https://bz.apache.org/bugzilla/show_bug.cgi?id=62448
Bug ID: 62448
Summary: Sometimes auth_ldap failed with "User not found",
restart works
Product: Apache httpd-2
Version: 2.4.6
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_authnz_ldap
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
[Basic Info]
mod_ldap version: 2.4.6
OS: CentOS Linux release 7.3.1611
LDAP related config in httpd conf:
```
Include conf.modules.d/*.conf
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LDAPVerifyServerCert Off
<Directory /import/home/sqlrpt/reports>
Options Indexes ExecCGI FollowSymlinks
Order deny,allow
Deny from All
AuthType Basic
AuthName "Login with user id and prod pwd"
AuthBasicProvider ldap
AuthLDAPURL
"ldaps://ldap.vip/...(&(objectClass=posixAccount)(memberOf=cn=...,*))"
AuthLDAPBindDN "xxx"
AuthLDAPBindPassword pwd
Require valid-user
Satisfy any
</Directory>
```
[Problem detail]
Recently I've enabled ldap auth in Apache Httpd. It works well, but I found one
problem:
1.When httpd restarted, the LDAP auth works well with below logs:
```
mod_authnz_ldap.c(501): [client xxx:6118] AH01691: auth_ldap authenticate:
using URL ldaps://ldap.vip/...(memberOf=cn=...,*))
mod_authnz_ldap.c(593): [client xxx:6118] AH01697: auth_ldap authenticate:
accepting mizeng
mod_authz_core.c(809): [client xxx:6118] AH01626: authorization result of
Require valid-user : granted
```
2.However after some time, when I try to view the same page, it pop up a window
for login again. I can not pass auth with lots of times' retry. It shows user
not found with below logs:
```
mod_authnz_ldap.c(501): [client xxx:37460] AH01691: auth_ldap authenticate:
using URL ldaps://ldap.vip/...(&(objectClass=posixAccount)(memberOf=cn=...,*))
[authnz_ldap:info] [pid 4868] [client xxx:37460] AH01695: auth_ldap
authenticate: user mizeng authentication failed; URI /reports/ [User not
found][No such object]
[auth_basic:error] [pid 4868] [client 10.91.34.152:37460] AH01618: user mizeng
not found: /reports/
```
3.I've no idea, just restart httpd, then it works well. But some time later,
the same problem will occur.
I've checked source code in
(https://github.com/apache/httpd/blob/2.4.x/modules/aaa/mod_authnz_ldap.c),
seems the code is not matches the log above (say, line 501, I can not find this
log).
Could anyone help on this?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
