FAQ
Hello,
I configured apache2.2 to provide ldap authentication with Active Directory.

--=--
<Directory "/var/www/html">

AuthType Basic
AuthName "Authenticate with domain account."
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPBindDN cn=Administrator,cn=users,dc=example,dc=com
AuthLDAPBindPassword secret
AuthLDAPURL ldap://
192.168.56.110:389/dc=example,dc=com?sAMAccountName?sub?(objectClass=*)
Require valid-user
...
</Directory>
--=--

It works, but it takes far too long.
I analyzed the traffic with tcpdump.. the timestamps show exactly four
minutes between the initial bindRequest to bind with "AuthLDAPBindDN" and
the final bindResponse (success) for the user provided account credentials.

Here is the error_log output for this.

--=--
[Sat Dec 10 07:06:37 2011] [debug] mod_authnz_ldap.c(390): [client
192.168.56.1] [2488] auth_ldap authenticate: using URL ldap://
192.168.56.110:389/dc=example,dc=com?sAMAccountName?sub?(objectClass=*)
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(489): [client
192.168.56.1] [2488] auth_ldap authenticate: accepting peter
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(971): [client
192.168.56.1] [2488] auth_ldap authorise: declining to authorise
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(390): [client
192.168.56.1] [2475] auth_ldap authenticate: using URL ldap://
192.168.56.110:389/dc=example,dc=com?sAMAccountName?sub?(objectClass=*),
referer: http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(489): [client
192.168.56.1] [2475] auth_ldap authenticate: accepting peter, referer:
http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(971): [client
192.168.56.1] [2475] auth_ldap authorise: declining to authorise, referer:
http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [error] [client 192.168.56.1] File does not
exist: /var/www/html/projeto/style.css, referer:
http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(390): [client
192.168.56.1] [2475] auth_ldap authenticate: using URL ldap://
192.168.56.110:389/dc=example,dc=com?sAMAccountName?sub?(objectClass=*),
referer: http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(489): [client
192.168.56.1] [2475] auth_ldap authenticate: accepting peter, referer:
http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(971): [client
192.168.56.1] [2475] auth_ldap authorise: declining to authorise, referer:
http://192.168.56.200/projeto/
--=--

As you can see, it takes four minutes between the first and the second line.

Any clue?

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupusers @
categoriesapache
postedDec 10, '11 at 12:20p
activeDec 10, '11 at 12:20p
posts1
users1
websitehttpd.apache.org
irc#httpd

1 user in discussion

Tessio Fechine: 1 post

People

Translate

site design / logo © 2022 Grokbase