httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45946] AuthLDAPUrl invokes mod_authnz_ldap although AuthBasicProvider=file
Date Sat, 04 Oct 2008 14:24:52 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45946





--- Comment #1 from Eric Covener <covener@gmail.com>  2008-10-04 07:24:52 PST ---
Can't tell for sure without your LogLevel debug errorlog for the failure, but
it seems like mod_authnz_ldap is trying to perform authorization, not
authentication.

When mod_authnz_ldap is used for authorization, it does some extra processing
if it wasn't also called for authentication -- namely mapping the username to a
DN.

When it fails to map a username to a DN, it returns as you describe -- but it
should have been able to check that a require ldap-* was even going to be
present (later on, it will use this in the same way it uses the authoritative
flag).

This would affect 2.2.x and not trunk because of differences in the
authentication.  My advice would be to set LDAP authorization as
non-authoritative if you must configure an AuthLDAPUrl globally, as these are
the two conditions LDAP authorization will use to step out of the way.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message