Bug 45318 - mod_authnz_ldap does not convert passwords to UTF-8
mod_authnz_ldap does not convert passwords to UTF-8
Status: RESOLVED FIXED
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authn_ldap
2.2.9
All All
: P2 minor (vote)
: ---
Assigned To: Apache HTTPD Bugs Mailing List
: FixedInTrunk
: 48017 (view as bug list)
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2008-07-01 10:06 UTC by Johannes Müller
Modified: 2010-10-07 13:33 UTC (History)
3 users (show)



Attachments
Patch to support converting passwords to UTF-8 in mod_authnz_ldap.c (2.00 KB, patch)
2008-07-01 10:06 UTC, Johannes Müller
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Müller 2008-07-01 10:06:51 UTC
Created attachment 22202 [details]
Patch to support converting passwords to UTF-8 in mod_authnz_ldap.c

Hello,

we are using basic authentication against an LDAPv3 server, which talks UTF-8.

The authentication fails, if a user has special characters in his password (like the paragraph character §).
This is 0xA7 in ISO-8859-1 from the client, but should be 0xC2A7 in UTF-8 to the directory server.
This happens with every character, which is not ASCII, because it is a two-byte character then. (First bit is always 0 in UTF-8 for one-byte characters)

mod_authnz_ldap only converts usernames correctly (if given "AuthLDAPCharsetConfig conf/charset.conv"), but not passwords!

I have written a patch against httpd 2.2.9.
See attachments.


========
LOG FILE
========
[Thu Jun 26 18:18:51 2008] [debug] mod_authnz_ldap.c(376): [client 10.192.120.192] [30522] auth_ldap authenticate: using URL ldap://ldap.intranet.mycompany.com:38
9/ou=Users,o=MYCOMPANY,c=de?uid?sub
[Thu Jun 26 18:18:54 2008] [warn] [client 10.192.120.192] [30522] auth_ldap authenticate: user J23259 authentication failed; URI /webhosting/ [ldap_simple_bin
d_s() to check user credentials failed][Invalid credentials]
[Thu Jun 26 18:18:54 2008] [error] [client 10.192.120.192] user J23259: authentication failure for "/webhosting/": Password Mismatch
Comment 1 Eric Covener 2008-07-01 10:14:42 UTC
out of curiousity, what client are you using and does it synch up with
the settings in /docs/conf/charset.conv ?
Comment 2 Johannes Müller 2008-07-01 12:12:29 UTC
(In reply to comment #1)
> out of curiousity, what client are you using and does it synch up with
> the settings in /docs/conf/charset.conv ?
> 

We tried with Internet Explorer 6 and Mozilla Firefox.
The client always sends authentication data in ISO-8859-1.

What do you mean by "synch up with the settings"?
Comment 3 Brad Nicholes 2008-07-01 13:15:30 UTC
Just as a bit of background, when I added the support for UTF-8 user names, I didn't bother with converting the password as well because the Novell LDAP implementation couldn't handle UTF-8 passwords.  I'm not sure about other LDAP implementations but my assumptions is that a UTF-8 password may not work everywhere.
Comment 4 Johannes Müller 2008-07-01 13:42:23 UTC
(In reply to comment #3)
> Just as a bit of background, when I added the support for UTF-8 user names, I
> didn't bother with converting the password as well because the Novell LDAP
> implementation couldn't handle UTF-8 passwords.  I'm not sure about other LDAP
> implementations but my assumptions is that a UTF-8 password may not work
> everywhere.
> 

We use Novell eDirectory AFAIK.
Anyway, if an LDAP implementation cannot handle UTF-8 passwords it would be alright, because in this case you wouldn't have to convert anything would you?
Comment 5 Stefan Fritsch 2010-01-24 13:53:27 UTC
fixed in trunk in r902654
Comment 6 Stefan Fritsch 2010-08-18 15:46:35 UTC
*** Bug 48017 has been marked as a duplicate of this bug. ***
Comment 7 Stefan Fritsch 2010-10-07 13:31:49 UTC
backported in r1005537, will be in 2.2.17
Comment 8 William A. Rowe Jr. 2010-10-07 13:33:07 UTC
Backported to 2.2.17