httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "intel inside" <i...@hotmail.com>
Subject [users@httpd] Help please with LDAP cache not working on https virtualhost
Date Mon, 28 Feb 2005 17:49:23 GMT
Hi,

I am quite new to using LDAP. I have a Debian Linux machine running Apache 
v2.0.52. I have two virtual hosts, one for http port 80 and the other for 
https port 443. I have configured the secure site to authenticate access via 
a LDAP server via stunnel. This is working but I am finding that every 
single page access involves further authentication communication to the LDAP 
server via the stunnel. So in other words the LDAP information does not 
appear to be caching correctly. This means that pages are taking about 3 
seconds to load rather than almost instantaneous via unauthenticated access.

When I try to view the https ldap-status page all I get is a page with the 
title "LDAP Cache Information" but no actual cache information. However if I 
try to access the http ldap-status page I get to see the number of entries 
in the cache along with the number of hits.

So I'm looking for some clues to help me understand and fix the https LDAP 
cache.

Can anyone help please?

Cheers,
Mark

Here's better details of my setup:

In /etc/apache2/sites-enabled I have two configurations:
	default - my http port 80 server
	ssl	- my https port 443 server

In my ssl site configuration I have:

    <IfModule util_ldap.c>
        LDAPSharedCacheSize 200000
        LDAPCacheEntries 1024
        LDAPCacheTTL 600
        LDAPOpCacheEntries 1024
        LDAPOpCacheTTL 600
        <Location /ldap-status>
            SetHandler ldap-status
            AuthType basic
            AuthName IBM
            Order deny,allow
            Allow from all
            <IfModule mod_auth_ldap.c>
                AuthLDAPEnabled on
                AuthLDAPURL 
ldap://127.0.0.1:636/ou=ldapserver,o=mydomain.com?mail?sub?(objectclass=person)
                AuthLDAPAuthoritative on
                require valid-user
            </IfModule>
        </Location>
    </IfModule>


I also put the above block in /etc/apache2/httpd.conf which enabled me to 
see the LDAP cache working fine on the standard http port 80 webserver.


P.S. I hope this comes through in plain text. My apologies if it doesn't. I 
will try harder if I find I've made a mistake.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message