[rt-users] ExternalAuth LDAP timeout

zux zux at pie-dabas.net
Wed Apr 6 09:54:24 EDT 2016


Hi,
we had a strange problem today - our users authenticate with their AD 
accounts. There are two LDAP servers configured. One of the servers was 
offline for a time and users could not login at that time, although most 
of the users are from the AD that did work. The logs clearly stated that 
the user had successfully authenticated against the first LDAP server, 
but tried the other anyway. So the whole process died with timeout.

Here are some specifics from the apache error log:

[1192] [Wed Apr  6 11:53:17 2016] [info]: 
RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( LDAP ): 
username (/opt/rt4/sbin/../lib/RT/Authen/ExternalAuth/LDAP.pm:348)
[Wed Apr 06 14:53:52.654654 2016] [fcgid:warn] [pid 934:tid 
140136953538304] [client 192.168.1.150:36148] mod_fcgid: read data 
timeout in 40 seconds, referer: https://
[Wed Apr 06 14:53:52.654835 2016] [core:error] [pid 934:tid 
140136953538304] [client 192.168.1.150:36148] End of script output 
before headers: rt-server.fcgi, referer: https://

(the difference in time is because rt logs in UTC, not local time zone - 
I have not yet tried to figure out why)

There is alot of data in rt.log because I enabled debug, but it 
basically says that there was a successful login in the first LDAP and 
the tries to bind to the second.


So the questions are:
1) Is there an option to enable timeout for LDAP logins?
2) Why does RT even try to login to the second LDAP, if the first 
succeeds? Why couldn't I login with root?



More information about the rt-users mailing list