Summary: | mod_authnz_ldap does not convert passwords to UTF-8 | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Johannes Müller <joh_m> |
Component: | mod_authn_ldap | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | apache-bugs, covener, rederpj |
Priority: | P2 | Keywords: | FixedInTrunk |
Version: | 2.2.9 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: | Patch to support converting passwords to UTF-8 in mod_authnz_ldap.c |
out of curiousity, what client are you using and does it synch up with the settings in /docs/conf/charset.conv ? (In reply to comment #1) > out of curiousity, what client are you using and does it synch up with > the settings in /docs/conf/charset.conv ? > We tried with Internet Explorer 6 and Mozilla Firefox. The client always sends authentication data in ISO-8859-1. What do you mean by "synch up with the settings"? Just as a bit of background, when I added the support for UTF-8 user names, I didn't bother with converting the password as well because the Novell LDAP implementation couldn't handle UTF-8 passwords. I'm not sure about other LDAP implementations but my assumptions is that a UTF-8 password may not work everywhere. (In reply to comment #3) > Just as a bit of background, when I added the support for UTF-8 user names, I > didn't bother with converting the password as well because the Novell LDAP > implementation couldn't handle UTF-8 passwords. I'm not sure about other LDAP > implementations but my assumptions is that a UTF-8 password may not work > everywhere. > We use Novell eDirectory AFAIK. Anyway, if an LDAP implementation cannot handle UTF-8 passwords it would be alright, because in this case you wouldn't have to convert anything would you? *** Bug 48017 has been marked as a duplicate of this bug. *** Backported to 2.2.17 |
Created attachment 22202 [details] Patch to support converting passwords to UTF-8 in mod_authnz_ldap.c Hello, we are using basic authentication against an LDAPv3 server, which talks UTF-8. The authentication fails, if a user has special characters in his password (like the paragraph character §). This is 0xA7 in ISO-8859-1 from the client, but should be 0xC2A7 in UTF-8 to the directory server. This happens with every character, which is not ASCII, because it is a two-byte character then. (First bit is always 0 in UTF-8 for one-byte characters) mod_authnz_ldap only converts usernames correctly (if given "AuthLDAPCharsetConfig conf/charset.conv"), but not passwords! I have written a patch against httpd 2.2.9. See attachments. ======== LOG FILE ======== [Thu Jun 26 18:18:51 2008] [debug] mod_authnz_ldap.c(376): [client 10.192.120.192] [30522] auth_ldap authenticate: using URL ldap://ldap.intranet.mycompany.com:38 9/ou=Users,o=MYCOMPANY,c=de?uid?sub [Thu Jun 26 18:18:54 2008] [warn] [client 10.192.120.192] [30522] auth_ldap authenticate: user J23259 authentication failed; URI /webhosting/ [ldap_simple_bin d_s() to check user credentials failed][Invalid credentials] [Thu Jun 26 18:18:54 2008] [error] [client 10.192.120.192] user J23259: authentication failure for "/webhosting/": Password Mismatch