httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Dutton <>
Subject Re: [users@httpd] Apache-2.2 with LDAP authentication keeps spinning after authentication completes
Date Tue, 03 May 2016 20:40:33 GMT
The persistent LDAP connection between Apache/mod_authnz_ldap and OpenLDAP is
not an LDAP nor OpenLDAP error. Debug logging has confirmed this.

It appears that Apache(v2.2)/mod_authnz_ldap establishes and maintains a
persistent network connection to the designated LDAP server. Documentation for
mod_ldap mentions "connection pooling" and "results caching".

The situation has been verified by the following:

1) start Apache with AuthLDAP directives; start web application;do LDAP
authentication; network connection to LDAP server is established; terminate web
browser; LDAP connection is still ESTABLISHED and appears to "never" timeout or
close; during this time the web browser maintains a "read/transmitting" state

stop Apache (httpd) or the LDAP server and the LDAP connection is dropped

2) start Apache withOUT AuthLDAP; start web application; NO initial LDAP
authentication; no network connection to the LDAP server; perform a function
within the web application that at that point invokes LDAP authentication via
PHP; network connection ESTABLISHED to the LDAP server; LDAP authentication
completes; network connection to the LDAP server is closed; browser status is

On 05/03/2016 06:56, Luca Toscano wrote:
> 2016-05-03 1:22 GMT+02:00 J.D. <
> <>>:
>     Centos-6.6+seLinux, Apache-2.2, OpenLDAP-2.4.40, OpenSSL-1.0.1e-fips
>     Using the following sample Directory block, the Apache LDAP authentication works
>     just fine, but when the web page is displayed - the activity spinner is spinning
>     and the status bar shows "Read <hostname>". Without the Apache LDAP
>     authentication, neither of the above symptoms appear/occur. It is almost like
>     something doesn't complete/finish, but I cannot determine what causes this.
>     There are no messages in the HTTPD error logs relative to this situation.
>     <Directory "/var/www/html/directory/">
>       SSLRequireSSL
>       AllowOverride None
>       Allow from
>       Allow from localhost
>       Allow from <>
>     # uncomment following line to force all frontend access
>     # to require userid/password authentication via LDAP
>       include conf/WebFrontendApacheAuthentication.conf
>     </Directory>
>     WebFrontendApacheAuthentication.conf
>     ===============================
>     AuthType basic
>     AuthName "realm"
>     AuthBasicProvider ldap
>     AuthLDAPURL ldaps://vbox-realm.vboxnet/dc=realm?uid?sub?(ObjectClass=*)
>     Require ldap-group cn=WebAccess,dc=realm
>     ===============================
> Not an expert about LDAP auth with httpd but I would try to increase the
> LogLevel ( to get more
> info from the logs about what mod_auth_ldap is doing.
> Hope that helps!
> Luca 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message