httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 17599] - auth ldap binds as user and loses access rights
Date Fri, 14 Nov 2003 20:26:16 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17599>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17599

auth ldap binds as user and loses access rights





------- Additional Comments From tjeffers@iquest.net  2003-11-14 20:26 -------
I have been able to track down what is causing my "require group" problem 
mentioned above. I have tracked the problem to the util_ldap_cache_checkuserid 
function in util_ldap.c. This function does an ldap_simple_bind_s to verify the 
retrieved dn and user supplied password is correct. This bind is not made 
through the connection caching routines and therefore the managed (cached) 
connections don't sync with reality. I have modified my copy of util_ldap.c and 
have got it working but would like for someone else to test this. I am not a C 
developer so feel free to improve (or correct) this code:

in modules/experimental/util_ldap.c:

 -- comment out lines 873 through 879.

 -- add the following after line 881
      ldc = util_ldap_connection_find(r, ldc->host, ldc->port, *binddn, bindpw, 
ldc->deref, ldc->secure);

 -- change the condition on the if statment on line 882 (now 883) to
      if (LDAP_SUCCESS != (result = util_ldap_connection_open(r, ldc))) {

I am using 2.0.48 on Redhat 9 and Solaris 8

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message