[users@httpd] LDAP Authentication with mod_authnz_ldap

Fri, 03 Feb 2006 14:23:16 -0800

Hi guys :) I'm running TWiki and using a .htaccess file to control access to files. Basically I'm using mod_authnz_ldap and Basic Authentication to authenticate users with our internal directory server. Here is my .htaccess file: 

SetHandler cgi-script
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://sun-ds.central.sun.com/ou=people,dc=sun,dc=com
AuthzLDAPAuthoritative on
AuthName "Sun LDAP Account"

<FilesMatch "[^/]*\.html$">
                SetHandler blabla
                allow from all
</FilesMatch>

<FilesMatch "configure.*">
                require user "db160517"
</FilesMatch>

<FilesMatch "(attach|edit|manage|rename|save|upload|mail|logon|.*auth).*">
                require valid-user
</FilesMatch>

<FilesMatch ".*">
                allow from all
</FilesMatch>
So basically the problem I'm having is this. LDAP login and auth works, and if you type a non-existant username and password, it asks you again to login, but, sometimes (95% of the time), when you type a /valid/ username and a /invalid/ password a 500 error pops up (no Perl errors appear though, so Apache is sending the 500 and Perl isn't being called).
I've tried to see if it's the type of password being sent - I can't find a pattern or reason for the 500 error. 

Apache simply says:
[Fri Feb 03 15:09:29 2006] [warn] [client 129.146.11.18] [16227] auth_ldap authenticate: user db160517 authentication failed; URI /twiki/bin/edit/Main/WebHome [ldap_simple_bind_s() to check user credentials failed][Invalid credentials], referer: http://usability9.central.sun.com/twiki/bin/view
But that doesn't explain why it would throw a HTTP 500 status to the browser.
The problem is that of course the HTTP auth is then fixed and won't clear easily (restart the whole browser process, or use the web developer extension in firefox...)
Other than that error (and a 500 status in access.log) I have no indication of how to fix this. 

Any help would be appreciated. Thank you :D



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to