DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21787>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21787 LDAP authentication failure does not recover properly ------- Additional Comments From [EMAIL PROTECTED] 2003-11-04 19:22 ------- I have also run across this same problem with mod_auth_ldap, where after an failed bind attempt, subsequent requests fail. In my Apache 2.0.47 test environments (Windows 2000, Redhat Linux 9, HP-UX 11i) this problem is repeatable when connecting to a Windows 2003 AD server, but I can't get the problem to occur when connecting to a Sun Directory Server 5.2. Rather than destroying the connection after a failed bind attempt, I wanted to keep the connection open to avoid the performance hit of reconnecting. So, after a failed user/password bind in util_ldap_cache_checkuserid, I simply mark the connection as unbound. $ diff util_ldap.c.orig util_ldap.c.new 884a885 > ldc->bound = 0; On the next call to util_ldap_connection_open, the existing code will notice that the connection is unbound, bind again as the BindDN user, and return a properly bound connection. I agree with Bradley that only the binddn+bindpw should be used for initial searches. However, rather than actually destroying user-bound connections, I prefer to simply mark the connection as unbound after any user-specific bind operation. This avoids the overhead of establishing a new socket connections for every login. Ben Kibler --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
