Hi,
I'm experiencing a problem that I think might be related to
mod_authnz_ldap.
I have a virtualhost configured with the following:
ProxyPass /jobs/ http://backend.domain.co.uk/public/jobs/admin/
<Location /jobs/>
AuthType basic
AuthName "Jobs Administration"
AuthBasicProvider ldap
AuthLDAPURL
"ldap://ldap.domain.co.uk:389/o=domain?uid?sub?(objectClass=inetOrgPerson)"
AuthzLDAPAuthoritative on
Require ldap-user username
RequestHeader unset Authorization
</Location>
LogLevel debug
</VirtualHost>
Access generally works but occasionally returns a proxy error with a
reason of 'Error reading from remote server' however a packet capture
shows that Apache didn't even try to establish a connection to
backend.domain.co.uk.
I've upped the logging level to debug and the following is what's logged:
[Mon Feb 04 11:06:54 2008] [debug] mod_authnz_ldap.c(373): [client
192.168.1.1] [28349] auth_ldap authenticate: using URL
ldap://ldap.domain.co.uk:389/o=domain?uid?sub?(objectClass=inetOrgPerson),
referer: http://admin.domain.co.uk/jobs/updated.asp
[Mon Feb 04 11:06:54 2008] [debug] mod_authnz_ldap.c(454): [client
192.168.1.1] [28349] auth_ldap authenticate: accepting username,
referer: http://admin.domain.co.uk/jobs/updated.asp
[Mon Feb 04 11:06:54 2008] [debug] mod_authnz_ldap.c(611): [client
192.168.1.1] [28349] auth_ldap authorise: require user: authorisation
successful, referer: http://admin.domain.co.uk/jobs/updated.asp
[Mon Feb 04 11:06:54 2008] [debug] mod_proxy_http.c(54): proxy: HTTP:
canonicalising URL //backend.domain.co.uk/public/jobs/admin/index.asp
[Mon Feb 04 11:06:54 2008] [debug] proxy_util.c(1335): [client
192.168.1.1] proxy: http: found worker
http://backend.domain.co.uk/public/jobs/admin/ for
http://backend.domain.co.uk/public/jobs/admin/index.asp, referer:
http://admin.domain.co.uk/jobs/updated.asp
[Mon Feb 04 11:06:54 2008] [debug] mod_proxy.c(756): Running scheme http
handler (attempt 0)
[Mon Feb 04 11:06:54 2008] [debug] mod_proxy_http.c(1662): proxy: HTTP:
serving URL http://backend.domain.co.uk/public/jobs/admin/index.asp
[Mon Feb 04 11:06:54 2008] [debug] proxy_util.c(1755): proxy: HTTP: has
acquired connection for (backend.domain.co.uk)
[Mon Feb 04 11:06:54 2008] [debug] proxy_util.c(1815): proxy: connecting
http://backend.domain.co.uk/public/jobs/admin/index.asp to
backend.domain.co.uk:80
[Mon Feb 04 11:06:54 2008] [debug] proxy_util.c(1908): proxy: connected
/public/jobs/admin/index.asp to backend.domain.co.uk:80
[Mon Feb 04 11:06:54 2008] [debug] proxy_util.c(2098): proxy: HTTP:
connection complete to 192.168.1.2:80 (backend.domain.co.uk)
[Mon Feb 04 11:06:54 2008] [info] [client 192.168.1.2] (32)Broken pipe:
core_output_filter: writing data to the network
[Mon Feb 04 11:06:54 2008] [error] [client 192.168.1.1] proxy: error
reading status line from remote server backend.domain.co.uk, referer:
http://admin.domain.co.uk/jobs/updated.asp
[Mon Feb 04 11:06:54 2008] [error] [client 192.168.1.1] proxy: Error
reading from remote server returned by /jobs/index.asp, referer:
http://admin.domain.co.uk/jobs/updated.asp
[Mon Feb 04 11:06:54 2008] [debug] proxy_util.c(1773): proxy: HTTP: has
released connection for (backend.domain.co.uk)
It seems to imply that the connection to the backend server failed
although no packets are ever sent to that server! The packet capture
shows that the 502 is returned to the client 434 micro-seconds after the
ldap call returned a success!
I have another virtual host configured on the same server, with an
almost identical configuration except that it has no authentication
configured. This site has procesed thousands of requests this morning
and not one error! Whereas the troublesome site has returned 35 errors
out of 443 requests!
Going directly to the backend server works all the time!
One other difference that I've just thought of with this backend server
is that it has two IP addresses (for historical reasons). Is that known
to cause any problems?
I'm currently running CentOS 5 with Apache 2.2.3 (including all the
patches that RedHat have backported).
Any advice on this problem would be very much appreciated.
Many thanks in advance,
Neil.
--
Neil Hillard [EMAIL PROTECTED]
AgustaWestland http://www.whl.co.uk/
Disclaimer: This message does not necessarily reflect the
views of Westland Helicopters Ltd.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
