You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2008/07/01 19:06:53 UTC
DO NOT REPLY [Bug 45318] New: mod_authnz_ldap does not convert
passwords to UTF-8
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318
Summary: mod_authnz_ldap does not convert passwords to UTF-8
Product: Apache httpd-2
Version: 2.2.9
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: mod_authn_ldap
AssignedTo: bugs@httpd.apache.org
ReportedBy: joh_m@gmx.de
Created an attachment (id=22202)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22202)
Patch to support converting passwords to UTF-8 in mod_authnz_ldap.c
Hello,
we are using basic authentication against an LDAPv3 server, which talks UTF-8.
The authentication fails, if a user has special characters in his password
(like the paragraph character §).
This is 0xA7 in ISO-8859-1 from the client, but should be 0xC2A7 in UTF-8 to
the directory server.
This happens with every character, which is not ASCII, because it is a two-byte
character then. (First bit is always 0 in UTF-8 for one-byte characters)
mod_authnz_ldap only converts usernames correctly (if given
"AuthLDAPCharsetConfig conf/charset.conv"), but not passwords!
I have written a patch against httpd 2.2.9.
See attachments.
========
LOG FILE
========
[Thu Jun 26 18:18:51 2008] [debug] mod_authnz_ldap.c(376): [client
10.192.120.192] [30522] auth_ldap authenticate: using URL
ldap://ldap.intranet.mycompany.com:38
9/ou=Users,o=MYCOMPANY,c=de?uid?sub
[Thu Jun 26 18:18:54 2008] [warn] [client 10.192.120.192] [30522] auth_ldap
authenticate: user J23259 authentication failed; URI /webhosting/
[ldap_simple_bin
d_s() to check user credentials failed][Invalid credentials]
[Thu Jun 26 18:18:54 2008] [error] [client 10.192.120.192] user J23259:
authentication failure for "/webhosting/": Password Mismatch
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45318] mod_authnz_ldap does not convert passwords
to UTF-8
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318
Stefan Fritsch <sf...@sfritsch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
--- Comment #5 from Stefan Fritsch <sf...@sfritsch.de> 2010-01-24 13:53:27 UTC ---
fixed in trunk in r902654
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45318] mod_authnz_ldap does not convert passwords
to UTF-8
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318
Stefan Fritsch <sf...@sfritsch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #7 from Stefan Fritsch <sf...@sfritsch.de> 2010-10-07 13:31:49 EDT ---
backported in r1005537, will be in 2.2.17
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45318] mod_authnz_ldap does not convert passwords
to UTF-8
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318
Stefan Fritsch <sf...@sfritsch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |apache-bugs@jensthebrain.de
--- Comment #6 from Stefan Fritsch <sf...@sfritsch.de> 2010-08-18 15:46:35 EDT ---
*** Bug 48017 has been marked as a duplicate of this bug. ***
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45318] mod_authnz_ldap does not convert passwords
to UTF-8
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318
--- Comment #8 from William A. Rowe Jr. <wr...@apache.org> 2010-10-07 13:33:07 EDT ---
Backported to 2.2.17
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45318] mod_authnz_ldap does not convert passwords
to UTF-8
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318
--- Comment #4 from Johannes Müller <jo...@gmx.de> 2008-07-01 13:42:23 PST ---
(In reply to comment #3)
> Just as a bit of background, when I added the support for UTF-8 user names, I
> didn't bother with converting the password as well because the Novell LDAP
> implementation couldn't handle UTF-8 passwords. I'm not sure about other LDAP
> implementations but my assumptions is that a UTF-8 password may not work
> everywhere.
>
We use Novell eDirectory AFAIK.
Anyway, if an LDAP implementation cannot handle UTF-8 passwords it would be
alright, because in this case you wouldn't have to convert anything would you?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45318] mod_authnz_ldap does not convert passwords
to UTF-8
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318
--- Comment #1 from Eric Covener <co...@gmail.com> 2008-07-01 10:14:42 PST ---
out of curiousity, what client are you using and does it synch up with
the settings in /docs/conf/charset.conv ?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45318] mod_authnz_ldap does not convert passwords
to UTF-8
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318
Paul J. Reder <re...@remulak.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rederpj@remulak.net
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45318] mod_authnz_ldap does not convert passwords
to UTF-8
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318
--- Comment #2 from Johannes Müller <jo...@gmx.de> 2008-07-01 12:12:29 PST ---
(In reply to comment #1)
> out of curiousity, what client are you using and does it synch up with
> the settings in /docs/conf/charset.conv ?
>
We tried with Internet Explorer 6 and Mozilla Firefox.
The client always sends authentication data in ISO-8859-1.
What do you mean by "synch up with the settings"?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45318] mod_authnz_ldap does not convert passwords
to UTF-8
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |covener@gmail.com
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45318] mod_authnz_ldap does not convert passwords
to UTF-8
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318
--- Comment #3 from Brad Nicholes <bn...@apache.org> 2008-07-01 13:15:30 PST ---
Just as a bit of background, when I added the support for UTF-8 user names, I
didn't bother with converting the password as well because the Novell LDAP
implementation couldn't handle UTF-8 passwords. I'm not sure about other LDAP
implementations but my assumptions is that a UTF-8 password may not work
everywhere.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org