Re: 2.2.6 mod_authnz_ldap connect/disconnect repeatedly without doing LDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Another observation:  I changed the AuthLDAPURL to '"ldap:..." STARTTLS',
gathering from the wording in the manual that mod_authnz_ldap might
only do LDAPS through the Netscape SDK while I'm using OpenLDAP:

     Support for LDAP over SSL (requires the Netscape SDK) or TLS
     (requires the OpenLDAP 2.x SDK or Novell LDAP SDK).

Now the LDAP layer actually speaks.  httpd sends a START_TLS extended
request, and ADS responds positively.  Then, without any attempt to
bind, let alone query, httpd sends an LDAP unbind and begins tearing
down the TCP connection.

No.     Time        Source                Destination           Protocol Info
      1 0.000000    134.68.190.58         134.68.220.153        TCP      45637 > ldap [SYN] Seq=0 Len=0 MSS=1460 TSV=96846395 TSER=0 WS=7
      2 0.000268    134.68.220.153        134.68.190.58         TCP      ldap > 45637 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
      3 0.000331    134.68.190.58         134.68.220.153        TCP      45637 > ldap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=96846395 TSER=0
      4 0.001346    134.68.190.58         134.68.220.153        LDAP     
      5 0.001961    134.68.220.153        134.68.190.58         LDAP     extendedResp(1) 
      6 0.002016    134.68.190.58         134.68.220.153        TCP      45637 > ldap [ACK] Seq=32 Ack=47 Win=5888 Len=0 TSV=96846395 TSER=484044
      7 0.003463    134.68.190.58         134.68.220.153        LDAP     unbindRequest(2) 
      8 0.003552    134.68.190.58         134.68.220.153        TCP      45637 > ldap [FIN, ACK] Seq=39 Ack=47 Win=5888 Len=0 TSV=96846396 TSER=484044
      9 0.003784    134.68.220.153        134.68.190.58         TCP      ldap > 45637 [ACK] Seq=47 Ack=40 Win=65497 Len=0 TSV=484044 TSER=96846396
     10 0.003962    134.68.220.153        134.68.190.58         TCP      ldap > 45637 [FIN, ACK] Seq=47 Ack=40 Win=65497 Len=0 TSV=484044 TSER=96846396
     11 0.004009    134.68.190.58         134.68.220.153        TCP      45637 > ldap [ACK] Seq=40 Ack=48 Win=5888 Len=0 TSV=96846396 TSER=484044

It's as though the LDAP auth code gets all set to bind, then discovers
some error which goes totally unreported, and drops the connection as failed.

-- 
Mark H. Wood, Lead System Programmer   mwood@xxxxxxxxx
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.

Attachment: pgpvIeHc9daWw.pgp
Description: PGP signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux