[Bug 306897] Re: LDAP Authentication problem : ldap_simple_bind_s() failed

Steve Wilson stevew at purdue.edu
Wed Dec 17 17:49:41 GMT 2008 

I had the same problem as originally posted.  I am running a Subversion server in an OpenVZ container (2.6.24-21-openvz) with latest updates to libgnutls13.  My Subversion server also authenticates using LDAP SSL.  Initially, authentication would work correctly but then after a period of time it would start failing with errors like the following showing up in the Apache logs:
    [Fri Dec 12 17:17:14 2008] [warn] [client XXX.XXX.XXX.XXX] [17128] auth_ldap authenticate: user XXX authentication failed; URI /svn/project [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

Once LDAP authentication began failing, it required a reboot of the
Apache service to function normally again.

Reverting to a previous libgnutls13 (2.0.4-1ubuntu2 instead of 2.0.4-1ubuntu2.3) seemed to correct the problem.  But I still saw unusual messages like:
    [Wed Dec 17 09:41:53 2008] [warn] [client XXX.XXX.XXX.XXX] [9506] auth_ldap authenticate: user XXX authentication failed; URI /svn/project [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
when invalid credentials were supplied.

I noticed this post:
    http://the.unwashedmeme.com/blog/2008/08/08/mod_ldap-ldapverifyservercert-simple-bind-failed/
and decided to try disabling LDAP server verification in the Apache configuration (default is enabled):
    LDAPVerifyServerCert Off

That seems to have corrected the problem for me.  I am now up to the
current version of libgnutls13, LDAP authentication works, and I don't
see "Can't contact LDAP server" messages in my logs any more.

So, perhaps the original problem is due to there being something wrong
with the LDAP server certificates (e.g., the file is missing, the
permissions are incorrect, etc.).

Hope that's of some help!

Steve

-- 
LDAP Authentication problem : ldap_simple_bind_s() failed
https://bugs.launchpad.net/bugs/306897
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.

More information about the Ubuntu-server-bugs mailing list