Re: LDAP logins with non us-ascii characters in passwords fail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 26, 2010 at 12:23 PM, Chris Franks
<chris.franks@xxxxxxxxxxxxxxx> wrote:
> Hi,
>
> We're experiencing problems authenticating users with complex characters (8 bit character outside the us-ascii set e.g. pound-sterling symbol) in their password.
>
> We're running Apache 2.2.3 on UNIX and, for Kerberos, running kinit from the command line authenticates users correctly (including users with complex characters in their password).  Through Apache though using Kerberos or LDAP, we're getting login failures only for this subset of users.  For LDAP authentication, mod_authz_ldap logs:
>
> [Fri Mar 26 14:24:33 2010] [error] [client 128.240.56.105] [10639] bind as CN=user,OU=Users,DC=ncl,DC=ac,DC=uk failed: 49
> [Fri Mar 26 14:24:33 2010] [error] [client 128.240.56.105] [10639] basic LDAP authentication of user 'user' failed
>
> This would suggest that some translation of the password between the basic-auth and the LDAP server is not working.  Because we can use kinit successfully on the command line for Kerberos I'm pretty much ruling out the operating system (CENTOS) and was wondering if anyone has any experience of this kind of problem with Apache?

mod_authnz_ldap has some code that allows Apache to try to guess what
non-utf8 charset the username or password (development branch only I
believe) might have been transmitted in.  See
https://issues.apache.org/bugzilla/show_bug.cgi?id=45318 or
http://httpd.apache.org/docs/2.1/mod/mod_authnz_ldap.html#authldapcharsetconfig


-- 
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux