From: Ruediger Pluem <rpluem@apache.org>
Date: Wed, 26 Jul 2006 13:31:38 +0000 (+0000)
Subject: Merge r411306 from trunk:
X-Git-Tag: 2.2.3~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4af9878c03cdd2b867be37f81dac3c7751650344;p=thirdparty%2Fapache%2Fhttpd.git

Merge r411306 from trunk:

* Fix a problem with invalid auth error detection for LDAP client SDKs that don't
  support the LDAP_SECURITY_ERROR macro.

PR: 39529
Submitted by: Ray Price <dohrayme yahoo.com>, Josh Fenlason <jfenlason ptc.com>
Reviewed by: bnicholes, wrowe, fielding


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@425731 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index a10275e7496..2cf28306767 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.3
 
+  *) mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP
+     client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529.
+     [Ray Price <dohrayme yahoo.com>, Josh Fenlason <jfenlason ptc.com>]
+
   *) mod_cache: Do not overwrite the Content-Type in the cache, for
      successfully revalidated cached objects. PR 39647. [Ruediger Pluem]
 
diff --git a/STATUS b/STATUS
index b0b4d4a93c0..c83f048cc6a 100644
--- a/STATUS
+++ b/STATUS
@@ -82,13 +82,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
        http://issues.apache.org/bugzilla/attachment.cgi?id=18636
        +1: bnicholes, rpluem, fielding
 
-    * mod_authnz_ldap: Fix a problem with invalid auth error detection 
-       for LDAP client SDKs that don't support LDAP_SECURITY_ERROR 
-       macro. PR#39529
-       http://svn.apache.org/viewvc?view=rev&revision=411306
-       +1: bnicholes, wrowe, fielding
-         wrowe observes; CONST==result is a horrid style convention
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
 
     * Bundled PCRE: backport r381783 from trunk
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 484cf79ff3a..5637d091aa2 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -413,6 +413,15 @@ start_over:
         return (LDAP_NO_SUCH_OBJECT == result) ? AUTH_USER_NOT_FOUND
 #ifdef LDAP_SECURITY_ERROR
                  : (LDAP_SECURITY_ERROR(result)) ? AUTH_DENIED
+#else
+				 : (LDAP_INAPPROPRIATE_AUTH == result) ? AUTH_DENIED
+				 : (LDAP_INVALID_CREDENTIALS == result) ? AUTH_DENIED
+#ifdef LDAP_INSUFFICIENT_ACCESS
+                 : (LDAP_INSUFFICIENT_ACCESS == result) ? AUTH_DENIED
+#endif
+#ifdef LDAP_INSUFFICIENT_RIGHTS
+				 : (LDAP_INSUFFICIENT_RIGHTS == result) ? AUTH_DENIED
+#endif
 #endif
                  : AUTH_GENERAL_ERROR;
     }