You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2014/04/17 13:12:33 UTC
[Bug 56422] New: authnz_ldap with other forms of authn can fail
request w/o Authoritative=OFF
https://issues.apache.org/bugzilla/show_bug.cgi?id=56422
Bug ID: 56422
Summary: authnz_ldap with other forms of authn can fail request
w/o Authoritative=OFF
Product: Apache httpd-2
Version: 2.2.27
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_authnz_ldap
Assignee: bugs@httpd.apache.org
Reporter: covener@gmail.com
in 2.2, authnz_ldap needs to pre-scan the list of requires to avoid failing the
request if authzldapauthoritative has not been set. Otherwise, on a config
section where it's configured for some enclosing scope, it blows up if it is
loaded but cannot find the DN
if(!req) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"ldap authorize: Creating LDAP req structure");
/* Build the username filter */
authn_ldap_build_filter(filtbuf, r, r->user, NULL, sec);
/* Search for the user DN */
result = util_ldap_cache_getuserdn(r, ldc, sec->url, sec->basedn,
sec->scope, sec->attributes, filtbuf, &dn, &vals);
/* Search failed, log error and return failure */
if(result != LDAP_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"auth_ldap authorise: User DN not found, %s", ldc->reason);
return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
}
n/a to 2.4 since it won't get called w/o its own Require directives.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org