That's great! Thanks. , Josh.
> -----Original Message----- > From: Brad Nicholes [mailto:[EMAIL PROTECTED] > Sent: Friday, June 02, 2006 5:21 PM > To: dev@httpd.apache.org > Subject: RE: Authentication Bug? (Patch?) > > There has already been a bug submitted on this one > PR#39529. I have committed the patch in trunk and proposed > it for backport. > > Brad > > >>> On 6/2/2006 at 11:59 AM, in message > <[EMAIL PROTECTED]>, > "Fenlason, > Josh" <[EMAIL PROTECTED]> wrote: > > I'm building with iPlanet (v 5.08) on Unix and the > Microsoft LDAP SDK > on > > Windows. iPlanet is listed as a working SDK and 5.08 is the latest > that > > I know of. What about including my patch if the LDAP library > doesn't > > support LDAP_SECURITY_ERROR? If LDAP_SECURITY_ERROR isn't defined, > then > > include my patch. Thanks. > > , > > Josh. > > > >> -----Original Message----- > >> From: Brad Nicholes [mailto:[EMAIL PROTECTED] > >> Sent: Friday, June 02, 2006 12:38 PM > >> To: dev@httpd.apache.org > >> Subject: RE: Authentication Bug? (Patch?) > >> > >> Which LDAP client library are you linking with and what > version is > >> it. The problem is that your client library apparently doesn't > >> support the LDAP_SECURITY_ERROR macro. > >> This macro basically does what your patch is doing except that it > >> looks at the complete range of possible security related > failures. > >> The macro is defined as > >> > >> #define LDAP_RANGE(n,x,y) (((x) <= (n)) && ((n) <= (y))) > >> #define LDAP_SECURITY_ERROR(n) > >> LDAP_RANGE((n),0x30,0x32) /* 48-50 */ > >> > >> I know that both OpenLDAP and Novell LDAP support this macro. > >> > >> Brad > >> > >> > >> >>> On 6/2/2006 at 11:03 AM, in message > >> <[EMAIL PROTECTED]>, > >> "Fenlason, > >> Josh" <[EMAIL PROTECTED]> wrote: > >> > I made the following patch to mod_authnz_ldap.c and it fixed my > >> issue. > >> > Does any one have any comments? Any chance this could be > committed? > >> > Anything else I need to do? Thanks. > >> > , > >> > Josh. > >> > > >> > *** mod_authnz_ldap.c Fri Apr 21 20:53:05 2006 > >> > --- mod_authnz_ldap.c.patch Fri Jun 02 11:48:41 2006 > >> > *************** > >> > *** 409,415 **** > >> > "[%" APR_PID_T_FMT "] auth_ldap > >> authenticate: > >> " > >> > "user %s authentication failed; URI %s > >> > [%s][%s]", > >> > getpid(), user, r->uri, ldc->reason, > >> > ldap_err2string(result)); ! > >> > return (LDAP_NO_SUCH_OBJECT == result) ? > >> AUTH_USER_NOT_FOUND > >> > #ifdef LDAP_SECURITY_ERROR > >> > : (LDAP_SECURITY_ERROR(result)) ? AUTH_DENIED > >> > --- 409,417 ---- > >> > "[%" APR_PID_T_FMT "] auth_ldap > >> authenticate: > >> " > >> > "user %s authentication failed; URI %s > >> > [%s][%s]", > >> > getpid(), user, r->uri, ldc->reason, > >> > ldap_err2string(result)); > >> > ! if ( LDAP_INVALID_CREDENTIALS == result ) { > >> > ! return AUTH_DENIED; // user provided invalid > >> credentials. > >> > deny them so they can retry > >> > ! } > >> > return (LDAP_NO_SUCH_OBJECT == result) ? > >> AUTH_USER_NOT_FOUND > >> > #ifdef LDAP_SECURITY_ERROR > >> > : (LDAP_SECURITY_ERROR(result)) ? AUTH_DENIED > >> > > >> > > >> > > >> > ________________________________ > >> > > >> > From: Fenlason, Josh > >> > Sent: Friday, June 02, 2006 10:07 AM > >> > To: 'dev@httpd.apache.org' > >> > Subject: Authentication Bug? > >> > > >> > > >> > > >> > I'm trying to move to Apache 2.2.2 and I'm running into some > >> > authentication troubles. > >> > When I enter the correct username/password it > >> authenticates properly. > >> > When I enter an invalid username, I get prompted up to > >> three > >> > times and it fails with a 401 like expected. My problem > is when I > > >> > attempt to authenticate with a valid username and provide > >> an invalid > >> > password. It fails with a 500 error and this message is in the > >> error > >> > log "[3692] auth_ldap authenticate: user admin authentication > >> failed; > >> > URI / [ldap_simple_bind_s() to check user credentials > >> failed][Invalid > >> > Credentials]". It only prompts me once. If I don't enter the > >> correct > >> > password, it fails for the browser session. > >> > I'm not the only one experiencing this issue, see the > >> thread on the > >> > user list > >> > > >> (http://marc.theaimsgroup.com/?l=apache-httpd-users&m=11491096 > >> 2114624&w= > >> > >> > 2). > >> > Is there something wrong with my configuration? If > >> not, I can open a > >> > bug. In my opinion this would be a pretty serious > regression from > > >> > Apache 2.0.x (hopefully I'm just missing something obvious > >> though). > >> > , > >> > Josh. > >> > > >> > Here's my authentication configuration: > >> > > >> > <AuthnProviderAlias ldap test> > >> > AuthLDAPURL ldap://localhost/ou=people > >> > <ldap://localhost/ou=people> > >> > </AuthnProviderAlias> > >> > > >> > <Location /> > >> > AuthzLDAPAuthoritative off > >> > AuthName "Test" > >> > AuthType Basic > >> > AuthBasicProvider test > >> > require valid-user > >> > </Location > >> > >> > >
