httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fenlason, Josh" <jfenla...@ptc.com>
Subject RE: Authentication Bug? (Patch?)
Date Fri, 02 Jun 2006 17:03:24 GMT
I made the following patch to mod_authnz_ldap.c and it fixed my issue.
Does any one have any comments?  Any chance this could be committed?
Anything else I need to do?  Thanks.
,
Josh.

*** mod_authnz_ldap.c   Fri Apr 21 20:53:05 2006
--- mod_authnz_ldap.c.patch     Fri Jun 02 11:48:41 2006
***************
*** 409,415 ****
                        "[%" APR_PID_T_FMT "] auth_ldap authenticate: "
                        "user %s authentication failed; URI %s
[%s][%s]",
                        getpid(), user, r->uri, ldc->reason,
ldap_err2string(result));
!
          return (LDAP_NO_SUCH_OBJECT == result) ? AUTH_USER_NOT_FOUND
  #ifdef LDAP_SECURITY_ERROR
                   : (LDAP_SECURITY_ERROR(result)) ? AUTH_DENIED
--- 409,417 ----
                        "[%" APR_PID_T_FMT "] auth_ldap authenticate: "
                        "user %s authentication failed; URI %s
[%s][%s]",
                        getpid(), user, r->uri, ldc->reason,
ldap_err2string(result));
!         if ( LDAP_INVALID_CREDENTIALS == result ) {
!             return AUTH_DENIED;  // user provided invalid credentials.
deny them so they can retry
!         }
          return (LDAP_NO_SUCH_OBJECT == result) ? AUTH_USER_NOT_FOUND
  #ifdef LDAP_SECURITY_ERROR
                   : (LDAP_SECURITY_ERROR(result)) ? AUTH_DENIED



________________________________

	From: Fenlason, Josh 
	Sent: Friday, June 02, 2006 10:07 AM
	To: 'dev@httpd.apache.org'
	Subject: Authentication Bug?
	
	
	
	I'm trying to move to Apache 2.2.2 and I'm running into some
authentication troubles.  
	When I enter the correct username/password it authenticates
properly.  When I enter an invalid username, I get prompted up to three
times and it fails with a 401 like expected.  My problem is when I
attempt to authenticate with a valid username and provide an invalid
password.  It fails with a 500 error and this message is in the error
log "[3692] auth_ldap authenticate: user admin authentication failed;
URI / [ldap_simple_bind_s() to check user credentials failed][Invalid
Credentials]".  It only prompts me once.  If I don't enter the correct
password, it fails for the browser session.  
	I'm not the only one experiencing this issue, see the thread on
the user list
(http://marc.theaimsgroup.com/?l=apache-httpd-users&m=114910962114624&w=
2).  
	Is there something wrong with my configuration?  If not, I can
open a bug.  In my opinion this would be a pretty serious regression
from Apache 2.0.x (hopefully I'm just missing something obvious though).
	,
	Josh.
	 
	Here's my authentication configuration:
	 
	    <AuthnProviderAlias ldap test>
	      AuthLDAPURL ldap://localhost/ou=people
<ldap://localhost/ou=people> 
	    </AuthnProviderAlias>
	 
	    <Location />
	      AuthzLDAPAuthoritative off
	      AuthName "Test"
	      AuthType Basic
	      AuthBasicProvider test
	      require valid-user
	    </Location>


Mime
View raw message