httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 17599] - auth ldap binds as user and loses access rights
Date Sat, 15 Nov 2003 01:31:58 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17599>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17599

auth ldap binds as user and loses access rights





------- Additional Comments From tjeffers@iquest.net  2003-11-15 01:31 -------
Here is the diff for the patch (after reading the contribute info, duh). I have
done limited testing with openldap on Redhat 9 and the Sun LDAP SDK 5.08 on
Solaris 8.

--- util_ldap.c Fri Nov 14 18:34:39 2003
***************
*** 870,885 ****
       * fails, it means that the password is wrong (the dn obviously
       * exists, since we just retrieved it)
       */
!     if ((result =
!          ldap_simple_bind_s(ldc->ldap, const_cast(*binddn),
const_cast(bindpw))) ==
!          LDAP_SERVER_DOWN) {
!         ldc->reason = "ldap_simple_bind_s() to check user credentials failed
with server down";
!         ldap_msgfree(res);
!         goto start_over;
!     }
!
!     /* failure? if so - return */
!     if (result != LDAP_SUCCESS) {
          ldc->reason = "ldap_simple_bind_s() to check user credentials failed";
          ldap_msgfree(res);
          return result;
--- 870,878 ----
       * fails, it means that the password is wrong (the dn obviously
       * exists, since we just retrieved it)
       */
!     ldc = util_ldap_connection_find(r, ldc->host, ldc->port, *binddn, bindpw,
!                                     ldc->deref, ldc->secure);
!     if (LDAP_SUCCESS != (result = util_ldap_connection_open(r, ldc))) {
          ldc->reason = "ldap_simple_bind_s() to check user credentials failed";
          ldap_msgfree(res);
          return result;

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message