Bug #294
closedLDAP authentication fails if LDAP server connection times out
Description
Active Directory (in Windows 2003 Server) disconnects LDAP clients after 15 minutes of inactivity. The LDAP authenticator in lighttpd binds when the lighttpd process starts, and if no one accesses the lighttpd server for more than 15 minutes (such as is the case with intranet servers overnight), the LDAP server disconnects and lighttpd denies all subsequent requests. The lighttpd process must be restarted in order to get authentication working again.
Ideally, lighttpd would determine if the LDAP connection was still valid, and re-connect if it wasn't. Another approach might be to have a setting in the lighttpd configuration that would cause lighttpd to disconnect itself from the LDAP server after a certain period of inactivity, and re-connect if it had previously disconnected itself.
-- melfstrand
Files
Updated by Anonymous over 18 years ago
I've run into the same problem. Can try the attached patch?
-- joerg
Updated by Anonymous over 18 years ago
The patch appears to work! I applied it to my copy of the 1.4.4 source. It compiled, installed, and has been running for a couple of hours so far, and I've let it run for over 15 minutes both at startup and between requests, and there has been no problem authenticating. Thank you!
-- melfstrand
Updated by Anonymous over 18 years ago
I should add that the patch contains another change. It disable the CA file check for starttls, I needed it because the admin of the LDAP server I have to use doesn't want to give it to me, but enforces SSL. It might be good to make it another option.
-- joerg
Updated by Anonymous over 18 years ago
I'm reattaching the patch without the starttls part (ticket 356).
-- joerg
Updated by jan over 18 years ago
- Status changed from New to Fixed
- Resolution set to fixed
applied in r818, will be part of 1.4.8, thanks for the patch.
Also available in: Atom