httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Khanh Ho <...@integrity-apps.com>
Subject Re: [users@httpd] Does auth_ldap_module cache authentication info?
Date Wed, 12 Jan 2005 21:01:10 GMT

Yes upgrading to 2.0.52 fixes this problem!

Thanks

On Tue, 2005-01-11 at 14:39, Ralf Glauberman wrote:
> I can only say that it worked for me.
> as you can see at http://www.apache.org/dist/httpd/CHANGES_2.0, there were 
> some ldap-related bugs also i couldn't find out more.
> 
> ----- Original Message ----- 
> From: "Khanh Ho" <kho@integrity-apps.com>
> To: <users@httpd.apache.org>
> Sent: Tuesday, January 11, 2005 7:24 PM
> Subject: Re: [users@httpd] Does auth_ldap_module cache authentication info?
> 
> 
> >
> > we're using 2.0.48.  Do you know for a fact that upgrading to 2.0.52
> > fixes the problem?  It's kinda a pain for me to upgrade.
> >
> > On Tue, 2005-01-11 at 12:27, Ralf Glauberman wrote:
> >> i really did have the same problem, just didn't remember. what version of
> >> apache do you have. there were a number of bugs in the ldap-modules. 
> >> after
> >> updating from 2.0.47 to 2.0.52 i didn't have any further problems.
> >> ralf
> >>
> >> ----- Original Message ----- 
> >> From: "Khanh Ho" <kho@integrity-apps.com>
> >> To: <users@httpd.apache.org>
> >> Sent: Tuesday, January 11, 2005 4:11 PM
> >> Subject: Re: [users@httpd] Does auth_ldap_module cache authentication 
> >> info?
> >>
> >>
> >> >
> >> > Checked the ldap-status URL and it indeed says there are no cache
> >> > entries.  However the behavior is still the same.  How can you tell if
> >> > the ldap server itself is caching the logins?  Here's what the config
> >> > looks like:
> >> >
> >> > LDAPSharedCacheSize 200000
> >> > LDAPCacheEntries 0
> >> > LDAPCacheTTL 60
> >> > LDAPOpCacheEntries 0
> >> > LDAPOpCacheTTL 60
> >> >
> >> > <Location /cache-info>
> >> >        SetHandler ldap-status
> >> > </Location>
> >> >
> >> > <Location /apps>
> >> >        DAV svn
> >> >        SVNPATH /opt/repositories/applications
> >> >        AuthzSVNAccessFile /opt/svn/etc/applications.policy
> >> >        AuthAuthoritative off
> >> >        AuthLDAPAuthoritative on
> >> >        AuthType Basic
> >> >        AuthName "Applications"
> >> >        AuthLDAPEnabled on
> >> >        AuthLDAPBindDN "cn=LDAP User,cn=Users,dc=integrityapps,dc=com"
> >> >        AuthLDAPBindPassword "XXXXX"
> >> >        AuthLDAPURL
> >> > ldap://virginia.integrity-apps.com:389/cn=Users,dc=integrityapps,dc=com?sAMAccountName?sub?(objectClass=user)
> >> >        require valid-user
> >> > </Location>
> >> >
> >> >
> >> > On Tue, 2005-01-11 at 07:31, Ralf Glauberman wrote:
> >> >> I can only tell you that according to the documentation mod_ldap does
> >> >> only
> >> >> cache successfull authentications. this is what it is doing on my 
> >> >> systems
> >> >> as
> >> >> well.perhaps you can give us your auth_ldap configuration? and what

> >> >> does
> >> >> http://localhost/ldap-status return, it should tell you everything
you
> >> >> need
> >> >> about the current cache entries.
> >> >> Ralf
> >> >>
> >> >> ----- Original Message ----- 
> >> >> From: "Khanh Ho" <kho@integrity-apps.com>
> >> >> To: <users@httpd.apache.org>
> >> >> Sent: Monday, January 10, 2005 9:21 PM
> >> >> Subject: [users@httpd] Does auth_ldap_module cache authentication 
> >> >> info?
> >> >>
> >> >>
> >> >> > Hi,
> >> >> >
> >> >> > I'm using Apache/2.0.48 as a server for my Subversion repository.

> >> >> > To
> >> >> > provide authentication, I'm using auth_ldap_module to talk to
an 
> >> >> > LDAP
> >> >> > server to authenticate the users.  Everything seems to work right

> >> >> > until
> >> >> > someone enters a wrong password.  After that, every subsequent
login
> >> >> > would produce the following message in the error log:
> >> >> >
> >> >> > [Mon Jan 10 14:40:28 2005] [warn] [client 192.168.168.20] [3047]
> >> >> > auth_ldap authenticate: user kho authentication failed; URI
> >> >> > /apps/GeoSpectre/trunk [User not found][No such object]
> >> >> >
> >> >> > And the authentication process would seem to only work in a random
> >> >> > fashion after that.
> >> >> >
> >> >> >
> >> >> > My questions are:
> >> >> >
> >> >> > 1.  Can anyone explain the above behavior?
> >> >> > 2.  Does auth_ldap_module cache the client authentication info
even
> >> >> > though the info is a failed attempt?
> >> >> > 3.  If so how do I disable this?  I tried to put this in the 
> >> >> > httpd.conf
> >> >> > file but it doesn't seem to help:
> >> >> >
> >> >> > LDAPSharedCacheSize 200000
> >> >> > LDAPCacheEntries 0
> >> >> > LDAPCacheTTL 60
> >> >> > LDAPOpCacheEntries 0
> >> >> > LDAPOpCacheTTL 60
> >> >> >
> >> >> > Thanks for any help.
> >> >> >
> >> >> >
> >> >> > ---------------------------------------------------------------------
> >> >> > The official User-To-User support forum of the Apache HTTP Server
> >> >> > Project.
> >> >> > See <URL:http://httpd.apache.org/userslist.html> for more
info.
> >> >> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> >> > For additional commands, e-mail: users-help@httpd.apache.org
> >> >> >
> >> >>
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> The official User-To-User support forum of the Apache HTTP Server
> >> >> Project.
> >> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> >> For additional commands, e-mail: users-help@httpd.apache.org
> >> >>
> >> >
> >> >
> >> > ---------------------------------------------------------------------
> >> > The official User-To-User support forum of the Apache HTTP Server 
> >> > Project.
> >> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> > For additional commands, e-mail: users-help@httpd.apache.org
> >> >
> >>
> >>
> >> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the Apache HTTP Server 
> >> Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message