DO NOT REPLY [Bug 46608] New: Multiple auth failover [LDAP -> MySQL] does not work on apache 2.2.11

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=46608

           Summary: Multiple auth failover [LDAP -> MySQL] does not work on
                    apache 2.2.11
           Product: Apache httpd-2
           Version: 2.2.11
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_auth
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: pare...@aecom.yu.edu


Multiple auth failover [LDAP -> MySQL] does not work on apache 2.2.11
A realm protected with LDAP alone works correctly:

<directory>
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "LDAP"
AuthBasicProvider ldap
AuthUserFile /dev/null
AuthLDAPUrl "ldap://ldap.server";
Require valid-user
</directory>

A realm protected with MySQL alone works correctly:

DBDriver mysql
DBDParams "host=localhost dbname=http_auth user=xxxxxx pass=xxxxxx"
DBDMIN 1
DBDKEEP 2
DBDMax 10
DBDExptime 60

<Directory "/usr/local/apache2/htdocs/mysql">
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "MySQL"
AuthBasicProvider dbd
Require valid-user
AuthDBDUserPWQuery "Select passwd FROM mysql_auth where username=%s"
</Directory>

However, a realm with a fail-over from LDAP to MySQL does NOT work:

<directory "/usr/local/apache2/htdocs/ldap2mysql">
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "LDAP-2-MySQL"
AuthBasicProvider ldap dbd
AuthzLDAPAuthoritative off
AuthDBDUserPWQuery "Select passwd FROM mysql_auth where username=%s"
AuthLDAPUrl "ldap://ldap.server";
Require valid-user
</directory>

The 1st auth provider is correctly executed if authentication is true.
If the 1st provider fails to authenticate it never fails-over to the 2nd
provider.

I've systematically swapped the order in which the provider appears, 
the order of the directives inside the directory containers, 
& the order in which the modules are loaded.

*** Interestingly, when the authproviders are file & ldap, or file & mysql, 
the fail-over works as documented.

*** The error logs [debug level] shows nothing remarkable.

*** macpro, os-x 10.5.5, apache 2.2.11, mysql 5.1.30

*** LDAP -> MYSQL fail-over has not worked in any of the 2.2.xx builds.

Regards,
William Paredes
Dept of Education
Albert Einstein College of Medicine


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org