Project

General

Profile

Actions

Feature #2294

closed

add ldap referrals support

Added by MDF almost 14 years ago. Updated 11 months ago.

Status:
Fixed
Priority:
Normal
Category:
mod_auth
Target version:
-
ASK QUESTIONS IN Forums:
No

Description

For AD ldap_search_s has failed with Operation error. For resolve this problem need set LDAP_OPT_REFERRALS to off.

May be this case need set by config? I don't know.


Files

ldap.patch (613 Bytes) ldap.patch MDF, 2011-02-03 15:58
mod_auth.patch (947 Bytes) mod_auth.patch dridri, 2011-04-06 13:28

Related issues 2 (0 open2 closed)

Related to Bug #2846: LDAP authentication vs. AD: problems with referrals Fixed2017-12-07Actions
Related to Bug #2464: patch for intermittent ldap failuresFixed2012-12-19Actions
Actions #1

Updated by kace over 13 years ago

Has anyone verified this patch yet? I would like to give it a try, but I'm not really in a testing environment. Thanks.

Actions #2

Updated by dridri over 13 years ago

it didn't worked for me, no idea why exactly.
The issue i observed was that ldap_search_s was chasing referrals by binding anonymously (and my AD server doesn't allow it)

If it's any help: i used ldap_set_rebind_proc to force openldap to re-bind with ldap_simple_bind_s (and the correct binddn/bindpw), for thoses interested, i attached the patch i did even if i'm unsure it is bugless.

Actions #3

Updated by stbuehler over 13 years ago

  • Subject changed from ldap auth failed for Active Directory to add ldap referrals support
  • Target version changed from 1.4.29 to 1.4.x
Actions #4

Updated by gstrauss over 8 years ago

  • Status changed from Patch Pending to Need Feedback

There are two patches here. Is there anyone else who can confirm that one or both of these patches work?

The second patch, using ldap_set_rebind_proc() appears to be the better idea.

The first patch, to disable LDAP_OPT_REFERRALS might not be needed if ldap_set_rebind_proc() solution works. If it doesn't, then disabling LDAP_OPT_REFERRALS should be a config option.

Either way, this ticket needs some feedback from people actively using lighttpd with LDAP to make sure we get this right. Please post if either of these patches work for you. Thanks.

Actions #5

Updated by gstrauss over 8 years ago

  • Tracker changed from Bug to Feature

Changing to feature request. Still requires feedback.

Tangentially related ticket https://redmine.lighttpd.net/issues/2464 "patch for intermittent ldap failures" might reduce the occurrence of the errors here, too.

Actions #6

Updated by gstrauss over 8 years ago

  • Status changed from Need Feedback to Missing Feedback
Actions #7

Updated by stbuehler over 8 years ago

  • Target version deleted (1.4.x)
Actions #8

Updated by gstrauss almost 7 years ago

  • Related to Bug #2846: LDAP authentication vs. AD: problems with referrals added
Actions #9

Updated by gstrauss 11 months ago

  • Status changed from Missing Feedback to Fixed
  • ASK QUESTIONS IN Forums set to No

Fixed in lighttpd 1.4.49 in #2846

Actions #10

Updated by gstrauss 11 months ago

  • Related to Bug #2464: patch for intermittent ldap failures added
Actions

Also available in: Atom