You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "Fenlason, Josh" <jf...@ptc.com> on 2006/06/02 17:07:28 UTC

Authentication Bug?

I'm trying to move to Apache 2.2.2 and I'm running into some
authentication troubles.  
When I enter the correct username/password it authenticates properly.
When I enter an invalid username, I get prompted up to three times and
it fails with a 401 like expected.  My problem is when I attempt to
authenticate with a valid username and provide an invalid password.  It
fails with a 500 error and this message is in the error log "[3692]
auth_ldap authenticate: user admin authentication failed; URI /
[ldap_simple_bind_s() to check user credentials failed][Invalid
Credentials]".  It only prompts me once.  If I don't enter the correct
password, it fails for the browser session.  
I'm not the only one experiencing this issue, see the thread on the user
list
(http://marc.theaimsgroup.com/?l=apache-httpd-users&m=114910962114624&w=
2).  
Is there something wrong with my configuration?  If not, I can open a
bug.  In my opinion this would be a pretty serious regression from
Apache 2.0.x (hopefully I'm just missing something obvious though).
,
Josh.
 
Here's my authentication configuration:
 
    <AuthnProviderAlias ldap test>
      AuthLDAPURL ldap://localhost/ou=people
<ldap://localhost/ou=people> 
    </AuthnProviderAlias>
 
    <Location />
      AuthzLDAPAuthoritative off
      AuthName "Test"
      AuthType Basic
      AuthBasicProvider test
      require valid-user
    </Location>