https://issues.apache.org/bugzilla/show_bug.cgi?id=46978
Michael <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW --- Comment #3 from Michael <[email protected]> 2009-10-16 07:18:16 UTC --- I can confirm that behaviour. Internet explorer displays his own "user friendly message": The page cannot be displayed. Firefox displays the defined ErrorDocument 401 or the apache default message "Authorization required". But in fact apache / mod_authnz_ldap should not send an 401, if the user is authenticated by mod_auth_kerb, but has no access due to missing ldap group membership. I would consider a 403 as the correct http status-code, because the access has to be denied. I'm using httpd-2.2.13 with mod_auth_kerb 5.4, the configuration is similar to wolfraider. AuthType Kerberos KrbAuthoritative off KrbMethodNegotiate on AuthName "Kerberos Login" Krb5Keytab /etc/apache22/kerberos/server.keytab KrbAuthRealms DOMAIN KrbServiceName HTTP/ser...@domain KrbSaveCredentials off KrbDelegateBasic off KrbLocalUserMapping on AuthzLDAPAuthoritative off AuthLDAPURL ldap://server:389/dc=company,dc=org?sAMAccountName?sub AuthLDAPRemoteUserAttribute sAMAccountName AuthLDAPBindDN "cn=user,ou=sys,dc=company,dc=org" AuthLDAPBindPassword password require ldap-group CN=MyGroup,OU=WEB,DC=company,DC=org -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
