httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 27271] New: - mod_auth_ldap on active directory fail after entering false credentials
Date Thu, 26 Feb 2004 21:35:43 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27271>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27271

mod_auth_ldap on active directory fail after entering false credentials

           Summary: mod_auth_ldap on active directory fail after entering
                    false credentials
           Product: Apache httpd-2.0
           Version: 2.0.48
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Blocker
          Priority: Other
         Component: mod_authn_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: grossniklaus@inf.ethz.ch


I'm running Apache/2.0.48 (Win32) with mod_ssl/2.0.48 and OpenSSL/0.9.7c on a 
Windows 2000 Advanced Server SP4. I've configured the mod_auth_ldap that came 
with the Apache distribution to validate user accounts against my ADS.

Therefore I've included the following lines into my httpd.conf:

LoadModule auth_ldap_module modules/mod_auth_ldap.so LoadModule ldap_module 
modules/util_ldap.so

and

<Directory "C:/Program Files/Apache Group/Apache2/htdocs"> Options Indexes 
FollowSymLinks AllowOverride None Order allow,deny Allow from all 
AuthName "Global Information Systems Domain"
AuthType Basic
AuthLDAPUrl "ldap://localhost/dc=globis,dc=infk,dc=d,dc=ethz,dc=ch?
sAMAccountName?sub?(objectCategory=Person)(objectClass=User)"
AuthLDAPBindDN "cn=LDAPUser,cn=Users,dc=globis,dc=infk,dc=d,dc=ethz,dc=ch"
AuthLDAPBindPassword "*********"
require valid-user
</Directory>

Now, the problem is REALLY strange! As long as the users enter their 
credentials correctly, everything works perfectly... But (and it's a big BUT) 
as soon someone enters a wrong user/password, the validation always fails from 
any machine and browser until the Apache service is restarted...

The following warning is logged in the "error_log" file once:
[Thu Feb 26 21:37:13 2004] [warn] [client 129.132.13.8] [6884] auth_ldap 
authenticate: user abc authentication failed; URI /
[ldap_simple_bind_s() to check user credentials failed][Invalid Credentials]

Every subsequent attempt to log in produces the following error:
[Thu Feb 26 21:37:37 2004] [warn] [client 129.132.13.8] [6884] auth_ldap 
authenticate: user abc authentication failed; URI / [User not found][No Such 
Object] [Thu Feb 26 21:38:39 2004] [warn] [client 129.132.13.28] [6884] 
auth_ldap authenticate: user xyz authentication failed; URI / [User not found]
[No Such Object]

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message