tags:

views:

20

answers:

1

I just got Apache/LDAP authentication working (almost) on a new SLES 10 server.

When I visit one of the protected areas on my website I get the Apache Authentication pop-up window where I can LDAP authenticate to gain access to the protected folder.

But I'm getting wierd behaviour.

If I type in a valid user but the incorrect password, it lets me retry authentication.

If I type in a non-valid user (like 'aldfklsf' or even leave the username field blank) then I get an error 500 page and do not get the opportunity to retry authentication.

I have cache disabled... Try to refresh the page to get the Apache authentication window to come back and it doesn't. I just keep getting the error 500 page. Looking in the Apache error logs it says: user aldfklsf not found, every time I refresh the page. It's like it's hanging on to that username.

Is there some setting in Apache that will allow me to attempt to authenticate again?

Here's the entirety of the conf file that is protecting the directory:

<Directory "/media/nss/VOL1/ProtectedDir">
  Options Indexes Multiviews
  AllowOverride None
  Order deny,allow
  Allow from all
  AuthType Basic
  AuthName "Protected"
  Require valid-user
  AuthBasicAuthoritative Off
  AuthzLDAPAuthoritative Off
  AuthBasicProvider ldap 
  AuthLDAPURL ldap://10.20.32.3/o=wlwv?uid?sub
</Directory>

An update. I found this in the Apache documentation:

Under normal circumstances, the Apache access control modules will pass unrecognized user IDs on to the next access control module in line. Only if the user ID is recognized and the password is validated (or not) will it give the usual success or "authentication failed" messages.

This seems to be the answer. Unfortunately I do not understand Apache enough to take the information from that page and implement it so that it works correctly.

Can anyone help?

A: 

Ok, got it figured out. Here is the simple solution in case anyone else has this issue.

Changing:

AuthBasicAuthoritative Off

to

AuthBasicAuthoritative On

was all it took.

Dan Whitinger