https://issues.apache.org/bugzilla/show_bug.cgi?id=46505
Summary: Incorrect AuthzLDAPAuthoritative documentation
Product: Apache httpd-2
Version: 2.2.3
Platform: Other
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: Documentation
AssignedTo: [email protected]
ReportedBy: [email protected]
The documentation of the AuthzLDAPAuthoritative directive
(http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authzldapauthoritative)
states that
"When no LDAP-specific Require directives are used, authorization is allowed to
fall back to other modules as if AuthzLDAPAuthoritative was set to off."
However, the following configuration:
AuthType Basic
AuthName "My Auth Name"
AuthBasicProvider ldap
AuthLDAPURL "ldap://localhost/ou=Users,dc=domain,dc=com?uid";
Require valid-user
leads to authorization failure (401) although LDAP search and bind is
successfull: authorization does not seem to fallback to mod_authz_user...
Simply adding the "AuthzLDAPAuthoritative Off" directive does the trick and
authorization then succeeds.
So by default, although "no LDAP-specific Require directives are used",
"authorization" does not "fall back to other modules as if
AuthzLDAPAuthoritative was set to off", contrary to what is stated in the
documentation.
Thanks to Daniel Markle and his related blog post:
http://ashtech.net/~syntax/blog/archives/108-Making-Apache-2.2-valid-user-work-with-mod_authnz_ldap.html
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
