[BUG] Apache 2.2 ldap authzn module behaviour wrong
Summary
The LDAP authentication module does not send 403 when user successfully
authenticates to the system but is not authorized to see content.
Steps to reproduce
Configure LDAP authentication. Setup directory with
require ldap-user username
Expected behaviour
After providing correct credentials, a 403 should occur if username
does not match.
What happens
User is given 401, and asked to reauthenticate.
Version and other information
Server version: Apache/2.2.3
Server built: Jun 17 2007 20:24:06
debian_version 4.0
LDAP server is Microsoft Active Directory
AuthzLDAPAuthoritative is On
Aki Tuomi
Reply to: