httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <izumi...@nttdata-bizsys.co.jp>
Subject [users@httpd] Apache httpd to establish authentication through ActiveDirectory sometimes falls into "Internal Server Error"
Date Tue, 10 Jan 2012 10:02:14 GMT
Hi,everyone.

I'm using Apache httpd 2.2.16 on Windows Server 2008 R2.

Now,I have set up Apache httpd configuration that establish authentication
through ActiveDirectory by mod_authnz_ldap and mod_ldap.

But,sometimes I encounter "Internal Server Error" from Apache httpd.
And, sometimes ActiveDirectory reply "operation error".

I am in trouble because of I can not find a cause.
Please teach me what is wrong.

There are two ActiveDirectory Domain controller,those are replicating each other.
Those domain controller server machines's OS is WindowsServer2008 R2.

Those domain controller server machines's OS formerly was Windows server 2003.
I had not encountered "Internal Server Error" at that time.
I had migrated ActiveDirectory configuration
from Windows server 2003 machines to WindowsServer2008 R2 machines,
I encounter "Internal Server Error".

Is the cause of this error ActiveDirectory configuration ?
Now,I can not find a cause of error yet.

That details of error is below.

--- environment ---
Current domain controller name(WindowsServer2008 R2)
 AD01
 AD02

--- Phenomenon ---
1.Client machine tries to login to web site provided by Apache httpd.

2.Apache httpd tries to bind to ActiveDirectory domain controller and to search user.

3.ActiveDirectory gives Apache httpd results of search for user and designation of referring
to domain.
  Details of designation of referring to domain is below.
   ・DomainDNSZones
   ・ForestDNSZones
   ・CN=Configration xxx.xxx.co.jp
   ・TAPI3Directory.xxx.co.jp

4.Apache httpd tries to bind and search about the above four referent.
  If all of ldap searchRequest reply is "operation error",
  Apache httpd falls into "Internal Server Error" as the result of final authentication.

---Inference---
Probably,if one of the above four referent(at Phase 3 of Phenomenon) is success,
Apache httpd doesn't fall into "Internal Server Error",
because at least when "CN=Configration xxx.xxx.co.jp" reference is success,
Apache httpd doesn't fall into "Internal Server Error".


---Reference information---
In the case of the following conditions,"operation error" occurs.

When the access place of a domain is not found in the DNS cache (it exists on the memory of
a machine.) by the side of an Apache server,
Apache server asks DNS server about the information of every domain controllers by DNS SRV.

Then, if Apache server accesses other domain controller that is different from "Phase 2 of
Phenomenon",
"operation error" occurs.

Now,the result of the inquiry of DNS SRV includes the information on AD01, AD02.
So, Probability to access to each domain controller is 50% because priority and weight of
SRV record are same each other.



Sorry to trouble you. Thank you for taking care of it.

-- 
=============================
Masato Izumiya
izumiyam@nttdata-bizsys.co.jp


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message