DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21787>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21787 LDAP authentication failure does not recover properly [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[EMAIL PROTECTED] OS/Version|Other |All Platform|PC |All ------- Additional Comments From [EMAIL PROTECTED] 2003-10-14 04:14 ------- We have also experienced the same problem. The listed change from above does work at least for 2.0.47 on Windows 2003 against AD on 2003. After investigating this problem further I also come to the conclusion that the problem does occur because in the util_ldap_cache_checkuserid function (util_ldap.c) it is using an existing connection for the simple bind (line 874) and then allowing reuse of this connection (good or bad credentials). IMO after determining the credential pair doesn't exist in cache and getting the dn using the binddn+bindpw search, a new connection should be created to check the users credentials. After this has completed successfully or unsuccessfully this connection should be destroyed leaving the other connection untouched. This allows for the binddn+bindpw pair to be used for the searches and compares. This is also needed because in some environments the last authenticated user might not have the access to search for all users, while the binddn user should. I would take a shot at coding this, but I am not good with memory cleanup. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
