httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46505] New: Incorrect AuthzLDAPAuthoritative documentation
Date Fri, 09 Jan 2009 19:06:15 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46505

           Summary: Incorrect AuthzLDAPAuthoritative documentation
           Product: Apache httpd-2
           Version: 2.2.3
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: Documentation
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: ggrussenmeyer@gmail.com


The documentation of the AuthzLDAPAuthoritative directive
(http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authzldapauthoritative)
states that 
"When no LDAP-specific Require directives are used, authorization is allowed to
fall back to other modules as if AuthzLDAPAuthoritative  was set to off."

However, the following configuration:

   AuthType Basic
   AuthName "My Auth Name"
   AuthBasicProvider ldap
   AuthLDAPURL "ldap://localhost/ou=Users,dc=domain,dc=com?uid"
   Require valid-user

leads to authorization failure (401) although LDAP search and bind is
successfull: authorization does not seem to fallback to mod_authz_user...

Simply adding the "AuthzLDAPAuthoritative Off" directive does the trick and
authorization then succeeds.

So by default, although "no LDAP-specific Require directives are used",
"authorization" does not "fall back to other modules as if
AuthzLDAPAuthoritative  was set to off", contrary to what is stated in the
documentation.

Thanks to Daniel Markle and his related blog post:
http://ashtech.net/~syntax/blog/archives/108-Making-Apache-2.2-valid-user-work-with-mod_authnz_ldap.html


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message