You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2016/08/16 03:00:19 UTC

[Bug 60007] New: Httpd didn‘t support LDAP backup host

https://bz.apache.org/bugzilla/show_bug.cgi?id=60007

            Bug ID: 60007
           Summary: Httpd didn‘t support LDAP backup host
           Product: Apache httpd-2
           Version: 2.4.18
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ldap
          Assignee: bugs@httpd.apache.org
          Reporter: qhyh@163.com

Created attachment 34154
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34154&action=edit
source code

Microsoft AD server will create master-master server for HA,it will give us two
different IP address ,like 10.0.1.77 or 10.0.7.88;
But HTTPD didn't support setting two IP address it one authn provider ,i had
fixed this bug and give the code ,FYI.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 60007] Httpd didn‘t support LDAP backup host

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60007

--- Comment #2 from Icewool <qh...@163.com> ---
(In reply to Eric Covener from comment #1)
> Does this work in your env unpatched?
> 
> https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#authldapurl
> AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..."

Yes, it works!

You can setting LDAP  authn provider like this :
<AuthnProviderAlias ldap ldap-h>
AuthLDAPBindDN "LDAPUSER"
AuthLDAPBindPassword xxxxxxx
AuthLDAPURL "ldap://10.0.7.7:389/OU=User
Accounts,OU=HIKVISION,DC=hikvision,DC=com?sAMAccountName?sub?(&(objectCategory=Person)(sAMAccountName=*))"
AuthLDAPHostBackup 10.0.7.77
</AuthnProviderAlias>

10.0.7.7 is a wrong ldap host, than httpd will work with host 10.0.7.77, also
there's a error log :

[Tue Aug 16 11:30:08.811564 2016] [ldap:error] [pid 14874] [client
10.0.13.231:22928] AH01284: ldap_retry backup host :10.0.7.77
[now:10.0.7.7:389]

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 60007] Httpd didn‘t support LDAP backup host

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60007

--- Comment #1 from Eric Covener <co...@gmail.com> ---
Does this work in your env unpatched?

https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#authldapurl
AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..."

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 60007] Httpd didn‘t support LDAP backup host

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60007

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 60007] Httpd didn‘t support LDAP backup host

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60007

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEEDINFO                    |RESOLVED

--- Comment #3 from Eric Covener <co...@gmail.com> ---
thanks for quick confirmation, closing out

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org