Bug #1090
closedmod_auth ldap fails after LDAP restart
Description
Error¶
A restart of the LDAP server without a restart of the lighttpd server causes the mod_auth ldap provider to fail
Systems to use¶
$OpenLDAP: slapd 2.2.13, lighttpd 1.4.13
Steps to create¶
1. Secure a page with ldap auth
2. Start openldap, then start lighttpd
3. Authenticate
4. Shutdown open ldap
5. Attempt to log in. You should receive the following error
2007-03-21 16:03:25: (mod_auth.c.624) ldap: Can't contact LDAP server 2007-03-21 16:03:25: (http_auth.c.860) password doesn't match for / tnine
6. Restart ldap
7. Attempt to log in. You should receive the following error. Note that lighttpd does not try to re-establish connection to the LDAP server
2007-03-21 16:03:47: (http_auth.c.759) ldap ... 2007-03-21 16:03:47: (http_auth.c.860) password doesn't match for / tnine
8. Restart lighttpd, the authorization now works.
-- todd.nine
Updated by Anonymous over 17 years ago
The LDAP backend is already trying to re-setup the connection. Are you using SSL for the connection? Otherwise try to find out why the auth_ldap_init fails.
-- joerg
Updated by joerg over 17 years ago
OK, I can get this without restart of the server. I'll try to find out where it comes from.
Updated by joerg over 17 years ago
Todd, are you using conditional evaluation in the lighttd.conf?
Updated by Anonymous about 17 years ago
Updated by stbuehler over 16 years ago
The filter is now build correctly; as long as you have all your ldap options (except filter) only in blocks where you set the hostname, reconnect should work without problems too.
And there should have been a error message after "ldap ..."; the source shows:
log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno));
Perhaps you could do a strace and see why the ldap connection fails.
Updated by stbuehler over 16 years ago
- Status changed from New to Fixed
- Resolution set to duplicate
Remaining problems should be fixed with #1066.
Also available in: Atom