Bug #2345
closedLDAP authentication problem
Description
We are using on our servers lighttpd version 1.4.24 and mod_auth with LDAP backend. In standard situation all works correct: user receive Basic Auth message, enter login / password and login. After this user visit site pages without new Basic Auth messages.
Problem is: When there is high-load on system, lighttpd server sends re-auth requests for some users. In this time I can see in lighttpd error log next messages:
2011-09-15 03:25:06: (http_auth.c.816) ldap: Can't contact LDAP server
2011-09-15 03:25:06: (http_auth.c.880) password doesn't match for /http-bind/ admin , IP: 192.168.1.16
2011-09-15 04:41:07: (http_auth.c.816) ldap: Can't contact LDAP server
2011-09-15 04:41:07: (http_auth.c.880) password doesn't match for /http-bind/ user194 , IP: 192.168.1.15
2011-09-15 06:14:27: (http_auth.c.816) ldap: Can't contact LDAP server
2011-09-15 06:14:27: (http_auth.c.880) password doesn't match for /http-bind/ user199 , IP: 192.168.1.15
2011-09-15 09:29:53: (http_auth.c.816) ldap: Can't contact LDAP server
2011-09-15 09:29:53: (http_auth.c.880) password doesn't match for /http-bind/ admin , IP: 192.168.1.16
2011-09-15 09:55:06: (http_auth.c.771) ldap ...
2011-09-15 09:55:06: (http_auth.c.880) password doesn't match for /http-bind/ Artyom , IP: 192.168.1.16
2011-09-15 09:55:14: (http_auth.c.771) ldap ...
2011-09-15 09:55:14: (http_auth.c.880) password doesn't match for /http-bind/ Artyom , IP: 192.168.1.16
2011-09-15 09:55:21: (http_auth.c.816) ldap: Invalid credentials
2011-09-15 09:55:21: (http_auth.c.880) password doesn't match for /http-bind/ admin , IP: 192.168.1.16
BUT after 1-2 sec all works ok.
I've tried to make a dump of traffic on LDAP port. While lighttpd shows error no requests are sent to LDAP server but it is for sure online in this time because we monitor every restart or downtime of services.
Updated by gstrauss over 8 years ago
- Related to Bug #2464: patch for intermittent ldap failures added
Updated by gstrauss over 8 years ago
- Category set to mod_auth
- Status changed from New to Fixed
- Target version set to 1.4.40
Fixed in r3108. Same issue as #2464.
Also available in: Atom