httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 46505] New: Incorrect AuthzLDAPAuthoritative documentation
Date Fri, 09 Jan 2009 19:06:15 GMT

           Summary: Incorrect AuthzLDAPAuthoritative documentation
           Product: Apache httpd-2
           Version: 2.2.3
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: Documentation

The documentation of the AuthzLDAPAuthoritative directive
states that 
"When no LDAP-specific Require directives are used, authorization is allowed to
fall back to other modules as if AuthzLDAPAuthoritative  was set to off."

However, the following configuration:

   AuthType Basic
   AuthName "My Auth Name"
   AuthBasicProvider ldap
   AuthLDAPURL "ldap://localhost/ou=Users,dc=domain,dc=com?uid"
   Require valid-user

leads to authorization failure (401) although LDAP search and bind is
successfull: authorization does not seem to fallback to mod_authz_user...

Simply adding the "AuthzLDAPAuthoritative Off" directive does the trick and
authorization then succeeds.

So by default, although "no LDAP-specific Require directives are used",
"authorization" does not "fall back to other modules as if
AuthzLDAPAuthoritative  was set to off", contrary to what is stated in the

Thanks to Daniel Markle and his related blog post:

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message