httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45674] New: Allow to change error code returned by "Require ldap-filter"
Date Fri, 22 Aug 2008 13:57:06 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45674

           Summary: Allow to change error code returned by "Require ldap-
                    filter"
           Product: Apache httpd-2
           Version: 2.2.9
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_authz_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: Alexandra.Kossovsky@oktetlabs.ru


Created an attachment (id=22474)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=22474)
AuthzLDAPUnauthorized directive may be set to 401 or 403

I have a configuration where different parts of website are available to
different people. Something like:
<VirtualHost *:443>
AuthType Kerberos
  <Location /xxx>
    Require ldap-filter uid=*
  </Location>
  <Location /yyy>
    Require ldap-filter &(o=something)(zz=value)
  </Location>
</VirtualHost>

When user fails to pass through "require ldap-filter" directive when accessing
/yyy directory, he gets error 401.  In many browsers, it means that he is
re-asked to type his name/password, even if he decides to go back to /xxx
directory. So, I'd like mod_authz_ldap to return 403 instead of 401 in such
cases.

There already was similar bug 40721 (I completely agree with you that 401 MUST
be the default error code), but I propose to make things more flexible.

The attached patch adds AuthzLDAPUnauthorized directive, which is 401 by
default, but may be set to 403 by user.

If you'd like it to have boolean switch (to avoid user setting
AuthzLDAPUnauthorized to 200), feel free to ask me to rework my patch.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message