https://bz.apache.org/bugzilla/show_bug.cgi?id=58598
Bug ID: 58598
Summary: Internal Server Error (500) when requesting
non-existing LDAP attribute
Product: Apache httpd-2
Version: 2.4.7
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_authnz_ldap
Assignee: [email protected]
Reporter: [email protected]
The LDAP section of my configuration file is as follows:
<Location /login>
AuthType Basic
AuthName "Trac Issue Tracking System"
AuthBasicProvider "ldap"
AuthLDAPURL "ldap://myserver.com:3268/DC=ivc?sAMAccountName,mailNickname
AuthLDAPBindDN 'ldapuser'
AuthLDAPBindPassword 'secret'
AuthLDAPRemoteUserAttribute mailNickname
Require valid-user
WSGIApplicationGroup %{GLOBAL}
</Location>
Most users have an attribute called 'mailNickname' and they can log in fine.
Last week there was a user without that attribute set up and when he tried to
log in, he got '500 Internal Server Error'.
When I tried to log in from the same browser window (page myserver.com/login),
I persistently get error 500, even after restarting Apache. This is likely due
to caching of the credentials in my browser.
When I accessed the page using http://username:[email protected]/login, I
could log in without a problme.
The relevant section from /var/log/apache2/error.log reads:
[Mon Nov 09 08:24:45.695909 2015] [core:error] [pid 9579:tid 140571528066816]
[client 10.64.10.200:40516] AH00027: No authentication done but request not
allowed without authentication for /login. Authentication not configured?
The error message is very confusing. Authentication is done and passes but the
requested attribute (AuthLDAPRemoteUserAttribute mailNickname) can't be found.
Is it possible to improve error reporting? The current error message pointed me
in the wrong direction.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
