You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Thomas Bennett <th...@eds.com> on 2002/09/27 00:26:09 UTC
httpd_ldap: session time out
Hello,
I have had two problems using an MS exchange server :) to autheticate.
The first is that ldap queries allways return a dn with and extra cn attribute
as as below:
cn=qzlg4d,cn=Recipients,ou=EXNZ01,o=ABC
but when you try and bind with the same dn it fails unless you remove the
cn=Recipients. Now I do not know anything about Exchange or the way it is set
up but I created a patch to blank this out which I guess cannot be put in to
httpd_ldap but I include it anyway.
The second problem is that when connections to the exchange server go away (I
presume Exchange closed them after some time interval) httpd_ldap does not
detect this and close them. I include a patch that closes a connection when
server down is detected and finds another connection. In the patch for this I
have included a fix for arguments to util_ldap_cache_compare() being in the
wrong order that somebody put n a bug report for.
--
Regards
Thomas Bennett
NZ - CI Southern Unix Eng.
EDS (NZ) Ltd
Ph 64 6 348 9861
FAX 64 6 438 9880
Re: httpd_ldap: session time out
Posted by Graham Leggett <mi...@sharp.fm>.
Thomas Bennett wrote:
> I have had two problems using an MS exchange server :) to autheticate.
> The first is that ldap queries allways return a dn with and extra cn attribute
> as as below:
> cn=qzlg4d,cn=Recipients,ou=EXNZ01,o=ABC
> but when you try and bind with the same dn it fails unless you remove the
> cn=Recipients. Now I do not know anything about Exchange or the way it is set
> up but I created a patch to blank this out which I guess cannot be put in to
> httpd_ldap but I include it anyway.
Hmmm - very odd problem. Looks like Exchange either has a bug (likely)
or it's setup wrong (possible), or even both. In theory it should
ou=Recipients, not cn=Recipients.
> The second problem is that when connections to the exchange server go away (I
> presume Exchange closed them after some time interval) httpd_ldap does not
> detect this and close them. I include a patch that closes a connection when
> server down is detected and finds another connection.
I changed the patch to fix a problem that the LDAP result code was being
passed back to apache instead of OK or DECLINED. It's been committed.
> In the patch for this I
> have included a fix for arguments to util_ldap_cache_compare() being in the
> wrong order that somebody put n a bug report for.
I'll take a look at this separately...
Regards,
Graham
--
-----------------------------------------
minfrin@sharp.fm "There's a moon
over Bourbon Street
tonight..."