Ubuntu
apache2 package

mod_auth_ldap does not support redundant servers

Bug #55645 reported by nodata
4
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Invalid
Undecided
Ralph Janke

Bug Description

Binary package hint: apache2

Apache documentation says:
"To specify multiple, redundant LDAP servers, just list all servers, separated by spaces. mod_auth_ldap will try connecting to each server in turn, until it makes a successful connection."

And although this works:
  AuthLDAPURL ldap://ldap.DOMAIN/ou=OUHERE,dc=DCHERE
This does not:
  AuthLDAPURL ldap://ldap1.DOMAIN ldap2.DOMAIN/ou=OUHERE,dc=DCHERE

I get the error:
 "AuthLDAPURL takes one argument, URL to define LDAP connection.."

Revision history for this message
nodata (ubuntu-nodata) wrote :

Any news on this?

Revision history for this message
speeves (speeves) wrote :

Have you tried to use multiple AuthLDAPUrl lines? ie:

AuthLDAPURL ldap://ldap1.DOMAIN/ou=OUHERE,dc=DCHERE
AuthLDAPURL ldap://ldap2.DOMAIN/ou=OUHERE,dc=DCHERE

I had a similar problems with mod_auth_ldap and require group, and changing:

require group dn1 dn2 dn3

to:

require group dn1
require group dn2
require group dn3

worked for me. BTW, this is probably fixed in apache2.2, but the developers are not spending any more energy on the apache2.0 version of mod_auth_ldap...

Revision history for this message
nodata (ubuntu-nodata) wrote :

> Have you tried to use multiple AuthLDAPUrl lines? ie:

No I haven't, but I will. Before I do - does this syntax also guarantee that ldap1 (in your example) will be tried first? or do both have the same weighting?

Thanks.

Revision history for this message
nodata (ubuntu-nodata) wrote :

Specifying multiple servers seems to query both servers.

Because this package does not match the documentation for it ("redundant server should be space separated"), please can this bug be fixed?

Revision history for this message
Ralph Janke (txwikinger) wrote :

Did you try

AuthLDAPURL ldap://ldap1.DOMAIN/ou=OUHERE,dc=DCHERE ldap2.DOMAIN/ou=OUHERE,dc=DCHERE

?

Thanks.

Changed in apache2:
assignee: nobody → rjanke
status: Unconfirmed → Needs Info
Revision history for this message
Ralph Janke (txwikinger) wrote :

Did you try this format ?

authldapurl "ldap://ldap1.airius.com ldap2.airius.com/ou=people, o=airius"

Thanks

Revision history for this message
nodata (ubuntu-nodata) wrote :

No I didn't, but now I have, and it works!

You are excellent.

How can we get this in the upstream documentation for other people?

Revision history for this message
Ralph Janke (txwikinger) wrote :

I am closing this, since the software is working correctly and the problem is with the documentation. The following bug was filed with the apache bug tracking system http://issues.apache.org/bugzilla/show_bug.cgi?id=42051 for the request of more clarity in the documentation.

Changed in apache2:
status: Needs Info → Rejected
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.