httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wrolf.court...@donovandata.com
Subject [users@httpd] Problems with LDAP Caching
Date Thu, 25 Mar 2004 22:53:05 GMT




I am having problems getting LDAP caching going.  It does not work for me
on Apache 2.0.47 or 2.0.49 on a RedHat Linux 7.3 box, it does work on a
RHEL 2.1 box.

Even though the modules show as loaded in the server-info handler, the
cache always shows as "Cache has not been enabled/initialised." in the
ldap-status handler.  And I see the same LDAP queries repeated over and
over every time a page is loaded, using tcpdump or Ethereal.

I am using the apxs that comes in the httpd tarball.

I have tried many version of ./configure, e.g.:

./configure --enable-layout=RedHat --with-ldap --enable-ldap
--enable-auth-ldap --enable-mods-shared=most

./configure --enable-layout=RedHat --with-ldap --enable-ldap=static
--enable-auth-ldap=static --enable-mods-shared=all

Other environmental stuff:

# rpm -qa openldap*
openldap-devel-2.0.27-2.7.3
openldap-clients-2.0.27-2.7.3
openldap-2.0.27-2.7.3

http://nms.donovandata.com/server-info#mod_auth_ldap.c
Module Name: mod_auth_ldap.c
Content handlers: none
Configuration Phase Participation: Create Directory Config
Request Phase Participation: Verify User ID, Verify User Access
Module Directives:
      AuthLDAPURL - URL to define LDAP connection. This should be an RFC
      2255 complaint URL of the form
      ldap://host[:port]/basedn[?attrib[?scope[?filter]]].
            Host is the name of the LDAP server. Use a space separated list
            of hosts to specify redundant servers.
            Port is optional, and specifies the port to connect to.
            basedn specifies the base DN to start searches from
            Attrib specifies what attribute to search for in the directory.
            If not provided, it defaults to uid.
            Scope is the scope of the search, and can be either sub or one.
            If not provided, the default is sub.
            Filter is a filter to use in the search. If not provided,
            defaults to (objectClass=*).
      Searches are performed using the attribute and the filter combined.
      For example, assume that the LDAP URL is
      ldap://ldap.airius.com/ou=People, o=Airius?uid?sub?(posixid=*).
      Searches will be done using the filter (&((posixid=*))(uid=username))
      , where username is the user name passed by the HTTP client. The
      search will be a subtree search on the branch ou=People, o=Airius.
      AuthLDAPBindDN - DN to use to bind to LDAP server. If not provided,
      will do an anonymous bind.
      AuthLDAPBindPassword - Password to use to bind to LDAP server. If not
      provided, will do an anonymous bind.
      AuthLDAPRemoteUserIsDN - Set to 'on' to set the REMOTE_USER
      environment variable to be the full DN of the remote user. By
      default, this is set to off, meaning that the REMOTE_USER variable
      will contain whatever value the remote user sent.
      AuthLDAPAuthoritative - Set to 'off' to allow access control to be
      passed along to lower modules if the UserID and/or group is not known
      to this module
      AuthLDAPCompareDNOnServer - Set to 'on' to force auth_ldap to do DN
      compares (for the "require dn" directive) using the server, and set
      it 'off' to do the compares locally (at the expense of possible false
      matches). See the documentation for a complete description of this
      option.
      AuthLDAPGroupAttribute - A list of attributes used to define group
      membership - defaults to member and uniquemember
      AuthLDAPGroupAttributeIsDN - If set to 'on', auth_ldap uses the DN
      that is retrieved from the server forsubsequent group comparisons. If
      set to 'off', auth_ldap uses the stringprovided by the client
      directly. Defaults to 'on'.
      AuthLDAPDereferenceAliases - Determines how aliases are handled
      during a search. Can bo one of thevalues "never", "searching",
      "finding", or "always". Defaults to always.
      AuthLDAPEnabled - Set to off to disable auth_ldap, even if it's been
      enabled in a higher tree
      AuthLDAPFrontPageHack - Set to 'on' to support Microsoft FrontPage
      AuthLDAPCharsetConfig - Character set conversion configuration file.
      If omitted, character setconversion is disabled.
Current Configuration:
      <Directory />
        AuthLDAPEnabled on
        AuthLDAPURL ldap://notes-ny03.ny.dds.net/?cn?sub
        AuthLDAPAuthoritative on
        AuthLDAPGroupAttribute member
      </Directory>
      <Directory /var/www/html/linux>
        AuthLDAPEnabled on
        AuthLDAPURL ldap://notes-ny03.ny.dds.net/?cn?sub
        AuthLDAPAuthoritative on
      </Directory>
      <Location /server-status>
        AuthLDAPEnabled off
      </Location>
      <Location /server-info>
        AuthLDAPEnabled off
      </Location>

Module Name: util_ldap.c
Content handlers: yes
Configuration Phase Participation: Create Server Config
Request Phase Participation: none
Module Directives:
      LDAPSharedCacheSize - Sets the size of the shared memory cache in
      bytes. Zero means disable the shared memory cache. Defaults to 100KB.
      LDAPSharedCacheFile - Sets the file of the shared memory
      cache.Nothing means disable the shared memory cache.
      LDAPCacheEntries - Sets the maximum number of entries that are
      possible in the LDAP search cache. Zero means no limit; -1 disables
      the cache. Defaults to 1024 entries.
      LDAPCacheTTL - Sets the maximum time (in seconds) that an item can be
      cached in the LDAP search cache. Zero means no limit. Defaults to 600
      seconds (10 minutes).
      LDAPOpCacheEntries - Sets the maximum number of entries that are
      possible in the LDAP compare cache. Zero means no limit; -1 disables
      the cache. Defaults to 1024 entries.
      LDAPOpCacheTTL - Sets the maximum time (in seconds) that an item is
      cached in the LDAP operation cache. Zero means no limit. Defaults to
      600 seconds (10 minutes).
      LDAPTrustedCA - Sets the file containing the trusted Certificate
      Authority certificate. Used to validate the LDAP server certificate
      for SSL connections.
      LDAPTrustedCAType - Specifies the type of the Certificate Authority
      file. The following types are supported: DER_FILE - file in binary
      DER format BASE64_FILE - file in Base64 format CERT7_DB_PATH -
      Netscape certificate database file
Current Configuration:
      LDAPSharedCacheSize 200000
      LDAPCacheEntries 1024
      LDAPCacheTTL 600
      LDAPOpCacheEntries 1024
      LDAPOpCacheTTL 600


Wrolf Courtney
Donovan Data Systems, Inc.
(212) 633-5470


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message