[Auth_ldap] User not given a second chance if username is mistyped
Rob See
rob at rsee.net
Thu Jul 12 21:32:00 PDT 2001
Hi,
I started testing out auth_ldap and discovered a problem that manifested
itself when a user attempted to authenticate with a username that wasn't
found in the ldap directory. The user wasn't given a second chance to
authenticate, but was just presented with an authorization required
message. The only way to enter the information again was to close down the
browser completely and open it. My server is running with auth ldap as
authoritative with nothing passing off to auth_ldap either. The message I
was getting in the error log was Search must return exactly 1 entry; found
0 entries for search (&(objectclass=*)(cn=)): URI /. I was able to fix this
problem by adding an ap_note_basic_auth_failure(r) to line 614 of
auth_ldap.c. I don't know if this is the correct way to fix the problem,
but it seems to work for me.
I also had the problem with the LDAP URL not being able to be parsed. I am
using the latest version of both apache and openldap. I was able to resolve
the problem by loading auth_ldap before php in the module list, or just
commenting out the php module completely. I know that they are both linked
against the same versions of openldap, so I'm really not sure what the
problem is. I am using both auth_ldap and php as DSOs.
Thanks,
-Rob
More information about the Auth_ldap
mailing list