httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] LDAP logins with non us-ascii characters in passwords fail
Date Fri, 26 Mar 2010 16:29:44 GMT
On Fri, Mar 26, 2010 at 12:23 PM, Chris Franks
<chris.franks@newcastle.ac.uk> wrote:
> Hi,
>
> We're experiencing problems authenticating users with complex characters (8 bit character
outside the us-ascii set e.g. pound-sterling symbol) in their password.
>
> We're running Apache 2.2.3 on UNIX and, for Kerberos, running kinit from the command
line authenticates users correctly (including users with complex characters in their password).
 Through Apache though using Kerberos or LDAP, we're getting login failures only for this
subset of users.  For LDAP authentication, mod_authz_ldap logs:
>
> [Fri Mar 26 14:24:33 2010] [error] [client 128.240.56.105] [10639] bind as CN=user,OU=Users,DC=ncl,DC=ac,DC=uk
failed: 49
> [Fri Mar 26 14:24:33 2010] [error] [client 128.240.56.105] [10639] basic LDAP authentication
of user 'user' failed
>
> This would suggest that some translation of the password between the basic-auth and the
LDAP server is not working.  Because we can use kinit successfully on the command line for
Kerberos I'm pretty much ruling out the operating system (CENTOS) and was wondering if anyone
has any experience of this kind of problem with Apache?

mod_authnz_ldap has some code that allows Apache to try to guess what
non-utf8 charset the username or password (development branch only I
believe) might have been transmitted in.  See
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318 or
http://httpd.apache.org/docs/2.1/mod/mod_authnz_ldap.html#authldapcharsetconfig


-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message