Re: [users@httpd] Apache-2.2 with LDAP authentication keeps spinning after authentication completes

Tue, 03 May 2016 14:47:35 -0700 

Another interesting observation: web browser (Firefox) continues to show
activity spinner and "read <hostname>" status (with AuthLDAP active at web
application initiation) even after the LDAP authentication is completed, the
OpenLDAP server is stopped, and the LDAP network connection is dropped. I can't
see activity status with the Opera browser, but the LDAP network connection
remains ESTABLISHED after terminating that web browser.

This appears to be an Apache(2.2) issue. Nothing in the Apache (HTTPD) log 
files.



On 05/03/2016 06:56, Luca Toscano wrote:
> 
> 
> 2016-05-03 1:22 GMT+02:00 J.D. <randomnoise...@gmail.com
> <mailto:randomnoise...@gmail.com>>:
> 
>     Centos-6.6+seLinux, Apache-2.2, OpenLDAP-2.4.40, OpenSSL-1.0.1e-fips
> 
>     Using the following sample Directory block, the Apache LDAP 
> authentication works
>     just fine, but when the web page is displayed - the activity spinner is 
> spinning
>     and the status bar shows "Read <hostname>". Without the Apache LDAP
>     authentication, neither of the above symptoms appear/occur. It is almost 
> like
>     something doesn't complete/finish, but I cannot determine what causes 
> this.
>     There are no messages in the HTTPD error logs relative to this situation.
> 
> 
>     <Directory "/var/www/html/directory/">
>       SSLRequireSSL
>       AllowOverride None
>       Allow from 127.0.0.1
>       Allow from localhost
>       Allow from 192.168.56.0/24 <http://192.168.56.0/24>
>     # uncomment following line to force all frontend access
>     # to require userid/password authentication via LDAP
>       include conf/WebFrontendApacheAuthentication.conf
>     </Directory>
> 
> 
>     WebFrontendApacheAuthentication.conf
>     ===============================
>     AuthType basic
>     AuthName "realm"
>     AuthBasicProvider ldap
>     AuthLDAPURL ldaps://vbox-realm.vboxnet/dc=realm?uid?sub?(ObjectClass=*)
>     Require ldap-group cn=WebAccess,dc=realm
>     ===============================
> 
> 
> Not an expert about LDAP auth with httpd but I would try to increase the
> LogLevel (https://httpd.apache.org/docs/2.2/mod/core.html#loglevel) to get 
> more
> info from the logs about what mod_auth_ldap is doing.
> 
> Hope that helps!
> 
> Luca 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to