httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf Glauberman" <rglauber...@michaeli-gymnasium.de>
Subject Re: [users@httpd] Does auth_ldap_module cache authentication info?
Date Tue, 11 Jan 2005 19:39:16 GMT
I can only say that it worked for me.
as you can see at http://www.apache.org/dist/httpd/CHANGES_2.0, there were 
some ldap-related bugs also i couldn't find out more.

----- Original Message ----- 
From: "Khanh Ho" <kho@integrity-apps.com>
To: <users@httpd.apache.org>
Sent: Tuesday, January 11, 2005 7:24 PM
Subject: Re: [users@httpd] Does auth_ldap_module cache authentication info?


>
> we're using 2.0.48.  Do you know for a fact that upgrading to 2.0.52
> fixes the problem?  It's kinda a pain for me to upgrade.
>
> On Tue, 2005-01-11 at 12:27, Ralf Glauberman wrote:
>> i really did have the same problem, just didn't remember. what version of
>> apache do you have. there were a number of bugs in the ldap-modules. 
>> after
>> updating from 2.0.47 to 2.0.52 i didn't have any further problems.
>> ralf
>>
>> ----- Original Message ----- 
>> From: "Khanh Ho" <kho@integrity-apps.com>
>> To: <users@httpd.apache.org>
>> Sent: Tuesday, January 11, 2005 4:11 PM
>> Subject: Re: [users@httpd] Does auth_ldap_module cache authentication 
>> info?
>>
>>
>> >
>> > Checked the ldap-status URL and it indeed says there are no cache
>> > entries.  However the behavior is still the same.  How can you tell if
>> > the ldap server itself is caching the logins?  Here's what the config
>> > looks like:
>> >
>> > LDAPSharedCacheSize 200000
>> > LDAPCacheEntries 0
>> > LDAPCacheTTL 60
>> > LDAPOpCacheEntries 0
>> > LDAPOpCacheTTL 60
>> >
>> > <Location /cache-info>
>> >        SetHandler ldap-status
>> > </Location>
>> >
>> > <Location /apps>
>> >        DAV svn
>> >        SVNPATH /opt/repositories/applications
>> >        AuthzSVNAccessFile /opt/svn/etc/applications.policy
>> >        AuthAuthoritative off
>> >        AuthLDAPAuthoritative on
>> >        AuthType Basic
>> >        AuthName "Applications"
>> >        AuthLDAPEnabled on
>> >        AuthLDAPBindDN "cn=LDAP User,cn=Users,dc=integrityapps,dc=com"
>> >        AuthLDAPBindPassword "XXXXX"
>> >        AuthLDAPURL
>> > ldap://virginia.integrity-apps.com:389/cn=Users,dc=integrityapps,dc=com?sAMAccountName?sub?(objectClass=user)
>> >        require valid-user
>> > </Location>
>> >
>> >
>> > On Tue, 2005-01-11 at 07:31, Ralf Glauberman wrote:
>> >> I can only tell you that according to the documentation mod_ldap does
>> >> only
>> >> cache successfull authentications. this is what it is doing on my 
>> >> systems
>> >> as
>> >> well.perhaps you can give us your auth_ldap configuration? and what 
>> >> does
>> >> http://localhost/ldap-status return, it should tell you everything you
>> >> need
>> >> about the current cache entries.
>> >> Ralf
>> >>
>> >> ----- Original Message ----- 
>> >> From: "Khanh Ho" <kho@integrity-apps.com>
>> >> To: <users@httpd.apache.org>
>> >> Sent: Monday, January 10, 2005 9:21 PM
>> >> Subject: [users@httpd] Does auth_ldap_module cache authentication 
>> >> info?
>> >>
>> >>
>> >> > Hi,
>> >> >
>> >> > I'm using Apache/2.0.48 as a server for my Subversion repository. 
>> >> > To
>> >> > provide authentication, I'm using auth_ldap_module to talk to an 
>> >> > LDAP
>> >> > server to authenticate the users.  Everything seems to work right 
>> >> > until
>> >> > someone enters a wrong password.  After that, every subsequent login
>> >> > would produce the following message in the error log:
>> >> >
>> >> > [Mon Jan 10 14:40:28 2005] [warn] [client 192.168.168.20] [3047]
>> >> > auth_ldap authenticate: user kho authentication failed; URI
>> >> > /apps/GeoSpectre/trunk [User not found][No such object]
>> >> >
>> >> > And the authentication process would seem to only work in a random
>> >> > fashion after that.
>> >> >
>> >> >
>> >> > My questions are:
>> >> >
>> >> > 1.  Can anyone explain the above behavior?
>> >> > 2.  Does auth_ldap_module cache the client authentication info even
>> >> > though the info is a failed attempt?
>> >> > 3.  If so how do I disable this?  I tried to put this in the 
>> >> > httpd.conf
>> >> > file but it doesn't seem to help:
>> >> >
>> >> > LDAPSharedCacheSize 200000
>> >> > LDAPCacheEntries 0
>> >> > LDAPCacheTTL 60
>> >> > LDAPOpCacheEntries 0
>> >> > LDAPOpCacheTTL 60
>> >> >
>> >> > Thanks for any help.
>> >> >
>> >> >
>> >> > ---------------------------------------------------------------------
>> >> > The official User-To-User support forum of the Apache HTTP Server
>> >> > Project.
>> >> > See <URL:http://httpd.apache.org/userslist.html> for more info.
>> >> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> >> > For additional commands, e-mail: users-help@httpd.apache.org
>> >> >
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> The official User-To-User support forum of the Apache HTTP Server
>> >> Project.
>> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> >> For additional commands, e-mail: users-help@httpd.apache.org
>> >>
>> >
>> >
>> > ---------------------------------------------------------------------
>> > The official User-To-User support forum of the Apache HTTP Server 
>> > Project.
>> > See <URL:http://httpd.apache.org/userslist.html> for more info.
>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> > For additional commands, e-mail: users-help@httpd.apache.org
>> >
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message