdef STANDARD20_MODULE_STUFF

					ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, NULL, "mod_ldap_userdir: URL %s was valid at startup, but is no longer valid?!", item);

#else /* STANDARD20_MODULE_STUFF */

					ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL, "mod_ldap_userdir: URL %s was valid at startup, but is no longer valid?!", item);

#endif /* STANDARD20_MODULE_STUFF */

					++(s_cfg->cur_server_index);

					if (s_cfg->cur_server_index >= s_cfg->servers->nelts) {

						s_cfg->cur_server_index = 0;

					}

					continue;

				}

#ifdef HAS_LDAP_INITIALIZE

				s_cfg->url = AP_PSTRDUP(r->server->process->pool, item);

#else /* HAS_LDAP_INITIALIZE */

				if (url->lud_host != NULL) {

					s_cfg->server = AP_PSTRDUP(r->server->process->pool, url->lud_host);

				}

				if (url->lud_port != 0) {

					s_cfg->port = url->lud_port;

				}

#endif /* HAS_LDAP_INITIALIZE */

				if (url->lud_dn != NULL) {

					s_cfg->basedn = AP_PSTRDUP(r->server->process->pool, url->lud_dn);

				}

				if (url->lud_filter != NULL) {

					s_cfg->filter_template = AP_PSTRDUP(r->server->process->pool, url->lud_filter);

				}

				s_cfg->search_scope = url->lud_scope;

				if (s_cfg->search_scope == LDAP_SCOPE_BASE) {

# ifdef STANDARD20_MODULE_STUFF

					ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, NULL, "mod_ldap_userdir: WARNING: LDAP URL search scopes default to 'base' (not 'sub') and may not be what you want.");

# else

					ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, NULL, "mod_ldap_userdir: WARNING: LDAP URL search scopes default to 'base' (not 'sub') and may not be what you want.");

# endif

				}

				ldap_free_urldesc(url);

			} else {

#ifdef HAS_LDAP_INITIALIZE

				s_cfg->url = AP_PSTRCAT(r->server->process->pool,

					"ldap://", item, "/", NULL);

#else /* HAS_LDAP_INITIALIZE */

				s_cfg->server = AP_PSTRDUP(r->server->process->pool, item);

				s_cfg->port = LDAP_PORT;

#endif /* HAS_LDAP_INITIALIZE */

			}

		}

		if (_ldap_connect(s_cfg) == 1) {

			return 1;

		}

		++s_cfg->cur_server_index;

		if (s_cfg->cur_server_index >= s_cfg->servers->nelts) {

			s_cfg->cur_server_index = 0;

		}

	} while (s_cfg->cur_server_index != start_server_index);

	return -1;

}

static char *

generate_filter(AP_POOL *p, char *template, const char *entity)

{

	char *filter, *pos;

	int num_escapes = 0, i = 0, j = 0;

	pos = template;

	while ((pos = AP_STRSTR(pos + 2, "%v")) != NULL) {

		++num_escapes;

	}

	pos = template;

	while ((pos = AP_STRSTR(pos + 2, "%u")) != NULL) {

		++num_escapes;

	}

	/* -2 for the %u/%v, +1 for the NULL */

	filter = AP_PCALLOC(p, strlen(template) - (num_escapes * 2) + (num_escapes * strlen(entity)) + 1);

	while (template[i] != '\0') {

		if (template[i] == '%' &&

		    (template[i + 1] == 'u' || template[i + 1] == 'v'))

		{

			strcat(filter, entity);

			j += strlen(entity);

			i += 2;

		} else {

			filter[j++] = template[i++];

		}

	}

	return filter;

}

void

free_entry(struct hash_entry **entry)

{

	if (!*entry) {

		return;

	}

	if ((*entry)->homedir) {

		free((*entry)->homedir);

	}

	if ((*entry)->posix_username) {

		free((*entry)->posix_username);

	}

	if ((*entry)->uid) {

		free((*entry)->uid);

	}

	if ((*entry)->gid) {

		free((*entry)->gid);

	}

	free((*entry));

	*entry = NULL;

}

static struct hash_entry *

cache_fetch(const ldap_userdir_config *s_cfg, const char *username)

{

#ifndef STANDARD20_MODULE_STUFF

	return NULL;

#else /* STANDARD20_MODULE_STUFF */

	struct hash_entry *entry;

	/* A cache timeout of 0 disables caching. */

	if (s_cfg->cache_timeout == 0) {

		return NULL;

	}

	entry = apr_hash_get(s_cfg->homedirHt, username, APR_HASH_KEY_STRING);

	if (entry == NULL) {

		return NULL;

	}

	/* If this entry is still valid, return it. Otherwise, expire the

	 * stale entry.

	 */

	if (entry->inserted_at + s_cfg->cache_timeout > time(NULL)) {

		return entry;

	}

	free_entry(&entry);

	apr_hash_set(s_cfg->homedirHt, username, APR_HASH_KEY_STRING, NULL);

	return NULL;

#endif /* !STANDARD20_MODULE_STUFF */

}

static struct hash_entry *

get_ldap_homedir(ldap_userdir_config *s_cfg, request_rec *r,

                 const char *username)

{

	char *filter,

	     *attrs[] = {s_cfg->home_attr, s_cfg->username_attr,

	                 s_cfg->uidNumber_attr, s_cfg->gidNumber_attr, NULL};

	int i = 0, ret;

#if LDAP_API_VERSION >= 2000

	struct timeval timeout;

	struct berval **values;

#else

	char **values;

#endif

	LDAPMessage *result, *e;

	struct hash_entry *entry;

#ifdef STANDARD20_MODULE_STUFF

	entry = cache_fetch(s_cfg, username);

	if (entry != NULL) {

		return entry;

	}

#endif /* STANDARD20_MODULE_STUFF */

	/* If we haven't even connected yet, try to connect. If we still can't

	   connect, give up. */

	if (s_cfg->ld == NULL) {

		if (connect_ldap_userdir(r, s_cfg) != 1) {

			return NULL;

		}

	}

	if (s_cfg->filter_template && *(s_cfg->filter_template)) {

		filter = generate_filter(r->pool, s_cfg->filter_template, username);

	} else {

		filter = generate_filter(r->pool, "(&(uid=%u)(objectClass=posixAccount))", username);

	}

#if LDAP_API_VERSION >= 2000

	timeout.tv_sec = 2;

	timeout.tv_usec = 0;

	ret = ldap_search_ext_s(s_cfg->ld, s_cfg->basedn, s_cfg->search_scope,

		filter, attrs, 0, NULL, NULL, &timeout, 2, &result);

#else /* LDAP_API_VERSION >= 2000 */

	ret = ldap_search_s(s_cfg->ld, s_cfg->basedn, s_cfg->search_scope,

		filter, attrs, 0, &result);

#endif /* LDAP_API_VERSION >= 2000 */

	if (ret != LDAP_SUCCESS) {

		/* If the LDAP server went away, try to reconnect. If the reconnect

		 * fails, give up and log accordingly.

		 */

		if (ret == LDAP_SERVER_DOWN) {

			LDAP_UNBIND(s_cfg->ld);

			if (connect_ldap_userdir(r, s_cfg) != 1) {

#ifdef STANDARD20_MODULE_STUFF

				ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, "mod_ldap_userdir: LDAP server went away, couldn't reconnect. Declining request.");

#else

				ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "mod_ldap_userdir: LDAP server went away, couldn't reconnect. Declining request.");

#endif

				s_cfg->ld = NULL;

				return NULL;

			}

#if LDAP_API_VERSION >= 2000

			ret = ldap_search_ext_s(s_cfg->ld, s_cfg->basedn, s_cfg->search_scope,

				filter, attrs, 0, NULL, NULL, &timeout, 2, &result);

#else /* LDAP_API_VERSION >= 2000 */

			ret = ldap_search_s(s_cfg->ld, s_cfg->basedn, s_cfg->search_scope,

				filter, attrs, 0, &result);

#endif /* LDAP_API_VERSION >= 2000 */

			if (ret != LDAP_SUCCESS) {

#ifdef STANDARD20_MODULE_STUFF

				ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, "mod_ldap_userdir: LDAP search failed: %s", ldap_err2string(ret));

#else

				ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "mod_ldap_userdir: LDAP search failed: %s", ldap_err2string(ret));

#endif

				return NULL;

			}

		} else {

#ifdef STANDARD20_MODULE_STUFF

			ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, "mod_ldap_userdir: LDAP search failed: %s", ldap_err2string(ret));

#else

			ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "mod_ldap_userdir: LDAP search failed: %s", ldap_err2string(ret));

#endif

			return NULL;

		}

	}

	if ((ret = ldap_count_entries(s_cfg->ld, result)) > 1) {

#ifdef STANDARD20_MODULE_STUFF

		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, "mod_ldap_userdir: found too many entries (%d entries) for query, expecting 1 entry. Ignoring LDAP results.", ret);

#else

		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "mod_ldap_userdir: found too many entries (%d entries) for query, expecting 1 entry. Ignoring LDAP results.", ret);

#endif

		ldap_msgfree(result);

		return NULL;

	} else if (ret < 1) {

		/* We didn't find any users, don't bother calling ldap_first_entry(). */

		return NULL;

	}

	if ((e = ldap_first_entry(s_cfg->ld, result)) == NULL) {

#ifdef STANDARD20_MODULE_STUFF

		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, "mod_ldap_userdir: ldap_first_entry() failed: %s", result2errmsg(r, s_cfg->ld, result));

#else

		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "mod_ldap_userdir: ldap_first_entry() failed: %s", result2errmsg(r, s_cfg->ld, result));

#endif

		ldap_msgfree(result);

		return NULL;

	}

	entry = (struct hash_entry *) calloc(1, sizeof(struct hash_entry));

	if (entry == NULL) {

		ldap_msgfree(result);

		return NULL;

	}

	while (attrs[i] != NULL) {

#if LDAP_API_VERSION >= 2000

		values = ldap_get_values_len(s_cfg->ld, e, attrs[i]);

#else

		values = ldap_get_values(s_cfg->ld, e, attrs[i]);

#endif

		if (!values) {

			if (strcmp(attrs[i], s_cfg->username_attr) == 0 ||

			    strcmp(attrs[i], s_cfg->home_attr) == 0)

			{

#ifdef STANDARD20_MODULE_STUFF

				ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, "mod_ldap_userdir: user %s has no %s attr, skipping request.", username, attrs[i]);

#else

				ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "mod_ldap_userdir: user %s has no %s attr, skipping request.", username, attrs[i]);

#endif

				free_entry(&entry);

				ldap_msgfree(result);

				return NULL;

			}

			++i;

			continue;

		}

		/* There doesn't seem to be any per-server/thread pool we can use

		 * here, so we need to jump through some hoops to make sure we

		 * don't leak if anything fails.

		 */

		if (strcmp(attrs[i], s_cfg->home_attr) == 0) {

			entry->homedir = strdup(LDAP_VALUE(values, 0));

			LDAP_VALUE_FREE(values);

			if (entry->homedir == NULL) {

				free_entry(&entry);

				ldap_msgfree(result);

				return NULL;

			}

		} else if (strcmp(attrs[i], s_cfg->username_attr) == 0) {

			entry->posix_username = strdup(LDAP_VALUE(values, 0));

			LDAP_VALUE_FREE(values);

			if (entry->posix_username == NULL) {

				free_entry(&entry);

				ldap_msgfree(result);

				return NULL;

			}

		} else if (strcmp(attrs[i], s_cfg->uidNumber_attr) == 0) {

			entry->uid = strdup(LDAP_VALUE(values, 0));

			LDAP_VALUE_FREE(values);

			if (entry->uid == NULL) {

				free_entry(&entry);

				ldap_msgfree(result);

				return NULL;

			}

		} else if (strcmp(attrs[i], s_cfg->gidNumber_attr) == 0) {

			entry->gid = strdup(LDAP_VALUE(values, 0));

			LDAP_VALUE_FREE(values);

			if (entry->gid == NULL) {

				free_entry(&entry);

				ldap_msgfree(result);

				return NULL;

			}

		} else {

#ifdef STANDARD20_MODULE_STUFF

			ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, "mod_ldap_userdir: ldap_get_values() loop found unknown attr %s", attrs[i]);

#else

			ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "mod_ldap_userdir: ldap_get_values() loop found unknown attr %s", attrs[i]);

#endif

			LDAP_VALUE_FREE(values);

		}

		++i;

	}

#ifdef STANDARD20_MODULE_STUFF

	/* A cache timeout of 0 disables caching. */

	if (s_cfg->cache_timeout != 0) {

		entry->inserted_at = time(NULL);

		apr_hash_set(s_cfg->homedirHt, entry->posix_username,

			APR_HASH_KEY_STRING, entry);

	}

#endif /* STANDARD20_MODULE_STUFF */

	ldap_msgfree(result);

	return entry;

}

static int

translate_ldap_userdir(request_rec *r)

{

	const char *w, *dname;

	char *name = r->uri;

	const ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(r->server->module_config, &ldap_userdir_module);

	const char *userdirs = s_cfg->userdir;

	request_rec *notes_req;

	struct hash_entry *user_info;

	/*

	 * If the URI doesn't match our basic pattern, we've nothing to do with

	 * it.

	 */

	if ((s_cfg->userdir == NULL) ||

	    (name[0] != '/') ||

	    (name[1] != '~'))

	{

		return DECLINED;

	}

	dname = name + 2;

	w = ap_getword(r->pool, &dname, '/');

	/*

	 * This 'dname' funny business involves backing it up to capture the '/'

	 * delimiting the "/~user" part from the rest of the URL, in case there

	 * was one (the case where there wasn't being just "GET /~user HTTP/1.0",

	 * for which we don't want to tack on a '/' onto the filename).

	 */

	if (dname[-1] == '/') {

		--dname;

	}

	/*

	 * If there's no username, it's not for us. Ignore . and .. as well.

	 */

	if (w[0] == '\0' || (w[1] == '.' && (w[2] == '\0' || (w[2] == '.' && w[3] == '\0')))) {

		return DECLINED;

	}

	user_info = get_ldap_homedir((ldap_userdir_config *)s_cfg, r, w);

	if (user_info == NULL) {

		return DECLINED;

	}

	while (*userdirs) {

		const char *userdir = ap_getword_conf(r->pool, &userdirs);

		char *filename;

#ifdef STANDARD20_MODULE_STUFF

		apr_finfo_t statbuf;

		apr_status_t rv;

		int is_absolute = ap_os_is_path_absolute(r->pool, userdir);

#else

		struct stat statbuf;

		int is_absolute = ap_os_is_path_absolute(userdir);

#endif

		char *x = NULL, *redirect;

		if (AP_STRCHR_C(userdir, '*')) {

			x = ap_getword(r->pool, &userdir, '*');

		}

		if (userdir[0] == '\0' || is_absolute) {

			if (x) {

				if (AP_STRSTR_C(x, "://") && !is_absolute)	{

					redirect = AP_PSTRCAT(r->pool, x, w, userdir, dname, NULL);

					AP_TABLE_SETN(r->headers_out, "Location", redirect);

					return HTTP_MOVED_TEMPORARILY;

				} else {

					filename = AP_PSTRCAT(r->pool, x, w, userdir, NULL);

				}

			} else {

				filename = AP_PSTRCAT(r->pool, userdir, "/", w, NULL);

			}

		} else if (x && AP_STRSTR_C(x, "://")) {

			redirect = AP_PSTRCAT(r->pool, x, w, userdir, dname, NULL);

			AP_TABLE_SETN(r->headers_out, "Location", redirect);

			return HTTP_MOVED_TEMPORARILY;

		} else {

			filename = AP_PSTRCAT(r->pool, user_info->homedir, "/", userdir, NULL);

		}

		/* Now see if it exists, or we're at the last entry. If we're

		 * at the last entry, then use the filename generated (if there

		 * is one) anyway, in the hope that some handler might handle

		 * it. This can be used, for example, to run a CGI script for

		 * the user.

		 */

#ifdef STANDARD20_MODULE_STUFF

		if (filename &&

		    (!*userdirs ||

		     ((rv = apr_stat(&statbuf, filename, APR_FINFO_MIN, r->pool)) == APR_SUCCESS ||

		      rv == APR_INCOMPLETE)))

#else

		if (filename && (!*userdirs || stat(filename, &statbuf) != -1))

#endif

		{

			r->filename = AP_PSTRCAT(r->pool, filename, dname, NULL);

			/* When statbuf contains info on r->filename, we can save

			 * a syscall by copying it to r->finfo.

			 */

			if (*userdirs && dname[0] == 0) {

				r->finfo = statbuf;

			}

			/* We could be servicing a sub-request; make sure we put notes

			 * on the main request.

			 */

			if (r->main) {

				notes_req = r->main;

			} else {

				notes_req = r;

			}

			/* For use in the get_suexec_identity phase. */

			AP_TABLE_SETN(notes_req->notes, "mod_ldap_userdir_user", user_info->posix_username);

			AP_TABLE_SETN(notes_req->notes, "mod_ldap_userdir_uid", user_info->uid);

			AP_TABLE_SETN(notes_req->notes, "mod_ldap_userdir_gid", user_info->gid);

			return OK;

		}

	}

	return DECLINED;

}

#ifdef STANDARD20_MODULE_STUFF

#ifdef HAVE_UNIX_SUEXEC

static ap_unix_identity_t *get_suexec_id_doer(const request_rec *r)

{

	const char *username = apr_table_get(r->notes, "mod_ldap_userdir_user"),

	           *uidNumber = apr_table_get(r->notes, "mod_ldap_userdir_uid"),

	           *gidNumber = apr_table_get(r->notes, "mod_ldap_userdir_gid");

	char *endptr = NULL;

	const ldap_userdir_config *s_cfg = (ldap_userdir_config *) ap_get_module_config(r->server->module_config, &ldap_userdir_module);

	ap_unix_identity_t *ugid;

	if (!username) {

		return NULL;

	}

	if (!uidNumber) {

# ifdef STANDARD20_MODULE_STUFF

		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, NULL, "mod_ldap_userdir: user %s has no %s attr, ignoring suexec request.", username, s_cfg->uidNumber_attr);

# else

		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL, "mod_ldap_userdir: user %s has no %s attr, ignoring suexec request.", username, s_cfg->uidNumber_attr);

# endif

		return NULL;

	}

	if (!gidNumber) {

# ifdef STANDARD20_MODULE_STUFF

		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, NULL, "mod_ldap_userdir: user %s has no %s attr, ignoring suexec request.", username, s_cfg->gidNumber_attr);