Tried using (newer) web browsers under Mac OS X and no apparent Read/Transmitting persistence is noted. So perhaps "the issue" is browser specific (either OS or version). It would be nice to have a reliable way to track this down with more specifics. Web browser console/error/debug windows don't help. Packet capture mechanisms don't help, of course. Application log files don't show anything, of course. -------- Original Message -------- Subject: Re: Apache-2.2 with LDAP authentication keeps spinning after authentication completes Date: Tue, 03 May 2016 16:46:30 -0500 From: J.D. <randomnoise058@xxxxxxxxx> To: users@xxxxxxxxxxxxxxxx Another interesting observation: web browser (Firefox) continues to show activity spinner and "read <hostname>" status (with AuthLDAP active at web application initiation) even after the LDAP authentication is completed, the OpenLDAP server is stopped, and the LDAP network connection is dropped. I can't see activity status with the Opera browser, but the LDAP network connection remains ESTABLISHED after terminating that web browser. This appears to be an Apache(2.2) issue. Nothing in the Apache (HTTPD) log files. On 05/03/2016 06:56, Luca Toscano wrote: > > > 2016-05-03 1:22 GMT+02:00 J.D. <randomnoise058@xxxxxxxxx > <mailto:randomnoise058@xxxxxxxxx>>: > > Centos-6.6+seLinux, Apache-2.2, OpenLDAP-2.4.40, OpenSSL-1.0.1e-fips > > Using the following sample Directory block, the Apache LDAP authentication works > just fine, but when the web page is displayed - the activity spinner is spinning > and the status bar shows "Read <hostname>". Without the Apache LDAP > authentication, neither of the above symptoms appear/occur. It is almost like > something doesn't complete/finish, but I cannot determine what causes this. > There are no messages in the HTTPD error logs relative to this situation. > > > <Directory "/var/www/html/directory/"> > SSLRequireSSL > AllowOverride None > Allow from 127.0.0.1 > Allow from localhost > Allow from 192.168.56.0/24 <http://192.168.56.0/24> > # uncomment following line to force all frontend access > # to require userid/password authentication via LDAP > include conf/WebFrontendApacheAuthentication.conf > </Directory> > > > WebFrontendApacheAuthentication.conf > =============================== > AuthType basic > AuthName "realm" > AuthBasicProvider ldap > AuthLDAPURL ldaps://vbox-realm.vboxnet/dc=realm?uid?sub?(ObjectClass=*) > Require ldap-group cn=WebAccess,dc=realm > =============================== > > > Not an expert about LDAP auth with httpd but I would try to increase the > LogLevel (https://httpd.apache.org/docs/2.2/mod/core.html#loglevel) to get more > info from the logs about what mod_auth_ldap is doing. > > Hope that helps! > > Luca --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|