Re: AuthBasicProvider ldap dbd not failing through

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!
Only the 1st provider hits and returns "user not found" or "password mismatch". The 2nd provider is never seen. I had expected to see some type of error related to the 2nd provider. In the case where I use "AuthBasicProvider ldap dbd" & provide a valid ldap user:password the logs show ldap correctly authenticating/authorizing. When I provide a valid mysql only user:password, the logs show that ldap fails but no other action is taken.
When the arguments are reversed, and a valid mysql user:password is presented the logs shows a hit with mysql correctly authenticating. But when I provide an ldap only user:password the logs show mysql correctly rejecting the user but no ldap activity. 

Regards,
-bill



Eric Covener wrote:

On Jan 24, 2008 2:22 PM, paredes <paredes@xxxxxxxxxxxx> wrote:

Greetings!

I've successfully built apache2.2.8 with all the appropriate modules
[mod_authn*, mod_authz*, mod_dbd*, mod_ldap* etc etc] for ldap & mysql
support. An ldap [valid-user] protected area works fine. A mysql
[valid-user] protected area works fine. A mysql [require-dbd-group]
group protected area works fine.

However,  when I use the "AuthBasicProvider ldap dbd" directive to
protect an area with ldap "failing through" to mysql the fall through
never occurs. Authentication / authorization seemingly gets "stuck" on
the first AuthBasicProvider argument. The 2nd argument is always ignored.


When you're testing the two AuthBasicProvider's, are they both hitting
their respective "user not found" case?

For LDAP, this is normally not being able to convert the basic auth
username into a DN on the LDAP server.

If for some reason your testcase has some kind of later authn failure,
it might result in the modules telling mod_auth_basic "yes, i'm
supposed to handle this but it's a bad userid".




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux