httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 48340] Binding with user-supplied credentials
Date Tue, 08 Dec 2009 13:34:20 GMT

--- Comment #4 from Eric Covener <> 2009-12-08 05:34:19 UTC ---
> I'm wondering what we're accomplishing by doing the authorization with the
> bound user?  We're already using the config-supplied DN and password to bind
> during the authentication phase, and your patch still requires authentication
> to be provided by mod_authnz_ldap (to cache the password for the authorization
> bind), so what are we gaining by binding as the user only in the latter phase?

Reporter has an LDAP server that allows anonymous searches but does not allow
anonymous compares [rather it's configured that way].  So he leaves off the
bind dn/password to retrieve the DN, but can't do certain types of authz

If I commit the patch, I will make the directive sound less general and put
some time into the doc.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message