If the user passed invalid credentials (user id or password) and auth_ldap is

authoritative, allow the user to retry.  This is consistent with the other auth
modules.  It previously only allowed a retry if the password was invalid.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96893 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/experimental/mod_auth_ldap.c b/modules/experimental/mod_auth_ldap.c
index d1e79b78bf4359c173f17d42307480542372e10a..357ae9866d03c0bd9223c95fe167c300794f2743 100644 (file)
--- a/modules/experimental/mod_auth_ldap.c
+++ b/modules/experimental/mod_auth_ldap.c
@@ -280,12 +280,12 @@ int mod_auth_ldap_check_user_id(request_rec *r)
                       "[%d] auth_ldap authenticate: "
                       "user %s authentication failed; URI %s [%s][%s]",
                      getpid(), r->user, r->uri, ldc->reason, ldap_err2string(result));
-        if (LDAP_INVALID_CREDENTIALS == result) {
+        if ((LDAP_INVALID_CREDENTIALS == result) || sec->auth_authoritative) {
             ap_note_basic_auth_failure(r);
             return HTTP_UNAUTHORIZED;
         }
         else {
-            return sec->auth_authoritative? HTTP_UNAUTHORIZED: DECLINED;
+            return DECLINED;
         }
     }