httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45393] Apache returns 500 Error when no LDAP credentials are supplied
Date Thu, 17 Jul 2008 20:18:06 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45393





--- Comment #2 from Dan Stusynski <dstusynski@ptc.com>  2008-07-17 13:18:05 PST ---
The additional bug 41435 seems the same as this one I reported (not sure if
that is what you were referring to). I tried to decide on a way to modify
mod_authnz_ldap.c authn_ldap_build_filter() function to handle this situation
but I don't see a way that one can build a valid MS LDAP filter that is 1)
valid for syntax and 2) that isn't guaranteed to return any users. Simply using
objectclass=* wouldn't work for the use case of 1 LDAP user, nor would the
attempt to have a uid=null (a null string) since that gets translated to a
literal uid when searching LDAP (as opposed to '\0' or similar C
representation).

I'm left thinking that just modifying util_ldap.c as the original poster in
that bug mentioned is a decent option while adding a check that the requests
user isn't blank (so we only gobble the FILTER_ERROR when a username is blank).
For example: 

/* MS LDAP SDK returns a FILTER ERROR when searching for "attr=" 
   attribute=nothing). Check the result error and user length from the request
   and return invalid instead of 500. */
#if APR_HAS_MICROSOFT_LDAPSDK
    if ( (result == LDAP_FILTER_ERROR) && (strlen(r->user) <= 0) )
    {   
        ldc->reason = "ldap_search_ext_s() to search for user failed";
        ldap_msgfree(res);
        uldap_connection_unbind(ldc);
        return LDAP_INVALID_CREDENTIALS;
    }
#endif

Place this just after the ldap_search_ext_s() ldap call and before the all
encompassing if (result != LDAP_SUCCESS) statement.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message