httpd is returning 500 to the client. Log shows:
[Mon Nov 12 15:59:35 2007] [warn] [client 127.0.0.1] [9159] auth_ldap
authenticate: user mwood authentication failed; URI
/svn/dspace/IDeA/trunk [LDAP: ldap_simple_bind_s() failed][Can't
contact LDAP server]
Tracing the network traffic shows that httpd establishes and then
immediately tears down a connection with the directory service many
times, without ever initiating an LDAP session:
No. Time Source Destination
Protocol Info
1 0.000000 134.68.190.58 134.68.220.153 TCP
47964 > ldaps [SYN] Seq=0 Len=0 MSS=1460 TSV=57767109 TSER=0
WS=7
2 0.000643 134.68.220.153 134.68.190.58 TCP
ldaps > 47964 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460
WS=0 TSV=0 TSER=0
3 0.000729 134.68.190.58 134.68.220.153 TCP
47964 > ldaps [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=57767109
TSER=0
4 0.010175 134.68.190.58 134.68.220.153 TCP
47964 > ldaps [FIN, ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=57767112
TSER=0
5 0.010960 134.68.220.153 134.68.190.58 TCP
ldaps > 47964 [ACK] Seq=1 Ack=2 Win=65535 Len=0 TSV=1204571
TSER=57767112
6 0.011068 134.68.220.153 134.68.190.58 TCP
ldaps > 47964 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0 TSV=1204571
TSER=57767112
7 0.011115 134.68.190.58 134.68.220.153 TCP
47964 > ldaps [ACK] Seq=2 Ack=2 Win=5888 Len=0 TSV=57767112
TSER=1204571
8 0.015227 134.68.190.58 134.68.220.153 TCP
47965 > ldaps [SYN] Seq=0 Len=0 MSS=1460 TSV=57767113 TSER=0
WS=7
9 0.017070 134.68.220.153 134.68.190.58 TCP
ldaps > 47965 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460
WS=0 TSV=0 TSER=0
10 0.017185 134.68.190.58 134.68.220.153 TCP
47965 > ldaps [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=57767114
TSER=0
11 0.017560 134.68.190.58 134.68.220.153 TCP
47965 > ldaps [FIN, ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=57767114
TSER=0
12 0.017783 134.68.220.153 134.68.190.58 TCP
ldaps > 47965 [ACK] Seq=1 Ack=2 Win=65535 Len=0 TSV=1204571
TSER=57767114
13 0.018750 134.68.220.153 134.68.190.58 TCP
ldaps > 47965 [FIN, ACK] Seq=1 Ack=2 Win=65535 Len=0 TSV=1204571
TSER=57767114
The above continues for about 97 packets total. Relevant
configuration:
<IfDefine AUTH_LDAP>
<IfModule authnz_ldap_module>
LDAPTrustedGlobalCert CA_BASE64 /etc/ssl/certs
</IfModule>
</IfDefine>
<IfDefine SVN>
<IfModule !mod_dav_svn.c>
LoadModule dav_svn_module modules/mod_dav_svn.so
</IfModule>
<Location /svn>
DAV svn
SVNPath /var/svn
AuthType Basic
AuthBasicProvider ldap
AuthName ADS
AuthLDAPBindDN "a DN"
AuthLDAPBindPassword "a password"
AuthLDAPURL "ldaps://IU-MSSG-ADSDC01.ADS.IU.Edu/ou=Accounts,DC=ads,DC=iu,DC=edu?CN?one?"
AuthzLDAPAuthoritative Off
Require ldap-user user1 user2
Require ldap-user user3 user4
Require ldap-user user5 user6 user7
</Location>
<Directory /var/svn>
Order Deny,Allow
Deny from all
Allow from localhost 127.0.0.1 ::1
Allow from johncock.ulib.iupui.edu
Allow from 134.68.171.0/27
Allow from 134.68.172.0/24
</Directory>
<IfDefine SVN_AUTHZ>
<IfModule !mod_authz_svn.c>
LoadModule authz_svn_module
modules/mod_authz_svn.so
</IfModule>
</IfDefine>
</IfDefine>
How to proceed?
--
Mark H. Wood, Lead System Programmer mwood@xxxxxxxxx
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.
Attachment:
pgpLIlDjMh51O.pgp
Description: PGP signature
|