httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From paredes <pare...@aecom.yu.edu>
Subject Re: [users@httpd] AuthBasicProvider ldap dbd not failing through
Date Thu, 24 Jan 2008 20:13:57 GMT
Hi!

Only the 1st provider hits and returns "user not found" or "password 
mismatch". The 2nd provider is never seen. I had expected to see some 
type of error related to the 2nd provider. In the case where I use 
"AuthBasicProvider ldap dbd" & provide a valid ldap user:password the 
logs show ldap correctly authenticating/authorizing. When I provide a 
valid mysql only user:password, the logs show that ldap fails but no 
other action is taken.

When the arguments are reversed, and a valid mysql user:password is 
presented the logs shows a hit with mysql correctly authenticating. But 
when I provide an ldap only user:password the logs show mysql correctly 
rejecting the user but no ldap activity.

Regards,
-bill



Eric Covener wrote:
> On Jan 24, 2008 2:22 PM, paredes <paredes@aecom.yu.edu> wrote:
>   
>> Greetings!
>>
>> I've successfully built apache2.2.8 with all the appropriate modules
>> [mod_authn*, mod_authz*, mod_dbd*, mod_ldap* etc etc] for ldap & mysql
>> support. An ldap [valid-user] protected area works fine. A mysql
>> [valid-user] protected area works fine. A mysql [require-dbd-group]
>> group protected area works fine.
>>
>> However,  when I use the "AuthBasicProvider ldap dbd" directive to
>> protect an area with ldap "failing through" to mysql the fall through
>> never occurs. Authentication / authorization seemingly gets "stuck" on
>> the first AuthBasicProvider argument. The 2nd argument is always ignored.
>>     
>
> When you're testing the two AuthBasicProvider's, are they both hitting
> their respective "user not found" case?
>
> For LDAP, this is normally not being able to convert the basic auth
> username into a DN on the LDAP server.
>
> If for some reason your testcase has some kind of later authn failure,
> it might result in the modules telling mod_auth_basic "yes, i'm
> supposed to handle this but it's a bad userid".
>
>   


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message