Bug #1468

LDAP UTF-8 encoding

Added by Anonymous about 11 years ago. Updated almost 3 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Missing in 1.5.x:


The auth.backend ldap does not encode passwords. If the password contains an "ΓΌ", which LDAP-Server expect as C3BC is sent as FC.
LDAP-filter and -passwords should be utf-8 encoded to work correctly.

-- akruth

Associated revisions

Revision 4b412797 (diff)
Added by gstrauss almost 3 years ago

[mod_auth] send charset="UTF-8" in WWW-Authenticate (fixes #1468) and (September 2015)
update Digest and Basic auth to allow server to recommend charset
which should be used by client.

"LDAP UTF-8 encoding"



Updated by gstrauss almost 3 years ago

  • Description updated (diff)
  • Status changed from New to Patch Pending

Is this issue about the password provided in the config file? (auth.backend.ldap.bind-pw) This would suggest that the entire config file should be converted from the current locale into UTF-8 prior to parsing. It is probably better to store your config file in UTF-8, rather than any other native encoding.

More likely: Is this issue about the password provided by the client in HTTP Basic Authentication? Until recently, ( and September 2015), there was no standard which specified the encoding to use. This is explained well at:

This patch updates mod_auth to send Basic and Digest authentication header WWW-Authenticate with the optional charset="UTF-8" param

diff --git a/src/mod_auth.c b/src/mod_auth.c
index 5c6dae3..1111323 100644
--- a/src/mod_auth.c
+++ b/src/mod_auth.c
@@ -298,7 +298,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
                if (0 == strcmp(method->value->ptr, "basic")) {
                        buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Basic realm=\""));
                        buffer_append_string_buffer(p->tmp_buf, realm->value);
-                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\""));
+                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", charset=\"UTF-8\""));

                        response_header_insert(srv, con, CONST_STR_LEN("WWW-Authenticate"), CONST_BUF_LEN(p->tmp_buf));
                } else if (0 == strcmp(method->value->ptr, "digest")) {
@@ -307,7 +307,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {

                        buffer_copy_string_len(p->tmp_buf, CONST_STR_LEN("Digest realm=\""));
                        buffer_append_string_buffer(p->tmp_buf, realm->value);
-                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", nonce=\""));
+                       buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", charset=\"UTF-8\", nonce=\""));
                        buffer_append_string(p->tmp_buf, hh);
                        buffer_append_string_len(p->tmp_buf, CONST_STR_LEN("\", qop=\"auth\""));


Updated by gstrauss almost 3 years ago

  • Target version set to 1.4.40

Updated by gstrauss almost 3 years ago

  • Status changed from Patch Pending to Fixed
  • Assignee deleted (jan)

committed in 4b412797

Also available in: Atom