httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <>
Subject Re: Apache - MS LDAPSDK with multi-byte DN
Date Thu, 17 Jul 2008 12:28:32 GMT
On Wed, Jul 16, 2008 at 4:55 PM, Andy Wang <> wrote:
> the case where we're seeing this none of the arguments contain anything
> other than US ASCII characters.  If you're ldap_search_ext_sW call contains
> only US-ASCII but the returned DN contains UTF-8 shouldn't this still work
> or is there something I'm missing here?

Can you more concretely describe which LDAP call fails?  The sequence
is roughly:

authn: Apache searches for a DN that corresponds to the basic auth username
authn: Apache binds with the retrieved DN and the basic auth password
authz: Apache may do searches with a base of the retrieved DN.

You previously implied the failure happened after we'd bind'ed with
the DN to check the users password, which would mean the failing call
does in fact have non US-ASCII characters (the DN).  The only
US-ASCII-safe input in this workflow should be the initial search from
basic auth -> DN

If your LDAP data were somehow not the UTF-8 sequence you expected,
that might be the cause of the unexpected result.

Eric Covener

View raw message