search

kvspb / nginx-auth-ldap

LDAP authentication module for nginx
BSD 2-Clause "Simplified" License
732 stars 253 forks source link

Timeouts on CentOS 5 #70

Open scurvy opened 9 years ago

scurvy commented 9 years ago

Hello, I'm trying to get this going for the first time and running into some issues. I'm pretty good with LDAP and configured PAM LDAP in nginx without any problems. However, the nginx-auth-ldap module just isn't working in nginx 1.6.2

Looking at the network traffic in tcpdump, I see each worker thread connects to the LDAP server, binds, unbinds, then just sits there. Even though there are authentication requests waiting.

Here's my config:

ldap_server ds1 { url 'ldap://10.0.0.1/dc=domain,dc=net?uid?sub?(objectClass=*)'; require valid_user; }

server { location / { auth_ldap "restricted"; auth_ldap_servers ds1; } }

Pretty basic stuff. However, nothing is working. The only thing I can think of is that this module is old and not designed to work with the newer versions of nginx. Anyone running it with 1.6.2?

The only messages in the error log are timeouts:

2015/01/15 23:42:25 [error] 19938#0: *7 http_auth_ldap: Authentication timed out, client: 10.0.0.2, server: foo, request: "GET / HTTP/1.1", host: "foo"

scurvy commented 9 years ago

I've narrowed this down to CentOS 5 vs later versions of the distribution. It works on CentOS 6 and 7, but fails on 5. I'm guessing this is due to using an older version of the OpenLDAP libraries.

dnepangue commented 9 years ago

We have the same problem with nginx/1.6.2 but on Ubuntu 12.04.

2015/01/23 12:57:53 [error] 2311#0: *37616 http_auth_ldap: Authentication timed out.

josephmc5 commented 9 years ago

I'm also having this with CentOS 5.5 with openldap-2.3.43-28.el5_10.

It works fine in CentOS 6 with the same RPM build spec.

smarvik commented 9 years ago

This is what I see from the debug output. I have "connections" set to 20 but there seems to be something wrong with the connection handling...

2015/05/13 18:16:02 [debug] 17141#0: *43 http_auth_ldap: Username is "xxxx"
2015/05/13 18:16:02 [debug] 17141#0: *43 http_auth_ldap: Authentication loop (phase=0, iteration=0)
2015/05/13 18:16:02 [debug] 17141#0: *43 event timer add: 12: 10000:1309662925
2015/05/13 18:16:02 [debug] 17141#0: *43 http_auth_ldap: request_timeout=10000
2015/05/13 18:16:02 [debug] 17141#0: *43 http_auth_ldap: Using cached outcome -1
2015/05/13 18:16:02 [debug] 17141#0: *43 http_auth_ldap: Authentication loop (phase=1, iteration=0)
2015/05/13 18:16:02 [debug] 17141#0: *43 http_auth_ldap: Wants a free connection to "yyyyyy"
2015/05/13 18:16:02 [debug] 17141#0: *43 http_auth_ldap: No connection available at the moment, waiting...