Buchan Milne wrote:
On Thursday 26 June 2008 13:52:05 Michael Ströder wrote:
Let's look at a very simply case: How should a web server which implements HTTP basic authc implement the user interaction needed? It simply relies on the browser popping up the login window, nothing else. What you could do is redirect the user to an error page implemented as CGI-BIN which makes further checks. You can do that yourself.
But, ideally I would like to send the user to the right page (not a generic "authorization failed"), in which case I need a different error code to send them to a suitable error page (which might have a form for them to change their password etc.).
You could redirect them always to the not-autorized-URL and the CGI-BIN handler behind that retrys the LDAP bind together with ppolicy control reacting according to the ppolicy control values in the bind response.
Just a rough idea though...not sure how to reliably pass the username/password to the not-autorized-URL. Let's think about it...
Ciao, Michael.