Re: Apache-2.2 with LDAP authentication keeps spinning after authentication completes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The persistent LDAP connection between Apache/mod_authnz_ldap and OpenLDAP is
not an LDAP nor OpenLDAP error. Debug logging has confirmed this.

It appears that Apache(v2.2)/mod_authnz_ldap establishes and maintains a
persistent network connection to the designated LDAP server. Documentation for
mod_ldap mentions "connection pooling" and "results caching".

The situation has been verified by the following:

1) start Apache with AuthLDAP directives; start web application;do LDAP
authentication; network connection to LDAP server is established; terminate web
browser; LDAP connection is still ESTABLISHED and appears to "never" timeout or
close; during this time the web browser maintains a "read/transmitting" state

stop Apache (httpd) or the LDAP server and the LDAP connection is dropped

2) start Apache withOUT AuthLDAP; start web application; NO initial LDAP
authentication; no network connection to the LDAP server; perform a function
within the web application that at that point invokes LDAP authentication via
PHP; network connection ESTABLISHED to the LDAP server; LDAP authentication
completes; network connection to the LDAP server is closed; browser status is
"normal".





On 05/03/2016 06:56, Luca Toscano wrote:
> 
> 
> 2016-05-03 1:22 GMT+02:00 J.D. <randomnoise058@xxxxxxxxx
> <mailto:randomnoise058@xxxxxxxxx>>:
> 
>     Centos-6.6+seLinux, Apache-2.2, OpenLDAP-2.4.40, OpenSSL-1.0.1e-fips
> 
>     Using the following sample Directory block, the Apache LDAP authentication works
>     just fine, but when the web page is displayed - the activity spinner is spinning
>     and the status bar shows "Read <hostname>". Without the Apache LDAP
>     authentication, neither of the above symptoms appear/occur. It is almost like
>     something doesn't complete/finish, but I cannot determine what causes this.
>     There are no messages in the HTTPD error logs relative to this situation.
> 
> 
>     <Directory "/var/www/html/directory/">
>       SSLRequireSSL
>       AllowOverride None
>       Allow from 127.0.0.1
>       Allow from localhost
>       Allow from 192.168.56.0/24 <http://192.168.56.0/24>
>     # uncomment following line to force all frontend access
>     # to require userid/password authentication via LDAP
>       include conf/WebFrontendApacheAuthentication.conf
>     </Directory>
> 
> 
>     WebFrontendApacheAuthentication.conf
>     ===============================
>     AuthType basic
>     AuthName "realm"
>     AuthBasicProvider ldap
>     AuthLDAPURL ldaps://vbox-realm.vboxnet/dc=realm?uid?sub?(ObjectClass=*)
>     Require ldap-group cn=WebAccess,dc=realm
>     ===============================
> 
> 
> Not an expert about LDAP auth with httpd but I would try to increase the
> LogLevel (https://httpd.apache.org/docs/2.2/mod/core.html#loglevel) to get more
> info from the logs about what mod_auth_ldap is doing.
> 
> Hope that helps!
> 
> Luca 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux