httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk van Deun <dvand...@wilma.vub.ac.be>
Subject Re: [users@httpd] AuthLDAPInitialBindAsUser etc.
Date Tue, 09 May 2017 09:22:20 GMT
> 
> On Mon, May 8, 2017 at 10:37 AM, Dirk van Deun <dvandeun@wilma.vub.ac.be> wrote:
> >>
> >> Are you able to recompile?
> >>
> >> untested: http://people.apache.org/~covener/patches/2.4.x-bindpw_empty.diff
> >>
> >> you would not specify the directive in your case
> >>
> >
> > That fixes it.  If there is no other way around this, it would indeed
> > seem to be a bug.
> 
> 
> I can't really think of any feasible workaround to intercept that and
> replace the password.
> 
> If you're able, can you confirm s/AUTH_USER_NOT_FOUND/AUTH_DENIED/
> works too?  Probably more appropriate.
> 

That is okay: no visible difference for the user.

By the way, do you think there is actually a good use case for
AuthLDAPInitialBindAsUserAllowEmptyPassword ?  It amounts to allowing
users to implement their own passwordless bind, presumably for
servers that are secured not to allow anonymous bind, or else you
would use anonymous bind in the first place...

Dirk van Deun
-- 
Ceterum censeo Redmond delendum

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message