access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
[Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
+ *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
+ password now result in an informational level log entry instead of
+ warning level. [Eric Covener]
+
*) Preserve Port information over internal redirects
PR 35999 [Jonas Ringh <jonas.ringh cixit.se>]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_authnz_ldap: log authn failures at INFO instead of WARN
- Trunk Patch: http://svn.apache.org/viewvc?rev=902641&view=rev
- 2.2.x Patch: trunk patch works
- +1: covener, sf, fuankg
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
/* handle bind failure */
if (result != LDAP_SUCCESS) {
- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"[%" APR_PID_T_FMT "] auth_ldap authenticate: "
"user %s authentication failed; URI %s [%s][%s]",
getpid(), user, r->uri, ldc->reason, ldap_err2string(result));
projects / thirdparty / apache / httpd.git / commitdiff
