Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 78374 invoked from network); 11 Jan 2005 19:38:23 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 11 Jan 2005 19:38:23 -0000 Received: (qmail 21652 invoked by uid 500); 11 Jan 2005 19:38:16 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 20819 invoked by uid 500); 11 Jan 2005 19:38:14 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 20804 invoked by uid 99); 11 Jan 2005 19:38:14 -0000 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=FORGED_RCVD_HELO X-Spam-Check-By: apache.org Received-SPF: neutral (hermes.apache.org: local policy) Received: from mail2.kontent.de (HELO Mail2.KONTENT.De) (81.88.34.59) by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 11 Jan 2005 11:38:13 -0800 Received: from mail.michaeli-gymnasium.de (pD9E4D2FC.dip.t-dialin.net [217.228.210.252]) by Mail2.KONTENT.De (Postfix) with ESMTP id 6B9F5388002 for ; Tue, 11 Jan 2005 20:38:08 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail.michaeli-gymnasium.de (Postfix) with ESMTP id 13CC339F9A for ; Tue, 11 Jan 2005 20:38:07 +0100 (CET) Received: from mail.michaeli-gymnasium.de ([192.168.2.194]) by localhost (trinity [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03391-05 for ; Tue, 11 Jan 2005 20:38:01 +0100 (CET) Received: from MEDIONPC (trinity.michaeli-gymnasium.de [192.168.2.194]) by mail.michaeli-gymnasium.de (Postfix) with ESMTP id 6574A39F89 for ; Tue, 11 Jan 2005 20:38:00 +0100 (CET) Message-ID: <003c01c4f815$3e3922b0$0100a8c0@MEDIONPC> From: "Ralf Glauberman" To: References: <1105388481.8753.147.camel@kho.integrity-apps.com> <003f01c4f7d9$760aa6f0$0100a8c0@MEDIONPC> <1105456303.2788.8.camel@kho.integrity-apps.com> <001201c4f802$c56c7920$0100a8c0@MEDIONPC> <1105467855.2788.14.camel@kho.integrity-apps.com> Date: Tue, 11 Jan 2005 20:39:16 +0100 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-Virus-Scanned: by amavisd-new at michaeli-gymnasium.de X-Virus-Checked: Checked Subject: Re: [users@httpd] Does auth_ldap_module cache authentication info? X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N I can only say that it worked for me. as you can see at http://www.apache.org/dist/httpd/CHANGES_2.0, there were some ldap-related bugs also i couldn't find out more. ----- Original Message ----- From: "Khanh Ho" To: Sent: Tuesday, January 11, 2005 7:24 PM Subject: Re: [users@httpd] Does auth_ldap_module cache authentication info? > > we're using 2.0.48. Do you know for a fact that upgrading to 2.0.52 > fixes the problem? It's kinda a pain for me to upgrade. > > On Tue, 2005-01-11 at 12:27, Ralf Glauberman wrote: >> i really did have the same problem, just didn't remember. what version of >> apache do you have. there were a number of bugs in the ldap-modules. >> after >> updating from 2.0.47 to 2.0.52 i didn't have any further problems. >> ralf >> >> ----- Original Message ----- >> From: "Khanh Ho" >> To: >> Sent: Tuesday, January 11, 2005 4:11 PM >> Subject: Re: [users@httpd] Does auth_ldap_module cache authentication >> info? >> >> >> > >> > Checked the ldap-status URL and it indeed says there are no cache >> > entries. However the behavior is still the same. How can you tell if >> > the ldap server itself is caching the logins? Here's what the config >> > looks like: >> > >> > LDAPSharedCacheSize 200000 >> > LDAPCacheEntries 0 >> > LDAPCacheTTL 60 >> > LDAPOpCacheEntries 0 >> > LDAPOpCacheTTL 60 >> > >> > >> > SetHandler ldap-status >> > >> > >> > >> > DAV svn >> > SVNPATH /opt/repositories/applications >> > AuthzSVNAccessFile /opt/svn/etc/applications.policy >> > AuthAuthoritative off >> > AuthLDAPAuthoritative on >> > AuthType Basic >> > AuthName "Applications" >> > AuthLDAPEnabled on >> > AuthLDAPBindDN "cn=LDAP User,cn=Users,dc=integrityapps,dc=com" >> > AuthLDAPBindPassword "XXXXX" >> > AuthLDAPURL >> > ldap://virginia.integrity-apps.com:389/cn=Users,dc=integrityapps,dc=com?sAMAccountName?sub?(objectClass=user) >> > require valid-user >> > >> > >> > >> > On Tue, 2005-01-11 at 07:31, Ralf Glauberman wrote: >> >> I can only tell you that according to the documentation mod_ldap does >> >> only >> >> cache successfull authentications. this is what it is doing on my >> >> systems >> >> as >> >> well.perhaps you can give us your auth_ldap configuration? and what >> >> does >> >> http://localhost/ldap-status return, it should tell you everything you >> >> need >> >> about the current cache entries. >> >> Ralf >> >> >> >> ----- Original Message ----- >> >> From: "Khanh Ho" >> >> To: >> >> Sent: Monday, January 10, 2005 9:21 PM >> >> Subject: [users@httpd] Does auth_ldap_module cache authentication >> >> info? >> >> >> >> >> >> > Hi, >> >> > >> >> > I'm using Apache/2.0.48 as a server for my Subversion repository. >> >> > To >> >> > provide authentication, I'm using auth_ldap_module to talk to an >> >> > LDAP >> >> > server to authenticate the users. Everything seems to work right >> >> > until >> >> > someone enters a wrong password. After that, every subsequent login >> >> > would produce the following message in the error log: >> >> > >> >> > [Mon Jan 10 14:40:28 2005] [warn] [client 192.168.168.20] [3047] >> >> > auth_ldap authenticate: user kho authentication failed; URI >> >> > /apps/GeoSpectre/trunk [User not found][No such object] >> >> > >> >> > And the authentication process would seem to only work in a random >> >> > fashion after that. >> >> > >> >> > >> >> > My questions are: >> >> > >> >> > 1. Can anyone explain the above behavior? >> >> > 2. Does auth_ldap_module cache the client authentication info even >> >> > though the info is a failed attempt? >> >> > 3. If so how do I disable this? I tried to put this in the >> >> > httpd.conf >> >> > file but it doesn't seem to help: >> >> > >> >> > LDAPSharedCacheSize 200000 >> >> > LDAPCacheEntries 0 >> >> > LDAPCacheTTL 60 >> >> > LDAPOpCacheEntries 0 >> >> > LDAPOpCacheTTL 60 >> >> > >> >> > Thanks for any help. >> >> > >> >> > >> >> > --------------------------------------------------------------------- >> >> > The official User-To-User support forum of the Apache HTTP Server >> >> > Project. >> >> > See for more info. >> >> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> >> > " from the digest: users-digest-unsubscribe@httpd.apache.org >> >> > For additional commands, e-mail: users-help@httpd.apache.org >> >> > >> >> >> >> >> >> --------------------------------------------------------------------- >> >> The official User-To-User support forum of the Apache HTTP Server >> >> Project. >> >> See for more info. >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> >> " from the digest: users-digest-unsubscribe@httpd.apache.org >> >> For additional commands, e-mail: users-help@httpd.apache.org >> >> >> > >> > >> > --------------------------------------------------------------------- >> > The official User-To-User support forum of the Apache HTTP Server >> > Project. >> > See for more info. >> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> > " from the digest: users-digest-unsubscribe@httpd.apache.org >> > For additional commands, e-mail: users-help@httpd.apache.org >> > >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server >> Project. >> See for more info. >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> " from the digest: users-digest-unsubscribe@httpd.apache.org >> For additional commands, e-mail: users-help@httpd.apache.org >> > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org