I simply got Apache/LDAP authentication working (almost) on the new SLES 10 server.
After I visit among the protected areas on my small website I recieve the Apache Authentication pop-up window where I'm able to LDAP authenticate to get into the protected folder.
But I am getting wierd behavior.
Basically key in a legitimate user however the incorrect password, it allows me retry authentication.
Basically key in a non-valid user (like 'aldfklsf' as well as leave the username area blank) i quickly have an error 500 page and don't obtain the chance to retry authentication.
I've cache disabled... Attempt to refresh the page to obtain the Apache authentication window to return also it does not. I simply keep obtaining the error 500 page. Searching within the Apache error logs it states: user aldfklsf not found, each time I refresh the page. It's like it's hanging onto that username.
Can there be some establishing Apache that will permit me to try to authenticate again?
Here's the whole from the conf file that's safeguarding your directory:
<Directory "/media/nss/VOL1/ProtectedDir"> Options Indexes Multiviews AllowOverride None Order deny,allow Allow from all AuthType Basic AuthName "Protected" Require valid-user AuthBasicAuthoritative Off AuthzLDAPAuthoritative Off AuthBasicProvider ldap AuthLDAPURL ldap://10.20.32.3/o=wlwv?uid?sub </Directory>
An update. I discovered this within the Apache documentation:
Under normal conditions, the Apache access control modules will pass unacknowledged user IDs onto the following access control module in line. Only when the consumer ID is recognized and also the password is validated (or otherwise) does it provide the usual success or "authentication unsuccessful" messages.
This appears to become the solution. Regrettably I don't understand Apache enough to accept information from that page and implement it to ensure that it really works properly.
Can anybody help?
Ok, first got it determined. This is actually the simple solution just in case other people has this problem.
was all it required.