You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/06/08 09:49:57 UTC
DO NOT REPLY [Bug 39756] New: - require valid-user fails with a valid login
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39756>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39756
Summary: require valid-user fails with a valid login
Product: Apache httpd-2
Version: 2.2.2
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_auth_ldap
AssignedTo: bugs@httpd.apache.org
ReportedBy: cullin@emaildatasource.com
After successfully authenticating with a valid LDAP user account the "require
valid-user" directive fails to authenticate the user.
The issues appears to be located in the method authz_ldap_check_user_access
and related to the variable method_restricted being set to 1. This variable is
set to 1 when the requirements loop has at least one element and as far as I
can tell the "require valid-user" counts as an item for this loop, which is
causing the method_restricted to be set to 1 when it shouldn't.
Ideally the requirements loop shouldn't be executed at all of a require valid-
user is specified. (Not sure how this effects a Satisfy Any directive as well).
As a work around, I suggest using the "require ldap-group" directive and place
all users in one group. Alternatively you could use the "require ldap-filter"
and specify a wild-card, which will cause this method to return true.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39756] - require valid-user fails with a valid login
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39756>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39756
bnicholes@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From bnicholes@apache.org 2006-08-09 14:21 -------
"require valid_user" is not handled by mod_authnz_ldap. It is handled by
mod_authz_user. If AuthzLDAPAuthoritative is not set to off, mod_authnz_ldap
will try to handle valid_user, discover that it can't and since it is
authoritative, it will fail the request. Turn off AuthzLDAPAuthoritative to
allow mod_authz_user to handle the authorization.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39756] - require valid-user fails with a valid login
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39756>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39756
------- Additional Comments From Florian.Dufour@inrialpes.fr 2006-08-09 06:10 -------
"require valid-user" with ldap auth works for me (Apache 2.2.3 and OpenLDAP).
Maybe you forgot to set the AuthzLDAPAuthoritative directive to off (as said in
the docs : http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#reqvaliduser) ?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org