[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: [pamldap] bind_timelimit?
From: Josh Lothian <lothian () cs ! utk ! edu>
Date: 2005-06-20 18:05:21
Message-ID: 20050620180521.GA18892 () woodchuck ! cs ! utk ! edu
[Download RAW message or body]
Hey all,
I'm using openldap 2.2.26 as a server, and redhat ws 3 with their
pam_ldap. Can't quite figure out their version, but I'm getting the
same issue with pam_ldap-176 from another box.
From what I can make out, pam_ldap isn't respecting the bind_timelimit
setting at all. On the client I get:
<snip>
Jun 20 14:01:18 client sshd(pam_unix)[4205]: check pass; user unknown
Jun 20 14:01:18 client sshd(pam_unix)[4205]: authentication failure; logname= uid=0 \
euid=0 tty=NODEVssh ruser= rhost=heimdall.ccs.ornl.gov
Jun 20 14:01:28 client sshd[4205]: pam_ldap: ldap_result Timed out
</snip>
and the server sees:
<snip>
Jun 20 14:01:18 server slapd[1436]: conn=51 op=1 BIND dn="" method=128
Jun 20 14:01:18 server slapd[1436]: conn=51 op=1 RESULT tag=97 err=0 text=
Jun 20 14:01:18 server slapd[1436]: conn=51 op=2 SRCH base="dc=my,dc=org" scope=2 \
deref=0 filter="(uid=me)"
Jun 20 14:01:18 server slapd[1436]: conn=51 op=2 SEARCH RESULT tag=101 err=0 \
nentries=1 text=
Jun 20 14:01:18 server slapd[1436]: conn=51 op=3 BIND \
dn="uid=me,ou=People,dc=my,dc=org" method=128
Jun 20 14:01:28 server slapd[1436]: connection_input: conn=51 deferring operation: \
binding
Jun 20 14:01:33 server slapd[1436]: conn=51 op=3 BIND \
dn="uid=me,ou=People,dc=my,dc=org" mech=SIMPLE ssf=0
Jun 20 14:01:33 server slapd[1436]: conn=51 op=3 RESULT tag=97 err=0 text=
Jun 20 14:01:33 server slapd[1436]: conn=51 op=4 BIND anonymous mech=implicit ssf=0
Jun 20 14:01:33 server slapd[1436]: conn=51 op=4 BIND dn="" method=128
Jun 20 14:01:33 server slapd[1436]: conn=51 op=4 RESULT tag=97 err=0 text=
</snip>
But, in my ldap.conf for pam_ldap:
<snip>
bind_timelimit 120
</snip>
And just to be safe, in the ldap.conf for openldap:
<snip>
TIMELIMIT 120
</snip>
Unfortunately we're doing some weird authentication in the backend which
is currently taking longer than 10 seconds to complete successfully,
causing these problems. Any idea why pam_ldap is apparently not
respecting the bind timelimit?
thanks
-jkl
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic