DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=39529>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39529 Summary: No Authentication dialog thrown once valid username (but incorrect password) is entered Product: Apache httpd-2 Version: 2.2.2 Platform: Other OS/Version: Windows 2000 Status: NEW Severity: major Priority: P2 Component: mod_authz_ldap AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] My Config: LoadModule authz_user_module modules/mod_authz_user.so LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so <Location /ldap2> AuthBasicProvider ldap AuthType Basic AuthName "LDAP secure2" AuthLDAPBindDN "testdomain2\\Administrator" AuthLDAPBindPassword password AuthLDAPUrl "ldap://server:389/OU=Test Users,DC=testdomain2,DC=local?sAMAccountName" AuthzLDAPAuthoritative off require valid-user </Location> I'm authenticating against an Active Directory. I observe that if I enter a correct user name but incorrect password I am not asked to reauthenticate, I just get an internal server error. This is due to this piece of code: mod_authnz_ldap.c static authn_status authn_ldap_check_password(request_rec *r, const char *user, const char *password) { ... return (LDAP_NO_SUCH_OBJECT == result) ? AUTH_USER_NOT_FOUND #ifdef LDAP_SECURITY_ERROR : (LDAP_SECURITY_ERROR(result)) ? AUTH_DENIED #endif : AUTH_GENERAL_ERROR; ... } LDAP_SECURITY_ERROR is not defined in the winldap SDK (nor the Sun ONE sdk) - I presume it is an OpenLDAP addition. This results in any error other than an invalid object being treated as an internal server error. This can be corrected by modifying to: #ifdef LDAP_SECURITY_ERROR : (LDAP_SECURITY_ERROR(result)) ? AUTH_DENIED #else : LDAP_INAPPROPRIATE_AUTH == result ? AUTH_DENIED : LDAP_INVALID_CREDENTIALS == result ? AUTH_DENIED : LDAP_INSUFFICIENT_RIGHTS == result ? AUTH_DENIED #endif -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
