DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=44080>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44080 Summary: Authentication checks fail when using multiple AuthBasicProvided methods Product: Apache httpd-2 Version: 2.2.3 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: mod_auth AssignedTo: bugs@httpd.apache.org ReportedBy: [EMAIL PROTECTED] I have an Apache 2.2.3 installation being used in conjunction with subversion 1.4.2 for the purpose of setting up a code repository. Originally, the repository paths were protected with the following directives using mod_authz_ldap, under a <Location> block. AuthName "repository" AuthBasicProvider ldap AuthLDAPUrl ldap://ad001.ibsys.com:3268/dc=ibsys,dc=com?sAMAccountName AuthLDAPBindDN (obscured, but works) AuthLDAPBindPassword (obscured, but works) require ldap-group cn=svnadmin,OU=Distribution Lists,OU=IB,DC=ibsys,DC=com That configuration worked fine for months. Later on, we wanted to integrate a 3rd party tool to provide metrics and reporting on our subversion repository. We decided that using a local account directly on the subversion server was more secure, and it prevented the possibility of the account being accidentally deleted from a directory administrator. So, I made the following changes to the configuration: AuthName "repository" AuthBasicProvider ldap files AuthLDAPUrl ldap://ad001.ibsys.com:3268/dc=ibsys,dc=com?sAMAccountName AuthLDAPBindDN (obscured, but works) AuthLDAPBindPassword (obscured, but works) require ldap-group cn=svnadmin,OU=Distribution Lists,OU=IB,DC=ibsys,DC=com AuthzLDAPAuthoritative off AuthUserFile /etc/httpd/conf/htpasswd.svn Require user svnview There's a one line htpasswd file with the proper userid and password. The config file passed the tests, and the local user and the ldap group was able to authenticate. However, it turned out that every LDAP authentication attempt passed. Is this a bug, or is there a different way to write this authentication fallback to accomplish what I need. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
