search

pinepain / ldap-auth-proxy

A simple drop-in HTTP proxy for transparent LDAP authentication which is also a HTTP auth backend.
MIT License
75 stars 16 forks source link

500 Internal Server Error on invalid password #19

Open rsk0 opened 3 years ago

rsk0 commented 3 years ago

When entering username correctly and password wrong, the client browser gets a "500 Internal Server Error" and the logs show:

time="2021-01-28T01:11:03Z" level=warning msg="Failed to authenticate: LDAP Result Code 49 \"Invalid Credentials\": 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 775, v2580\x00" time="2021-01-28T01:11:03Z" level=debug msg="<<< GET /auth 401"

Shouldn't the client be getting a 401 instead of a 500?

Other login failures where the username is wrong give the client a 401:

time="2021-01-28T00:59:49Z" level=warning msg="Failed to authenticate: User does not exist" time="2021-01-28T00:59:49Z" level=debug msg="<<< GET /auth 401"

pinepain commented 3 years ago

Hi, thanks for reporting, it certainly looks like a bug and the client shall get 401.

P.S.: While I'll try to work on this, there is no specific timeline to solve this atm, PR, as always, is welcomed. It's just not sth that I personally have issues with so it's not an imminent problem for my scenario, despite it sux and better be fixed.

rsk0 commented 3 years ago

Understood. Thank you for looking into it when you have time.