httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 45674] New: Allow to change error code returned by "Require ldap-filter"
Date Fri, 22 Aug 2008 13:57:06 GMT

           Summary: Allow to change error code returned by "Require ldap-
           Product: Apache httpd-2
           Version: 2.2.9
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_authz_ldap

Created an attachment (id=22474)
 --> (
AuthzLDAPUnauthorized directive may be set to 401 or 403

I have a configuration where different parts of website are available to
different people. Something like:
<VirtualHost *:443>
AuthType Kerberos
  <Location /xxx>
    Require ldap-filter uid=*
  <Location /yyy>
    Require ldap-filter &(o=something)(zz=value)

When user fails to pass through "require ldap-filter" directive when accessing
/yyy directory, he gets error 401.  In many browsers, it means that he is
re-asked to type his name/password, even if he decides to go back to /xxx
directory. So, I'd like mod_authz_ldap to return 403 instead of 401 in such

There already was similar bug 40721 (I completely agree with you that 401 MUST
be the default error code), but I propose to make things more flexible.

The attached patch adds AuthzLDAPUnauthorized directive, which is 401 by
default, but may be set to 403 by user.

If you'd like it to have boolean switch (to avoid user setting
AuthzLDAPUnauthorized to 200), feel free to ask me to rework my patch.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message