httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Dutton <randomnoise...@gmail.com>
Subject Re: [users@httpd] Apache-2.2 with LDAP authentication keeps spinning after authentication completes
Date Tue, 03 May 2016 21:46:30 GMT
Another interesting observation: web browser (Firefox) continues to show
activity spinner and "read <hostname>" status (with AuthLDAP active at web
application initiation) even after the LDAP authentication is completed, the
OpenLDAP server is stopped, and the LDAP network connection is dropped. I can't
see activity status with the Opera browser, but the LDAP network connection
remains ESTABLISHED after terminating that web browser.

This appears to be an Apache(2.2) issue. Nothing in the Apache (HTTPD) log files.



On 05/03/2016 06:56, Luca Toscano wrote:
> 
> 
> 2016-05-03 1:22 GMT+02:00 J.D. <randomnoise058@gmail.com
> <mailto:randomnoise058@gmail.com>>:
> 
>     Centos-6.6+seLinux, Apache-2.2, OpenLDAP-2.4.40, OpenSSL-1.0.1e-fips
> 
>     Using the following sample Directory block, the Apache LDAP authentication works
>     just fine, but when the web page is displayed - the activity spinner is spinning
>     and the status bar shows "Read <hostname>". Without the Apache LDAP
>     authentication, neither of the above symptoms appear/occur. It is almost like
>     something doesn't complete/finish, but I cannot determine what causes this.
>     There are no messages in the HTTPD error logs relative to this situation.
> 
> 
>     <Directory "/var/www/html/directory/">
>       SSLRequireSSL
>       AllowOverride None
>       Allow from 127.0.0.1
>       Allow from localhost
>       Allow from 192.168.56.0/24 <http://192.168.56.0/24>
>     # uncomment following line to force all frontend access
>     # to require userid/password authentication via LDAP
>       include conf/WebFrontendApacheAuthentication.conf
>     </Directory>
> 
> 
>     WebFrontendApacheAuthentication.conf
>     ===============================
>     AuthType basic
>     AuthName "realm"
>     AuthBasicProvider ldap
>     AuthLDAPURL ldaps://vbox-realm.vboxnet/dc=realm?uid?sub?(ObjectClass=*)
>     Require ldap-group cn=WebAccess,dc=realm
>     ===============================
> 
> 
> Not an expert about LDAP auth with httpd but I would try to increase the
> LogLevel (https://httpd.apache.org/docs/2.2/mod/core.html#loglevel) to get more
> info from the logs about what mod_auth_ldap is doing.
> 
> Hope that helps!
> 
> Luca 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message