[pkg-lighttpd] Bug#419661: lighttpd: first HTTP authentication
against LDAP fails: Bad search filter
peterco at gmx.net
Tue Apr 17 09:07:32 UTC 2007
Tags: patch upstream
Now that the newest upstream version has been packaged for Debian, I
would like to point out a bug with LDAP authentication which has since
been ignored upstream (in analogy to the other LDAP bug already
fixed in Debian).
With "ldap" as auth.backend, HTTP authentication fails the first time
after lighttpd has been started; however, subsequent authentication
Authenticating as user "foo" with request URI "/bar/" gives the
2007-03-27 22:01:40: (log.c.75) server started
2007-03-27 22:01:49: (http_auth.c.752) ldap: Bad search filter filter: foo
2007-03-27 22:01:49: (http_auth.c.861) password doesn't match for /bar/ foo
This bug is caused by the LDAP result filter (i.e. ldap_filter_pre
and ldap_filter_post) not yet having been initialized when the first
LDAP search is performed.
To work around this problem, I copied the build filter code in
http_auth.c to additionally execute before the second ldap_search_s
call, so ldap_filter_pre and ldap_filter_post are properly initialized
by auth_ldap_init before.
I have included this patch below; it applies after 03_ldap_leak_bugfix.dpatch.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1141 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-lighttpd-maintainers/attachments/20070417/d1d0a4ee/04_ldap_build_filter_fix.bin
More information about the pkg-lighttpd-maintainers