[Bug 306897] Re: LDAP Authentication problem : ldap_simple_bind_s() failed

Wed, 17 Dec 2008 09:56:07 -0800 

I had the same problem as originally posted.  I am running a Subversion server 
in an OpenVZ container (2.6.24-21-openvz) with latest updates to libgnutls13.  
My Subversion server also authenticates using LDAP SSL.  Initially, 
authentication would work correctly but then after a period of time it would 
start failing with errors like the following showing up in the Apache logs:
    [Fri Dec 12 17:17:14 2008] [warn] [client XXX.XXX.XXX.XXX] [17128] 
auth_ldap authenticate: user XXX authentication failed; URI /svn/project [LDAP: 
ldap_simple_bind_s() failed][Can't contact LDAP server]

Once LDAP authentication began failing, it required a reboot of the
Apache service to function normally again.

Reverting to a previous libgnutls13 (2.0.4-1ubuntu2 instead of 
2.0.4-1ubuntu2.3) seemed to correct the problem.  But I still saw unusual 
messages like:
    [Wed Dec 17 09:41:53 2008] [warn] [client XXX.XXX.XXX.XXX] [9506] auth_ldap 
authenticate: user XXX authentication failed; URI /svn/project [LDAP: 
ldap_simple_bind_s() failed][Can't contact LDAP server]
when invalid credentials were supplied.

I noticed this post:
    
http://the.unwashedmeme.com/blog/2008/08/08/mod_ldap-ldapverifyservercert-simple-bind-failed/
and decided to try disabling LDAP server verification in the Apache 
configuration (default is enabled):
    LDAPVerifyServerCert Off

That seems to have corrected the problem for me.  I am now up to the
current version of libgnutls13, LDAP authentication works, and I don't
see "Can't contact LDAP server" messages in my logs any more.

So, perhaps the original problem is due to there being something wrong
with the LDAP server certificates (e.g., the file is missing, the
permissions are incorrect, etc.).

Hope that's of some help!

Steve

-- 
LDAP Authentication problem : ldap_simple_bind_s() failed
https://bugs.launchpad.net/bugs/306897
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Reply via email to