You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/03/03 16:33:24 UTC

DO NOT REPLY [Bug 17599] New: - auth ldap binds as user and loses access rights

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17599>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17599

auth ldap binds as user and loses access rights

           Summary: auth ldap binds as user and loses access rights
           Product: Apache httpd-2.0
           Version: HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_auth_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: sebastian.tusk@gmx.net


On a new connection to a ldap server auth_ldap binds as admin with the binddn
and bindpassword given in the apache configuration file. With this binding the
first user is authenticated. The authentication process binds this user to the
ldap connection. The problem herein is that subsequent authentications are done
with the access rights of the user and not as admin. If the users doesn't have
the right to read from the ldap server, the user search done during the
authentication process fails and so the entire authentication.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org