httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 48340] Binding with user-supplied credentials
Date Tue, 08 Dec 2009 13:34:20 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48340

--- Comment #4 from Eric Covener <covener@gmail.com> 2009-12-08 05:34:19 UTC ---
> I'm wondering what we're accomplishing by doing the authorization with the
> bound user?  We're already using the config-supplied DN and password to bind
> during the authentication phase, and your patch still requires authentication
> to be provided by mod_authnz_ldap (to cache the password for the authorization
> bind), so what are we gaining by binding as the user only in the latter phase?
> 

Reporter has an LDAP server that allows anonymous searches but does not allow
anonymous compares [rather it's configured that way].  So he leaves off the
bind dn/password to retrieve the DN, but can't do certain types of authz
anonymously.

If I commit the patch, I will make the directive sound less general and put
some time into the doc.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message