You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tessio Fechine <oi...@gmail.com> on 2011/12/10 13:19:46 UTC
[users@httpd] ldap authentication taking far too long
Hello,
I configured apache2.2 to provide ldap authentication with Active Directory.
--=--
<Directory "/var/www/html">
AuthType Basic
AuthName "Authenticate with domain account."
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPBindDN cn=Administrator,cn=users,dc=example,dc=com
AuthLDAPBindPassword secret
AuthLDAPURL ldap://
192.168.56.110:389/dc=example,dc=com?sAMAccountName?sub?(objectClass=*)
Require valid-user
...
</Directory>
--=--
It works, but it takes far too long.
I analyzed the traffic with tcpdump.. the timestamps show exactly four
minutes between the initial bindRequest to bind with "AuthLDAPBindDN" and
the final bindResponse (success) for the user provided account credentials.
Here is the error_log output for this.
--=--
[Sat Dec 10 07:06:37 2011] [debug] mod_authnz_ldap.c(390): [client
192.168.56.1] [2488] auth_ldap authenticate: using URL ldap://
192.168.56.110:389/dc=example,dc=com?sAMAccountName?sub?(objectClass=*)
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(489): [client
192.168.56.1] [2488] auth_ldap authenticate: accepting peter
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(971): [client
192.168.56.1] [2488] auth_ldap authorise: declining to authorise
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(390): [client
192.168.56.1] [2475] auth_ldap authenticate: using URL ldap://
192.168.56.110:389/dc=example,dc=com?sAMAccountName?sub?(objectClass=*),
referer: http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(489): [client
192.168.56.1] [2475] auth_ldap authenticate: accepting peter, referer:
http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(971): [client
192.168.56.1] [2475] auth_ldap authorise: declining to authorise, referer:
http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [error] [client 192.168.56.1] File does not
exist: /var/www/html/projeto/style.css, referer:
http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(390): [client
192.168.56.1] [2475] auth_ldap authenticate: using URL ldap://
192.168.56.110:389/dc=example,dc=com?sAMAccountName?sub?(objectClass=*),
referer: http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(489): [client
192.168.56.1] [2475] auth_ldap authenticate: accepting peter, referer:
http://192.168.56.200/projeto/
[Sat Dec 10 07:10:37 2011] [debug] mod_authnz_ldap.c(971): [client
192.168.56.1] [2475] auth_ldap authorise: declining to authorise, referer:
http://192.168.56.200/projeto/
--=--
As you can see, it takes four minutes between the first and the second line.
Any clue?