httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From paredes <>
Subject Re: [users@httpd] AuthBasicProvider ldap dbd not failing through
Date Thu, 24 Jan 2008 20:13:57 GMT

Only the 1st provider hits and returns "user not found" or "password 
mismatch". The 2nd provider is never seen. I had expected to see some 
type of error related to the 2nd provider. In the case where I use 
"AuthBasicProvider ldap dbd" & provide a valid ldap user:password the 
logs show ldap correctly authenticating/authorizing. When I provide a 
valid mysql only user:password, the logs show that ldap fails but no 
other action is taken.

When the arguments are reversed, and a valid mysql user:password is 
presented the logs shows a hit with mysql correctly authenticating. But 
when I provide an ldap only user:password the logs show mysql correctly 
rejecting the user but no ldap activity.


Eric Covener wrote:
> On Jan 24, 2008 2:22 PM, paredes <> wrote:
>> Greetings!
>> I've successfully built apache2.2.8 with all the appropriate modules
>> [mod_authn*, mod_authz*, mod_dbd*, mod_ldap* etc etc] for ldap & mysql
>> support. An ldap [valid-user] protected area works fine. A mysql
>> [valid-user] protected area works fine. A mysql [require-dbd-group]
>> group protected area works fine.
>> However,  when I use the "AuthBasicProvider ldap dbd" directive to
>> protect an area with ldap "failing through" to mysql the fall through
>> never occurs. Authentication / authorization seemingly gets "stuck" on
>> the first AuthBasicProvider argument. The 2nd argument is always ignored.
> When you're testing the two AuthBasicProvider's, are they both hitting
> their respective "user not found" case?
> For LDAP, this is normally not being able to convert the basic auth
> username into a DN on the LDAP server.
> If for some reason your testcase has some kind of later authn failure,
> it might result in the modules telling mod_auth_basic "yes, i'm
> supposed to handle this but it's a bad userid".

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message