[users@httpd] Help please with LDAP cache not working on https virtualhost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I am quite new to using LDAP. I have a Debian Linux machine running Apache v2.0.52. I have two virtual hosts, one for http port 80 and the other for https port 443. I have configured the secure site to authenticate access via a LDAP server via stunnel. This is working but I am finding that every single page access involves further authentication communication to the LDAP server via the stunnel. So in other words the LDAP information does not appear to be caching correctly. This means that pages are taking about 3 seconds to load rather than almost instantaneous via unauthenticated access.
When I try to view the https ldap-status page all I get is a page with the title "LDAP Cache Information" but no actual cache information. However if I try to access the http ldap-status page I get to see the number of entries in the cache along with the number of hits.
So I'm looking for some clues to help me understand and fix the https LDAP cache. 

Can anyone help please?

Cheers,
Mark

Here's better details of my setup:

In /etc/apache2/sites-enabled I have two configurations:
	default - my http port 80 server
	ssl	- my https port 443 server

In my ssl site configuration I have:

   <IfModule util_ldap.c>
       LDAPSharedCacheSize 200000
       LDAPCacheEntries 1024
       LDAPCacheTTL 600
       LDAPOpCacheEntries 1024
       LDAPOpCacheTTL 600
       <Location /ldap-status>
           SetHandler ldap-status
           AuthType basic
           AuthName IBM
           Order deny,allow
           Allow from all
           <IfModule mod_auth_ldap.c>
               AuthLDAPEnabled on
AuthLDAPURL ldap://127.0.0.1:636/ou=ldapserver,o=mydomain.com?mail?sub?(objectclass=person) 
               AuthLDAPAuthoritative on
               require valid-user
           </IfModule>
       </Location>
   </IfModule>
I also put the above block in /etc/apache2/httpd.conf which enabled me to see the LDAP cache working fine on the standard http port 80 webserver.
P.S. I hope this comes through in plain text. My apologies if it doesn't. I will try harder if I find I've made a mistake. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux