Server particulars: RHEL 3 Apache2 2.0.54 including recent PHP
and mod_perl versions (post RC 5). Compiled with:
./configure --prefix=$APACHE_DIR \
--enable-ldap --enable-auth-ldap --with-ldap \
--enable-mods-shared="rewrite ssl auth_ldap ldap"
In our ssl configuration (configured as a "virtual host"), we
have some Auth LDAP stanzas, all pretty much like the sample below:
<Directory "/data1/webdocs/survey">
AllowOverride None
Options FollowSymLinks
Order allow,deny
Deny from all
AuthType Basic
AuthName "survey"
AuthAuthoritative Off
AuthLDAPEnabled on
AuthLDAPURL "<our ldap url>"
require valid-user
satisfy any
</Directory>
New behavior as of 2.0.54 (noting in the change log that some
LDAP stuff was changed, and it didn't behave this way on 2.0.53) is that
if someone enters the wrong username/password combination too many times
(usually 3, sometimes just 2), the process starts to run away and takes
all of a CPU (multiprocessor machine). Doesn't appear to be a problem
with Auth in and of itself - an Auth SMB stanza doesn't result in the
same behavior.
On the browser side, Firefox (I haven't bothered checking IE)
just goes into a hang - the little "loading" circle going around and
around.
Pointers on additional configuration options that will eliminate
this behavior welcome.
Eric Stewart - Network Admin, USF Tampa Library - eric@xxxxxxxxxxx
Managing sysadmins is like leading a neighborhood gang of neurotic pumas
on jet-powered hoverbikes with nasty smack habits and opposable
thumbs. - Feen, Benjy: Pumas on Hoverbikes: Sysadmin Management,
http://www.monkeybagel.com/pumas.html
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|