On Wed, May 4, 2016 at 11:39 AM, o haya <oh...@yahoo.com.invalid> wrote: > Looking at the Apache logs, what we see when this fails is: > > mod_authz_core: AH01626: authorization result of Require valid-user : denied > (no authenticated user yet) then > mod_authz_core: AH01626: authorization result of <RequireAny>: denied (no > authenticated user yet) then > ssl: AH02036: Faking HTTP Basic Auth header: "Authorization: Basic > xxxxxxxxxxxxx" > > From the logging (as above), it seems like mod_authz_core is denying the > authentication (because there is no authenticated user yet) BEFORE the Basic > Auth "Faking" occurs, and thus, BEFORE the LDAP authentication occurs. > > Does anyone know if this interpretation of what is happening correct?
I don't think the interpretation is entirely right. It clearly didn't stop processing. authz_core checks for some kind of userless access control methods early, like "require ip". -- Eric Covener cove...@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
