httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Franks <chris.fra...@newcastle.ac.uk>
Subject [users@httpd] LDAP logins with non us-ascii characters in passwords fail
Date Fri, 26 Mar 2010 16:23:43 GMT
Hi,

We're experiencing problems authenticating users with complex characters (8 bit character
outside the us-ascii set e.g. pound-sterling symbol) in their password.

We're running Apache 2.2.3 on UNIX and, for Kerberos, running kinit from the command line
authenticates users correctly (including users with complex characters in their password).
 Through Apache though using Kerberos or LDAP, we're getting login failures only for this
subset of users.  For LDAP authentication, mod_authz_ldap logs:

[Fri Mar 26 14:24:33 2010] [error] [client 128.240.56.105] [10639] bind as CN=user,OU=Users,DC=ncl,DC=ac,DC=uk
failed: 49
[Fri Mar 26 14:24:33 2010] [error] [client 128.240.56.105] [10639] basic LDAP authentication
of user 'user' failed

This would suggest that some translation of the password between the basic-auth and the LDAP
server is not working.  Because we can use kinit successfully on the command line for Kerberos
I'm pretty much ruling out the operating system (CENTOS) and was wondering if anyone has any
experience of this kind of problem with Apache?

Or LDAP servers are windows active directory, a mix of Windows 2003 and 2008 Server.  The
web servers are running CENTOS Linux with an off-the-shelf CENTOS Apache and mod_authz_ldap.

Is anyone experiencing similar problems?

Thanks,

Chris
Newcastle University

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message