DO NOT REPLY [Bug 47521] mod_auth fails to continue when mod_authnz_ldap fails to contact a server

[bu...@apache.org]

https://issues.apache.org/bugzilla/show_bug.cgi?id=47521

--- Comment #5 from Maxim Khitrov <mk...@gmail.com> 2009-11-20 07:59:44 UTC ---
(In reply to comment #4)
> (In reply to comment #3)
> > It was my understanding that mod_authn_alias would try each authentication
> > method in order until a username match was found.  It would seem to me that
> > failing to connect to an LDAP server would imply that a username could not be
> > found.
> 
> It was intended to continue looking after a failed authentication.  A service
> down condition wasn't ever really considered.  Basically it comes down to
> whether or not "service down" == "failed authentication".  I can certainly see
> a case for it.

I just ran into this problem. In my case, I have two domain controllers and
would like mod_authn_alias to try the second controller if it isn't able to
contact the first.

In this setup, the user database on both servers is identical, so "service
down" is really the only condition in which I would expect the next
authentication method to be attempted. As it stands, if the first server is
down a connection to the second isn't made.

Perhaps it is worth adding some sort of on-error directive (or another
parameter to AuthBasicProvider) that would specify how error conditions other
than "failed authentication" should be handled with a choice of "break" and
"continue".

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org