Public bug reported:
Here's the deal :
System : Ubuntu 8.04 Hardy
Linux Kernel OpenVZ 2.6.24-19.41
Apache 2.2.8-1ubuntu0.3 using the LDAP module for authentication.
LDAP server (slapd) 2.4.9-0ubuntu0.8.04.1 using TLS.
The bug :
Apache configuration for a specific location for LDAP Auth :
This example is taken from the SVN server. But this bug also happen on my
Nagios server and all other servers that use mod_ldap of Apache.
Location /svn/Config
DAV svn
SVNPath /var/svn/Config
AuthName SVN Repository
AuthType Basic
Require user svnadmin
AuthBasicProvider file ldap
AuthzLDAPAuthoritative off
AuthUserFile /etc/subversion/svn-auth/users
AuthLDAPURL ldaps://LDAP_SERVER:636/dc=MY_DC,dc=com
AuthLDAPBindDN SOME_DN
AuthLDAPBindPassword SOMETHING
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-attribute gidNumber=1004
Require ldap-group SOME_CN
#Satisfy any
/Location
Here where it gets interesting. We start Apache and it works very fine!
Authentication is working good and everything is fine. After a while,
authentication failed to work and I'm stuck with a 500 Internal Server
Error. Here is the ssl-error Apache log error message :
[Wed Dec 10 11:01:42 2008] [warn] [client 192.168.1.1] [382] auth_ldap
authenticate: user foo authentication failed; URI /svn/Config/ [LDAP:
ldap_simple_bind_s() failed][Can't contact LDAP server]
But the LDAP server is up and running good. From the server (svn
server), I can make successful ldap_search and I'm right now using LDAP
for ssh auth so there should not be a problem with contacting the LDAP
server. Here's on the LDAP server side :
Dec 10 11:01:42 ldap slapd[19479]: conn=20 fd=27 ACCEPT from
IP=192.168.1.31:40521 (IP=0.0.0.0:636)
Dec 10 11:01:42 ldap slapd[19479]: conn=20 fd=27 TLS established tls_ssf=32
ssf=32
Dec 10 11:01:42 ldap slapd[19479]: conn=20 fd=27 closed (connection lost)
According to the source code, mod_ldap of Apache tries 10 times to
authenticate the user and then return error. The previous message happen
indeed 10 times in my log.
At this point, if I reload or restart Apache, it will fix the problem
for a short while. So they might be various problems on persistent
connection and/or simple bind.
Thanks to all
** Affects: apache2 (Ubuntu)
Importance: Undecided
Status: New
--
LDAP Authentication problem : ldap_simple_bind_s() failed
https://bugs.launchpad.net/bugs/306897
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
