Project

General

Profile

Bug #1090

mod_auth ldap fails after LDAP restart

Added by Anonymous over 12 years ago. Updated about 11 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
mod_auth
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

Error

A restart of the LDAP server without a restart of the lighttpd server causes the mod_auth ldap provider to fail

Systems to use

$OpenLDAP: slapd 2.2.13, lighttpd 1.4.13

Steps to create

1. Secure a page with ldap auth

2. Start openldap, then start lighttpd

3. Authenticate

4. Shutdown open ldap

5. Attempt to log in. You should receive the following error


2007-03-21 16:03:25: (mod_auth.c.624) ldap: Can't contact LDAP server 
2007-03-21 16:03:25: (http_auth.c.860) password doesn't match for / tnine

6. Restart ldap

7. Attempt to log in. You should receive the following error. Note that lighttpd does not try to re-establish connection to the LDAP server


2007-03-21 16:03:47: (http_auth.c.759) ldap ...
2007-03-21 16:03:47: (http_auth.c.860) password doesn't match for / tnine

8. Restart lighttpd, the authorization now works.

-- todd.nine

History

#1

Updated by Anonymous about 12 years ago

The LDAP backend is already trying to re-setup the connection. Are you using SSL for the connection? Otherwise try to find out why the auth_ldap_init fails.

-- joerg

#2

Updated by joerg about 12 years ago

OK, I can get this without restart of the server. I'll try to find out where it comes from.

#3

Updated by joerg about 12 years ago

Todd, are you using conditional evaluation in the lighttd.conf?

#4

Updated by Anonymous almost 12 years ago

The cause for this is probably the same as for bugs #529 and #1096.

#5

Updated by stbuehler about 11 years ago

The filter is now build correctly; as long as you have all your ldap options (except filter) only in blocks where you set the hostname, reconnect should work without problems too.

And there should have been a error message after "ldap ..."; the source shows:


log_error_write(srv, __FILE__, __LINE__, "ss", "ldap ...", strerror(errno));

Perhaps you could do a strace and see why the ldap connection fails.

#6

Updated by stbuehler about 11 years ago

  • Status changed from New to Fixed
  • Resolution set to duplicate

Remaining problems should be fixed with #1066.

Also available in: Atom