Re: [users@httpd] AuthBasicProvider ldap dbd not failing through

Thu, 24 Jan 2008 12:14:35 -0800 

Hi!
Only the 1st provider hits and returns "user not found" or "password mismatch". The 2nd provider is never seen. I had expected to see some type of error related to the 2nd provider. In the case where I use "AuthBasicProvider ldap dbd" & provide a valid ldap user:password the logs show ldap correctly authenticating/authorizing. When I provide a valid mysql only user:password, the logs show that ldap fails but no other action is taken. 


When the arguments are reversed, and a valid mysql user:password is 
presented the logs shows a hit with mysql correctly authenticating. But 
when I provide an ldap only user:password the logs show mysql correctly 
rejecting the user but no ldap activity.


Regards,
-bill



Eric Covener wrote:

On Jan 24, 2008 2:22 PM, paredes <[EMAIL PROTECTED]> wrote:

  

Greetings!

I've successfully built apache2.2.8 with all the appropriate modules
[mod_authn*, mod_authz*, mod_dbd*, mod_ldap* etc etc] for ldap & mysql
support. An ldap [valid-user] protected area works fine. A mysql
[valid-user] protected area works fine. A mysql [require-dbd-group]
group protected area works fine.

However,  when I use the "AuthBasicProvider ldap dbd" directive to
protect an area with ldap "failing through" to mysql the fall through
never occurs. Authentication / authorization seemingly gets "stuck" on
the first AuthBasicProvider argument. The 2nd argument is always ignored.

    


When you're testing the two AuthBasicProvider's, are they both hitting
their respective "user not found" case?

For LDAP, this is normally not being able to convert the basic auth
username into a DN on the LDAP server.

If for some reason your testcase has some kind of later authn failure,
it might result in the modules telling mod_auth_basic "yes, i'm
supposed to handle this but it's a bad userid".


  



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to