LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 09-05-2008, 10:16 AM   #1
kingbolete
LQ Newbie
 
Registered: Jan 2006
Posts: 4

Rep: Reputation: 0
Contacting LDAP server fails under load when using LDAPS (ssl)


An Apache 2.2 server is contacting a remote LDAP server to authenticate users (this is being using in conjunction with the SVN DAV facility, but the problem appears to me to be LDAP/SSL related). When AuthLDAPURL specifies ldap: it appears to have no problems. When the same directive uses ldaps: it works for a while but when a few users (4-6) try to use it at the same time it starts to fail. The Apache error log shows the error message "Can't contact LDAP server" about 7 times and then fails the authentication operation. After a while (5-15 minutes) and enough access, the authorization fails for all users and stays that way for hours unless Apache is restarted.

On the LDAP server side, an examination of the log shows some activitity at the same time. The authentication requests that work all use the same connection. When another connection (based on the connection ID in the log) starts to be used, the requests always fail. They fail almost immediately (same second in the timestamp) and the LDAP server's log just notes that the connection was lost.

So it seems that the first connection from Apache to the LDAP server works fine but it is subsequently unable to create additional working connections. When the original connection is close, Apache is no longer able to perform LDAP authorization until Apache is restarted. The LDAP server is still happily working for other authentication users and requires no restart.

Here's a portion of the Apache config file that might be relevant:

Satisfy Any
Require valid-user
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldaps://a.valid.ldap.server/ou=acct,dc=x,dc=edu?uid?sub
AuthzLDAPAuthoritative off
SSLRequireSSL

The modules in use include:

auth_basic
authn_file
authnz_ldap
authz_svn
dav_svn
ldap
ssl
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
openSUSE online update configuration not contacting server... chickenlinux Linux - Software 10 08-16-2008 08:38 AM
Verifying that TLS is used when contacting LDAP server kenneho Linux - Security 5 05-14-2008 08:28 AM
Chown fails in client login for user defined in ldap server jpsingh Linux - Server 2 12-19-2006 10:26 PM
LDAP trouble: login on server OK, remote fails nielchiano Linux - Networking 2 04-29-2004 06:47 AM
Contacting INTERNAL LAN server via domain name/full IP? STATIC ROUTES? Please Help!! Bungo2000 Linux - Networking 8 06-27-2003 10:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration