httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf Glauberman" <rglauber...@michaeli-gymnasium.de>
Subject Re: [users@httpd] Does auth_ldap_module cache authentication info?
Date Tue, 11 Jan 2005 17:27:04 GMT
i really did have the same problem, just didn't remember. what version of 
apache do you have. there were a number of bugs in the ldap-modules. after 
updating from 2.0.47 to 2.0.52 i didn't have any further problems.
ralf

----- Original Message ----- 
From: "Khanh Ho" <kho@integrity-apps.com>
To: <users@httpd.apache.org>
Sent: Tuesday, January 11, 2005 4:11 PM
Subject: Re: [users@httpd] Does auth_ldap_module cache authentication info?


>
> Checked the ldap-status URL and it indeed says there are no cache
> entries.  However the behavior is still the same.  How can you tell if
> the ldap server itself is caching the logins?  Here's what the config
> looks like:
>
> LDAPSharedCacheSize 200000
> LDAPCacheEntries 0
> LDAPCacheTTL 60
> LDAPOpCacheEntries 0
> LDAPOpCacheTTL 60
>
> <Location /cache-info>
>        SetHandler ldap-status
> </Location>
>
> <Location /apps>
>        DAV svn
>        SVNPATH /opt/repositories/applications
>        AuthzSVNAccessFile /opt/svn/etc/applications.policy
>        AuthAuthoritative off
>        AuthLDAPAuthoritative on
>        AuthType Basic
>        AuthName "Applications"
>        AuthLDAPEnabled on
>        AuthLDAPBindDN "cn=LDAP User,cn=Users,dc=integrityapps,dc=com"
>        AuthLDAPBindPassword "XXXXX"
>        AuthLDAPURL
> ldap://virginia.integrity-apps.com:389/cn=Users,dc=integrityapps,dc=com?sAMAccountName?sub?(objectClass=user)
>        require valid-user
> </Location>
>
>
> On Tue, 2005-01-11 at 07:31, Ralf Glauberman wrote:
>> I can only tell you that according to the documentation mod_ldap does 
>> only
>> cache successfull authentications. this is what it is doing on my systems 
>> as
>> well.perhaps you can give us your auth_ldap configuration? and what does
>> http://localhost/ldap-status return, it should tell you everything you 
>> need
>> about the current cache entries.
>> Ralf
>>
>> ----- Original Message ----- 
>> From: "Khanh Ho" <kho@integrity-apps.com>
>> To: <users@httpd.apache.org>
>> Sent: Monday, January 10, 2005 9:21 PM
>> Subject: [users@httpd] Does auth_ldap_module cache authentication info?
>>
>>
>> > Hi,
>> >
>> > I'm using Apache/2.0.48 as a server for my Subversion repository.  To
>> > provide authentication, I'm using auth_ldap_module to talk to an LDAP
>> > server to authenticate the users.  Everything seems to work right until
>> > someone enters a wrong password.  After that, every subsequent login
>> > would produce the following message in the error log:
>> >
>> > [Mon Jan 10 14:40:28 2005] [warn] [client 192.168.168.20] [3047]
>> > auth_ldap authenticate: user kho authentication failed; URI
>> > /apps/GeoSpectre/trunk [User not found][No such object]
>> >
>> > And the authentication process would seem to only work in a random
>> > fashion after that.
>> >
>> >
>> > My questions are:
>> >
>> > 1.  Can anyone explain the above behavior?
>> > 2.  Does auth_ldap_module cache the client authentication info even
>> > though the info is a failed attempt?
>> > 3.  If so how do I disable this?  I tried to put this in the httpd.conf
>> > file but it doesn't seem to help:
>> >
>> > LDAPSharedCacheSize 200000
>> > LDAPCacheEntries 0
>> > LDAPCacheTTL 60
>> > LDAPOpCacheEntries 0
>> > LDAPOpCacheTTL 60
>> >
>> > Thanks for any help.
>> >
>> >
>> > ---------------------------------------------------------------------
>> > The official User-To-User support forum of the Apache HTTP Server 
>> > Project.
>> > See <URL:http://httpd.apache.org/userslist.html> for more info.
>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> > For additional commands, e-mail: users-help@httpd.apache.org
>> >
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message