[BUG] Apache 2.2 ldap authzn module behaviour wrong

To: Debian Apache Maintainers <debian-apache@lists.debian.org>
Subject: [BUG] Apache 2.2 ldap authzn module behaviour wrong
From: Aki Tuomi <cmouse@youzen.ext.b2.fi>
Date: Thu, 29 Nov 2007 14:44:49 +0200
Message-id: <[🔎] 20071129124448.GA12675@pi.ip.fi>

Summary
 The LDAP authentication module does not send 403 when user successfully
authenticates to the system but is not authorized to see content. 

Steps to reproduce
 Configure LDAP authentication. Setup directory with 
  require ldap-user username

Expected behaviour
 After providing correct credentials, a 403 should occur if username
does not match. 

What happens
 User is given 401, and asked to reauthenticate.

Version and other information
 Server version: Apache/2.2.3
 Server built:   Jun 17 2007 20:24:06
 
 debian_version  4.0

 LDAP server is Microsoft Active Directory
 AuthzLDAPAuthoritative is On

Aki Tuomi

Reply to:

Prev by Date: Essa vc tem que ver!!!!debian-apache@lists.debian.org
Next by Date: Bug#191237: It's Natalia.
Previous by thread: Essa vc tem que ver!!!!debian-apache@lists.debian.org
Next by thread: Bug#191237: It's Natalia.
Index(es):
- Date
- Thread