DO NOT REPLY [Bug 50257] New: mod_authnz_ldap always returning WWW-Authenticate header, even when authentication succeeds

Thu, 11 Nov 2010 12:25:48 -0800 

https://issues.apache.org/bugzilla/show_bug.cgi?id=50257

           Summary: mod_authnz_ldap always returning WWW-Authenticate
                    header, even when authentication succeeds
           Product: Apache httpd-2
           Version: 2.2.16
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authz_ldap
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Moved from using mod_auth_krb to mod_authnz_ldap, and noticing a problem.

With previous setup, a successful authentication + failed authorization results
in a 401 w/o the WWW-Authenticate header. 

With mod_authnz_ldap, it always returns the WWW-Authenticate header, even if
authentication was successful.

This changes user behaviour significantly in the case of a page they are not
supposed to have access to, even though they have correctly entered their
userid+pw. 

I have not been able to find any combination of  authoritative config options
to get this to work as expected. Is this an expected limitation of
mod_authnz_ldap, or am I just missing something in my configuration?

---------
[Thu Nov 11 14:00:01 2010] [debug] mod_authnz_ldap.c(379): [client
131.151.49.1] [28790] auth_ldap authenticate: using URL
ldap://mst-gc.mst.edu:3268/dc=edu?sAMAccountName?sub?(objectClass=*)
[Thu Nov 11 14:00:01 2010] [debug] mod_authnz_ldap.c(484): [client
131.151.49.1] [28790] auth_ldap authenticate: accepting nneul
[Thu Nov 11 14:00:01 2010] [debug] mod_authnz_ldap.c(665): [client
131.151.49.1] [28790] auth_ldap authorise: require user: authorisation failed
[Comparison false (cached)][Compare False]
[Thu Nov 11 14:00:01 2010] [debug] mod_authnz_ldap.c(685): [client
131.151.49.1] [28790] auth_ldap authorise: require user: authorisation failed
[Comparison false (cached)][Compare False]
[Thu Nov 11 14:00:01 2010] [debug] mod_authnz_ldap.c(874): [client
131.151.49.1] [28790] auth_ldap authorise: authorisation denied
----------

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to