|Summary:||Existing User, wrong password generates internal error|
|Product:||Apache httpd-2||Reporter:||Mika Borner <mika.borner>|
|Component:||mod_authz_ldap||Assignee:||Apache HTTPD Bugs Mailing List <bugs>|
Description Mika Borner 2006-02-27 08:31:20 UTC
When authenticating with an existing user against LDAP, supplying a wrong password, an internal server error is generated immediatly. If the user does not exists, the user is challenged again (correct behaviour). If the user exists and the supplied password is correct, the user will be authenticated, and authorized (correct behaviour). The LDAP Server is Novell NDS
Comment 1 John P. Petrakis 2006-03-05 02:17:06 UTC
Also happens on httpd built on Win32 authenticating against openldap using patch from bug 37814
Comment 2 Brad Nicholes 2006-03-06 16:52:46 UTC
I don't have a Solaris box to test with, but given the description of the problem, everything works as expected on Suse Linux 10 against a Novell NDS ldap server. Can you provide more information such as your auth_ldap configuration and any error messages in the error_log with LogLevel set to DEBUG.
Comment 3 Mika Borner 2006-03-15 12:06:27 UTC
(In reply to comment #2) > I don't have a Solaris box to test with, but given the description of the > problem, everything works as expected on Suse Linux 10 against a Novell NDS > ldap server. Can you provide more information such as your auth_ldap > configuration and any error messages in the error_log with LogLevel set to > DEBUG. Here it comes. Debug does not show anything interesting: [Wed Mar 15 12:55:32 2006] [info] Initial (No.1) HTTPS request received for child 5 (server host.domain:443) [Wed Mar 15 12:55:32 2006] [debug] mod_authnz_ldap.c(373): [client 169.xx.xx.x]  auth_ldap authenticate: using URL ldap://nds-ldap1.domain:389/ o=Organisation?uid, referer: https://host.domain/menu.html [Wed Mar 15 12:55:35 2006] [warn] [client 169.xx.xx.xx]  auth_ldap authenticate: user username authentication failed; URI /PATH/ [ldap_simple_bind_s() to check user credentials failed][Invalid credentials], referer: https://host.domain/menu.html [Wed Mar 15 12:55:35 2006] [info] [client 169.xx.xx.xx] Connection closed to child 5 with unclean shutdown (server host.domain:443) Directive: <Location /PATH> AuthType Basic AuthName "host.domain" AuthBasicProvider ldap AuthLDAPURL ldap://nds-ldap1.domain:389/o=Organisation?uid require ldap-attribute ou=4314 Options Indexes IndexOptions FancyIndexing IndexStyleSheet "/css/font.css" Order allow,deny Allow from all </Location>
Comment 4 Brad Nicholes 2006-03-15 15:59:48 UTC
I tried to match your configuration as close as possible, but I am still not seeing a problem. Everything seems to work as expected.
Comment 5 Mick 2006-05-23 17:31:19 UTC
I am experiencing the same problem. System is Fedora Core 4; Apache HTTP Server 2.0.54; Against OpenLDAP 2.2.29 mod_authz_ldap Directive is as follows: <Directory /some/path/ > Options None AuthType Basic AuthName "Authentication" AuthzLDAPMethod ldap AuthzLDAPServer ldap.example.com AuthzLDAPUserBase ou=People,dc=example,dc=com AuthzLDAPUserKey uid AuthzLDAPUserScope subtree AuthzLDAPAuthoritative off require valid-user </Directory>
Comment 6 Mika Borner 2006-05-31 05:36:19 UTC
This seems to work now, as I am using httpd Version 2.2.2 with the Novell CLDAP SDK linked to it.
Comment 7 Nick Kew 2009-11-15 16:25:55 UTC
The OP says it works for him in the latest comment, and it's ancient. If there's a bug now, it needs clarifying in the light of comment 6.
Comment 8 margus 2010-02-25 09:49:14 UTC
On Debian with LDAPS problem exists, 2.2.9-10+lenny6.