Eric Covener wrote:
A simple test would be : what if you try a userid that does not exist in the LDAP server ? what happens then ?On Tue, Oct 21, 2008 at 1:58 PM, Rodney Ramos <rodneyra@xxxxxxxxx> wrote:Hi, Eric. Thank you for your answers. I´ve tried to do what you said, setting the directive AuthBasicProvider as below: AuthBasicProvider ldap file But the problem is the same. Apache doen´t check the flat file, as you can see in the log below:ldap://ldapserver:3268/dc=domain,dc=com?cn, referer: http://webserver [Tue Oct 21 15:49:38 2008] [warn] [client 10.10.10.10] [5053] auth_ldap authenticate: user admin authentication failed; URI /std/cgi-bin/login.cgi [ldap_simple_bind_s() to check user credentials failed][Invalid credentials], referer: http://webserver [Tue Oct 21 15:49:38 2008] [error] [client 10.10.10.10] user admin: authentication failure for "/std/cgi-bin/login.cgi": Password Mismatch, referer: http://webserver =================================================================Generally, the auth providers only let someone else take a shot when they can't lookup the username they're trying to authenticate. Contrast with this case, where LDAP thinks it's supposed to handle it because the user is found in LDAP but their password doesn't match. I don't think you can try another type of auth in this case.
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|