On Fri, May 9, 2008 at 5:12 PM, Eric Covener <covener@xxxxxxxxx> wrote: > On Fri, May 9, 2008 at 3:51 PM, Fred Day <ayeryier@xxxxxxxxx> wrote: > >> click "OK" without entering anything for id and password ... if someone does >> that, the get back an "Internal Server Error" rather than an "Authorization >> Required". Note this does not happen on our apache 1.3 server also running >> on linux. >> The error in the error logs is basically: >> >> [Fri May 09 10:21:25 2008] [warn] [client 10.10.10.10] [14460] auth_ldap >> authenticate: user authentication failed; URI >> /pubdir1/privdir1/dir/page1.pdf [ldap_search_ext_s() for user >> failed][Constraint violation], referer: >> http://www.mysite.com/humanresources/forms.html >> > > Looks like a bug, there's a special case for empty username but it > seems like it's not doing the right test. Do you know what LDAP SDK your server is linked with? With LogLevel debug it should be reported at startup. With the version I'm using, the LDAP client is okay with searching for a filter value of "cn=" but yours apparently treats it as an illegal filter. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|