On Fri, Mar 26, 2010 at 12:23 PM, Chris Franks <chris.fra...@newcastle.ac.uk> wrote: > Hi, > > We're experiencing problems authenticating users with complex characters (8 > bit character outside the us-ascii set e.g. pound-sterling symbol) in their > password. > > We're running Apache 2.2.3 on UNIX and, for Kerberos, running kinit from the > command line authenticates users correctly (including users with complex > characters in their password). Through Apache though using Kerberos or LDAP, > we're getting login failures only for this subset of users. For LDAP > authentication, mod_authz_ldap logs: > > [Fri Mar 26 14:24:33 2010] [error] [client 128.240.56.105] [10639] bind as > CN=user,OU=Users,DC=ncl,DC=ac,DC=uk failed: 49 > [Fri Mar 26 14:24:33 2010] [error] [client 128.240.56.105] [10639] basic LDAP > authentication of user 'user' failed > > This would suggest that some translation of the password between the > basic-auth and the LDAP server is not working. Because we can use kinit > successfully on the command line for Kerberos I'm pretty much ruling out the > operating system (CENTOS) and was wondering if anyone has any experience of > this kind of problem with Apache?
mod_authnz_ldap has some code that allows Apache to try to guess what non-utf8 charset the username or password (development branch only I believe) might have been transmitted in. See https://issues.apache.org/bugzilla/show_bug.cgi?id=45318 or http://httpd.apache.org/docs/2.1/mod/mod_authnz_ldap.html#authldapcharsetconfig -- Eric Covener cove...@gmail.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
