I'm running into a problem with mod_ldap on Windows. When I try to
authenticate without passing in a username, I get a 500 server error.
Since the browser doesn't get back a 401, it caches the user's
credentials and I have to restart the browser session in order to
attempt to login again.
This is only happening on Windows, so I'm sure it's a difference (bug?)
in the Microsoft LDAP SDK. Below is a proposed fix on top of Apache
2.2.4. I added the #if APR_HAS_MICROSOFT_LDAPSDK block.
modules/ldap/util_ldap.c (line 933):
/* try do the search */
if ((result = ldap_search_ext_s(ldc->ldap,
(char *)basedn, scope,
(char *)filter, attrs, 0,
NULL, NULL, NULL, -1, &res))
== LDAP_SERVER_DOWN)
{
ldc->reason = "ldap_search_ext_s() for user failed with server
down";
uldap_connection_unbind(ldc);
goto start_over;
}
#if APR_HAS_MICROSOFT_LDAPSDK
if ( result == LDAP_FILTER_ERROR )
{ // no username was supplied, so fail with invalid credentials
/* failure? if so - return */
ldc->reason = "ldap_search_ext_s() to search for user failed";
ldap_msgfree(res);
uldap_connection_unbind(ldc);
return LDAP_INVALID_CREDENTIALS;
}
#endif
/* if there is an error (including LDAP_NO_SUCH_OBJECT) return now
*/
if (result != LDAP_SUCCESS) {
ldc->reason = "ldap_search_ext_s() for user failed";
return result;
}
It would be great if this patch or something with similar affect could
be included in the next Apache 2.2 release. Thanks.
,
Josh.
P.S. I opened bug 41435 for this issue.