You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/12/02 10:27:35 UTC
DO NOT REPLY [Bug 32426] -
Setting AuthLDAPRemoteUserIsDN breaks require user
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32426>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=32426
dbb@st-andrews.ac.uk changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From dbb@st-andrews.ac.uk 2004-12-02 10:27 -------
Fixed in 2.1 / 2.2
Comments from Brad Nicholes on dev list
The short answer is that it is already fixed in Apache 2.1/2.2.
Unfortunately you have hit on one of the limitations of the Apache 2.0
authentication module structure. The problem is that authorization
types are replicated through multiple authentication modules.
Fortunately this has all been taken care of in Apache 2.1/2.2. For
example, in the Apache 2.1/2.2 version of mod_authnz_ldap, the
authorization types are no longer user, group, etc., they are ldap-user,
ldap-group, etc. You can also mix and match different types of
authorization with authentication. The quick fix for Apache 2.0 is to
set "AuthAuthoritative off" so that if the mod_auth authorization fails,
it will defer to mod_auth_ldap which will work.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org