[Bug 306897] [NEW] LDAP Authentication problem : ldap_simple_bind_s() failed

Wed, 10 Dec 2008 08:35:55 -0800 

Public bug reported:

Here's the deal : 
System : Ubuntu 8.04 Hardy
Linux Kernel OpenVZ 2.6.24-19.41 
Apache 2.2.8-1ubuntu0.3 using the LDAP module for authentication.
LDAP server (slapd) 2.4.9-0ubuntu0.8.04.1 using TLS.

The bug :
Apache configuration for a specific location for LDAP Auth :
This example is taken from the SVN server. But this bug also happen on my 
Nagios server and all other servers that use mod_ldap of Apache.

<Location /svn/Config>

    DAV svn
    SVNPath /var/svn/Config

    AuthName "SVN Repository"
    AuthType Basic
    Require user svnadmin

    AuthBasicProvider file ldap
    AuthzLDAPAuthoritative off

    AuthUserFile /etc/subversion/svn-auth/users

    AuthLDAPURL ldaps://LDAP_SERVER:636/dc=MY_DC,dc=com
    AuthLDAPBindDN "SOME_DN"
    AuthLDAPBindPassword "SOMETHING"
    AuthLDAPGroupAttribute memberUid
    AuthLDAPGroupAttributeIsDN off

    Require ldap-attribute gidNumber=1004

    Require ldap-group SOME_CN
    
    #Satisfy any
</Location>

Here where it gets interesting. We start Apache and it works very fine!
Authentication is working good and everything is fine. After a while,
authentication failed to work and I'm stuck with a 500 Internal Server
Error. Here is the ssl-error Apache log error message :

[Wed Dec 10 11:01:42 2008] [warn] [client 192.168.1.1] [382] auth_ldap
authenticate: user foo authentication failed; URI /svn/Config/ [LDAP:
ldap_simple_bind_s() failed][Can't contact LDAP server]

But the LDAP server is up and running good. From the server (svn
server), I can make successful ldap_search and I'm right now using LDAP
for ssh auth so there should not be a problem with contacting the LDAP
server. Here's on the LDAP server side :

Dec 10 11:01:42 ldap slapd[19479]: conn=20 fd=27 ACCEPT from 
IP=192.168.1.31:40521 (IP=0.0.0.0:636) 
Dec 10 11:01:42 ldap slapd[19479]: conn=20 fd=27 TLS established tls_ssf=32 
ssf=32 
Dec 10 11:01:42 ldap slapd[19479]: conn=20 fd=27 closed (connection lost) 

According to the source code, mod_ldap of Apache tries 10 times to
authenticate the user and then return error. The previous message happen
indeed 10 times in my log.

At this point, if I reload or restart Apache, it will fix the problem
for a short while. So they might be various problems on persistent
connection and/or simple bind.

Thanks to all

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
LDAP Authentication problem : ldap_simple_bind_s() failed
https://bugs.launchpad.net/bugs/306897
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to