Red Hat Bugzilla – Bug 837039
mod_ldap caches negative results
Last modified: 2014-02-04 10:06:28 EST
Description of problem: mod_ldap caches negative results, unlike specified in documentation: "Negative results (i.e., unsuccessful searches, or searches that did not result in a successful bind) are not cached."
Version-Release number of selected component (if applicable):
How reproducible: See steps below.
Steps to Reproduce:
1.Configure ldap authentication with mod_authnz_ldap. Set require ldap-group. Restart httpd.
2. Try to log with user1 that do not belong to group. Log with authorized user2 (ie. belongs to group).
3. Put user1 in group and try again. Log fails. tcpdump show no LDAP authentication attempt.
4. Repeat 2-3 with LDAPCacheEntries set to 0. Everything work as expected.
Actual results: mod_ldap caches negative results
Expected results: do not cache negative results
Hi, please confirm the package version used, and note that Bugzilla is not a support mechanism - if you need help with production support issues please contact Red Hat Support.
I'm not asking for support, I'm only saying that it works differently than documented.. so it's a bug.
I've tried to reproduce your problem and I have few questions.
1. Do you use mod_authz_ldap or mod_authnz_ldap? "require ldap-group" can't be used with mod_authz_ldap, but from Comment 2 I understand that you are using that module.
2. Could you please paste here your httpd configuration related to LDAP so I will be able to reproduce it?
We lack sufficient reproduction information for this bug, and it is therefore being closed.
If you need further assistance, please contact your Red Hat support representative.