httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45318] New: mod_authnz_ldap does not convert passwords to UTF-8
Date Tue, 01 Jul 2008 17:06:53 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318

           Summary: mod_authnz_ldap does not convert passwords to UTF-8
           Product: Apache httpd-2
           Version: 2.2.9
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: mod_authn_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: joh_m@gmx.de


Created an attachment (id=22202)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=22202)
Patch to support converting passwords to UTF-8 in mod_authnz_ldap.c

Hello,

we are using basic authentication against an LDAPv3 server, which talks UTF-8.

The authentication fails, if a user has special characters in his password
(like the paragraph character ยง).
This is 0xA7 in ISO-8859-1 from the client, but should be 0xC2A7 in UTF-8 to
the directory server.
This happens with every character, which is not ASCII, because it is a two-byte
character then. (First bit is always 0 in UTF-8 for one-byte characters)

mod_authnz_ldap only converts usernames correctly (if given
"AuthLDAPCharsetConfig conf/charset.conv"), but not passwords!

I have written a patch against httpd 2.2.9.
See attachments.


========
LOG FILE
========
[Thu Jun 26 18:18:51 2008] [debug] mod_authnz_ldap.c(376): [client
10.192.120.192] [30522] auth_ldap authenticate: using URL
ldap://ldap.intranet.mycompany.com:38
9/ou=Users,o=MYCOMPANY,c=de?uid?sub
[Thu Jun 26 18:18:54 2008] [warn] [client 10.192.120.192] [30522] auth_ldap
authenticate: user J23259 authentication failed; URI /webhosting/
[ldap_simple_bin
d_s() to check user credentials failed][Invalid credentials]
[Thu Jun 26 18:18:54 2008] [error] [client 10.192.120.192] user J23259:
authentication failure for "/webhosting/": Password Mismatch


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message