Hi Eric!It's an interesting issue since our education server has recently been exhibiting the same symptoms you describe [Can't contact LDAP Server]. We are running apache2.0.63 built with ldap & prefork support on osx 10.5.5 [I've set up LDAP to fail thru to auth against mysql]. The LDAP server is a sun box. Our server has gotten extremely busy over the last month and that's when the LDAP strangeness started to happen. I rebuilt the server with apache2.0.58 and it made no difference. Our development server is built identically to the production server. Since it does not see heavy traffic it has never run into the LDAP issue. Swapping the servers causes the problem to appear on the other server.
Out of desperation I have a cron to periodically apachectl stop apachectl start the server until I can find out what's the issue. Unfortunately apachectl graceful does not "reset" LDAP. And like you, from the command line on the actual server that can't connect to LDAP I can issue a searchldap with a bind or not and it always successfully returns data from LDAP.
I've started to look for a substitute ldap module compatible with os-x & apache2.0.XX. I've also started to build apache2.2.11 to see what happens.
Bill Paredes Computer Based Education Albert Einstein College of Medicine Oliver Marshall wrote:
Here's another one. The first line, [info] Initial (No.1) HTTPS request received for child 1 (server dev.company.com:443), ALWAYS appears before the error occurs from what i can see in the logs. ************************* 140295168-[Mon Jan 19 20:53:28 2009] [info] Initial (No.1) HTTPS request received for child 1 (server dev.company.com:443) 140295279-[Mon Jan 19 20:53:28 2009] [debug] mod_authnz_ldap.c(373): [client 86.132.127.13] [21424] auth_ldap authenticate: using URL ldap://10.1.37.250:389/OU=Users,OU=Company LLP,DC=company,DC=local?sAMAccountName?sub?(objectClass=*) 140295501:[Mon Jan 19 20:53:28 2009] [warn] [client 86.132.127.13] [21424] auth_ldap authenticate: user a.nother authentication failed; URI /trac/technical [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] 140295714-[Mon Jan 19 20:53:28 2009] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished successfully 140295830-[Mon Jan 19 20:53:28 2009] [info] [client 86.132.127.13] Connection closed to child 1 with standard shutdown (server dev.company.com:443) ************************** -----Original Message-----From: Eric Covener [mailto:covener@xxxxxxxxx] Sent: 19 January 2009 21:02To: users@xxxxxxxxxxxxxxxx Subject: Re: Sudden "Can't Contact LDAP Server" On Mon, Jan 19, 2009 at 3:56 PM, Oliver Marshall <oliver.marshall@xxxxxxxxxxxxx> wrote:Eric, Reproducing it is possible, you just have to keep hitting f5, but it occurs at random. Maybe once ever hour, maybe once every ten mins. I would say that rebuilding the httpd server with a patch may be beyond me, certainly beyond my sanity level at the moment. I may look at setting up a packet trace tomorrow if I have time. In your opinion though, there's nothing up with the setup or the configuration bits I posted?I don't think you have any kind of config problem, and it even looks like the connection pool is not a problem since this is your first request being handled. When it fails, is it always preceded by that "first connection for child" msg?
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|