When authenticating with an existing user against LDAP, supplying a wrong password, an internal server error is generated immediatly. If the user does not exists, the user is challenged again (correct behaviour). If the user exists and the supplied password is correct, the user will be authenticated, and authorized (correct behaviour). The LDAP Server is Novell NDS
Also happens on httpd built on Win32 authenticating against openldap using patch from bug 37814
I don't have a Solaris box to test with, but given the description of the problem, everything works as expected on Suse Linux 10 against a Novell NDS ldap server. Can you provide more information such as your auth_ldap configuration and any error messages in the error_log with LogLevel set to DEBUG.
(In reply to comment #2) > I don't have a Solaris box to test with, but given the description of the > problem, everything works as expected on Suse Linux 10 against a Novell NDS > ldap server. Can you provide more information such as your auth_ldap > configuration and any error messages in the error_log with LogLevel set to > DEBUG. Here it comes. Debug does not show anything interesting: [Wed Mar 15 12:55:32 2006] [info] Initial (No.1) HTTPS request received for child 5 (server host.domain:443) [Wed Mar 15 12:55:32 2006] [debug] mod_authnz_ldap.c(373): [client 169.xx.xx.x] [20006] auth_ldap authenticate: using URL ldap://nds-ldap1.domain:389/ o=Organisation?uid, referer: https://host.domain/menu.html [Wed Mar 15 12:55:35 2006] [warn] [client 169.xx.xx.xx] [20006] auth_ldap authenticate: user username authentication failed; URI /PATH/ [ldap_simple_bind_s() to check user credentials failed][Invalid credentials], referer: https://host.domain/menu.html [Wed Mar 15 12:55:35 2006] [info] [client 169.xx.xx.xx] Connection closed to child 5 with unclean shutdown (server host.domain:443) Directive: <Location /PATH> AuthType Basic AuthName "host.domain" AuthBasicProvider ldap AuthLDAPURL ldap://nds-ldap1.domain:389/o=Organisation?uid require ldap-attribute ou=4314 Options Indexes IndexOptions FancyIndexing IndexStyleSheet "/css/font.css" Order allow,deny Allow from all </Location>
I tried to match your configuration as close as possible, but I am still not seeing a problem. Everything seems to work as expected.
I am experiencing the same problem. System is Fedora Core 4; Apache HTTP Server 2.0.54; Against OpenLDAP 2.2.29 mod_authz_ldap Directive is as follows: <Directory /some/path/ > Options None AuthType Basic AuthName "Authentication" AuthzLDAPMethod ldap AuthzLDAPServer ldap.example.com AuthzLDAPUserBase ou=People,dc=example,dc=com AuthzLDAPUserKey uid AuthzLDAPUserScope subtree AuthzLDAPAuthoritative off require valid-user </Directory>
This seems to work now, as I am using httpd Version 2.2.2 with the Novell CLDAP SDK linked to it.
The OP says it works for him in the latest comment, and it's ancient. If there's a bug now, it needs clarifying in the light of comment 6.
On Debian with LDAPS problem exists, 2.2.9-10+lenny6.