You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Thomas Bennett <th...@eds.com> on 2002/09/27 00:26:09 UTC

httpd_ldap: session time out

Hello,

I have had two problems using an MS exchange server :) to autheticate.
The first is that ldap queries allways return a dn with and extra cn attribute 
as as below:
cn=qzlg4d,cn=Recipients,ou=EXNZ01,o=ABC
but when you try and bind with the same dn it fails unless you remove the 
cn=Recipients. Now I do not know anything about Exchange or the way it is set 
up but I created a patch to blank this out which I guess cannot be put in to 
httpd_ldap but I include it anyway.

The second problem is that when connections to the exchange server go away (I 
presume Exchange closed them after some time interval) httpd_ldap does not 
detect this and close them. I include a patch that closes a connection when 
server down is detected and finds another connection. In the patch for this I 
have included a fix for arguments to util_ldap_cache_compare() being in the 
wrong order that somebody put n a bug report for.

-- 
Regards
Thomas Bennett
NZ - CI Southern Unix Eng.
EDS (NZ) Ltd
Ph 64 6 348 9861
FAX 64 6 438 9880

Re: httpd_ldap: session time out

Posted by Graham Leggett <mi...@sharp.fm>.

Thomas Bennett wrote:

> I have had two problems using an MS exchange server :) to autheticate.
> The first is that ldap queries allways return a dn with and extra cn attribute 
> as as below:
> cn=qzlg4d,cn=Recipients,ou=EXNZ01,o=ABC
> but when you try and bind with the same dn it fails unless you remove the 
> cn=Recipients. Now I do not know anything about Exchange or the way it is set 
> up but I created a patch to blank this out which I guess cannot be put in to 
> httpd_ldap but I include it anyway.

Hmmm - very odd problem. Looks like Exchange either has a bug (likely) 
or it's setup wrong (possible), or even both. In theory it should 
ou=Recipients, not cn=Recipients.

> The second problem is that when connections to the exchange server go away (I 
> presume Exchange closed them after some time interval) httpd_ldap does not 
> detect this and close them. I include a patch that closes a connection when 
> server down is detected and finds another connection.

I changed the patch to fix a problem that the LDAP result code was being 
passed back to apache instead of OK or DECLINED. It's been committed.

> In the patch for this I 
> have included a fix for arguments to util_ldap_cache_compare() being in the 
> wrong order that somebody put n a bug report for.

I'll take a look at this separately...

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."