httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 45393] Apache returns 500 Error when no LDAP credentials are supplied
Date Thu, 17 Jul 2008 20:18:06 GMT

--- Comment #2 from Dan Stusynski <>  2008-07-17 13:18:05 PST ---
The additional bug 41435 seems the same as this one I reported (not sure if
that is what you were referring to). I tried to decide on a way to modify
mod_authnz_ldap.c authn_ldap_build_filter() function to handle this situation
but I don't see a way that one can build a valid MS LDAP filter that is 1)
valid for syntax and 2) that isn't guaranteed to return any users. Simply using
objectclass=* wouldn't work for the use case of 1 LDAP user, nor would the
attempt to have a uid=null (a null string) since that gets translated to a
literal uid when searching LDAP (as opposed to '\0' or similar C

I'm left thinking that just modifying util_ldap.c as the original poster in
that bug mentioned is a decent option while adding a check that the requests
user isn't blank (so we only gobble the FILTER_ERROR when a username is blank).
For example: 

/* MS LDAP SDK returns a FILTER ERROR when searching for "attr=" 
   attribute=nothing). Check the result error and user length from the request
   and return invalid instead of 500. */
    if ( (result == LDAP_FILTER_ERROR) && (strlen(r->user) <= 0) )
        ldc->reason = "ldap_search_ext_s() to search for user failed";

Place this just after the ldap_search_ext_s() ldap call and before the all
encompassing if (result != LDAP_SUCCESS) statement.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message