git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 62448] New: Sometimes auth_ldap failed with "User not found", restart works


https://bz.apache.org/bugzilla/show_bug.cgi?id=62448

            Bug ID: 62448
           Summary: Sometimes auth_ldap failed with "User not found",
                    restart works
           Product: Apache httpd-2
           Version: 2.4.6
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authnz_ldap
          Assignee: bugs@xxxxxxxxxxxxxxxx
          Reporter: mizeng@xxxxxxxx
  Target Milestone: ---

[Basic Info]
mod_ldap version: 2.4.6
OS: CentOS Linux release 7.3.1611
LDAP related config in httpd conf:
```
Include conf.modules.d/*.conf
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

LDAPVerifyServerCert Off

<Directory /import/home/sqlrpt/reports>
    Options Indexes ExecCGI FollowSymlinks
    Order deny,allow
    Deny from All
    AuthType Basic
    AuthName "Login with user id and prod pwd"
    AuthBasicProvider ldap
    AuthLDAPURL
"ldaps://ldap.vip/...(&(objectClass=posixAccount)(memberOf=cn=...,*))"
    AuthLDAPBindDN "xxx"
    AuthLDAPBindPassword pwd
    Require valid-user
    Satisfy any
</Directory>
```

[Problem detail]
Recently I've enabled ldap auth in Apache Httpd. It works well, but I found one
problem:

1.When httpd restarted, the LDAP auth works well with below logs:
```
mod_authnz_ldap.c(501): [client xxx:6118] AH01691: auth_ldap authenticate:
using URL ldaps://ldap.vip/...(memberOf=cn=...,*))
mod_authnz_ldap.c(593): [client xxx:6118] AH01697: auth_ldap authenticate:
accepting mizeng
mod_authz_core.c(809): [client xxx:6118] AH01626: authorization result of
Require valid-user : granted
```

2.However after some time, when I try to view the same page, it pop up a window
for login again. I can not pass auth with lots of times' retry. It shows user
not found with below logs:
```
mod_authnz_ldap.c(501): [client xxx:37460] AH01691: auth_ldap authenticate:
using URL ldaps://ldap.vip/...(&(objectClass=posixAccount)(memberOf=cn=...,*))
[authnz_ldap:info] [pid 4868] [client xxx:37460] AH01695: auth_ldap
authenticate: user mizeng authentication failed; URI /reports/ [User not
found][No such object]
[auth_basic:error] [pid 4868] [client 10.91.34.152:37460] AH01618: user mizeng
not found: /reports/
```

3.I've no idea, just restart httpd, then it works well. But some time later,
the same problem will occur.

I've checked source code in
(https://github.com/apache/httpd/blob/2.4.x/modules/aaa/mod_authnz_ldap.c),
seems the code is not matches the log above (say, line 501, I can not find this
log).
Could anyone help on this?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx




( ! ) Warning: include(msgfooter.php): failed to open stream: No such file or directory in /var/www/git/apache2-bugs/msg02874.html on line 156
Call Stack
#TimeMemoryFunctionLocation
10.0007368632{main}( ).../msg02874.html:0

( ! ) Warning: include(): Failed opening 'msgfooter.php' for inclusion (include_path='.:/var/www/git') in /var/www/git/apache2-bugs/msg02874.html on line 156
Call Stack
#TimeMemoryFunctionLocation
10.0007368632{main}( ).../msg02874.html:0