Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 09-05-2008, 10:16 AM   #1
LQ Newbie
Registered: Jan 2006
Posts: 4

Rep: Reputation: 0
Contacting LDAP server fails under load when using LDAPS (ssl)

An Apache 2.2 server is contacting a remote LDAP server to authenticate users (this is being using in conjunction with the SVN DAV facility, but the problem appears to me to be LDAP/SSL related). When AuthLDAPURL specifies ldap: it appears to have no problems. When the same directive uses ldaps: it works for a while but when a few users (4-6) try to use it at the same time it starts to fail. The Apache error log shows the error message "Can't contact LDAP server" about 7 times and then fails the authentication operation. After a while (5-15 minutes) and enough access, the authorization fails for all users and stays that way for hours unless Apache is restarted.

On the LDAP server side, an examination of the log shows some activitity at the same time. The authentication requests that work all use the same connection. When another connection (based on the connection ID in the log) starts to be used, the requests always fail. They fail almost immediately (same second in the timestamp) and the LDAP server's log just notes that the connection was lost.

So it seems that the first connection from Apache to the LDAP server works fine but it is subsequently unable to create additional working connections. When the original connection is close, Apache is no longer able to perform LDAP authorization until Apache is restarted. The LDAP server is still happily working for other authentication users and requires no restart.

Here's a portion of the Apache config file that might be relevant:

Satisfy Any
Require valid-user
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldaps://a.valid.ldap.server/ou=acct,dc=x,dc=edu?uid?sub
AuthzLDAPAuthoritative off

The modules in use include:



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
openSUSE online update configuration not contacting server... chickenlinux Linux - Software 10 08-16-2008 08:38 AM
Verifying that TLS is used when contacting LDAP server kenneho Linux - Security 5 05-14-2008 08:28 AM
Chown fails in client login for user defined in ldap server jpsingh Linux - Server 2 12-19-2006 10:26 PM
LDAP trouble: login on server OK, remote fails nielchiano Linux - Networking 2 04-29-2004 06:47 AM
Contacting INTERNAL LAN server via domain name/full IP? STATIC ROUTES? Please Help!! Bungo2000 Linux - Networking 8 06-27-2003 10:27 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:28 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration