LDAP authentication fails if LDAP server connection times out

[melfstrand@…]

Active Directory (in Windows 2003 Server) disconnects LDAP clients after 15 minutes of inactivity. The LDAP authenticator in lighttpd binds when the lighttpd process starts, and if no one accesses the lighttpd server for more than 15 minutes (such as is the case with intranet servers overnight), the LDAP server disconnects and lighttpd denies all subsequent requests. The lighttpd process must be restarted in order to get authentication working again.

Ideally, lighttpd would determine if the LDAP connection was still valid, and re-connect if it wasn't. Another approach might be to have a setting in the lighttpd configuration that would cause lighttpd to disconnect itself from the LDAP server after a certain period of inactivity, and re-connect if it had previously disconnected itself.

[joerg@…]

I've run into the same problem. Can try the attached patch?

[joerg@…]

Automatic reconnect for LDAP

[melfstrand@…]

The patch appears to work! I applied it to my copy of the 1.4.4 source. It compiled, installed, and has been running for a couple of hours so far, and I've let it run for over 15 minutes both at startup and between requests, and there has been no problem authenticating. Thank you!

[joerg@…]

I should add that the patch contains another change. It disable the CA file check for starttls, I needed it because the admin of the LDAP server I have to use doesn't want to give it to me, but enforces SSL. It might be good to make it another option.

[joerg@…]

I'm reattaching the patch without the starttls part (ticket 356).

[joerg@…]

allow reconnect to ldap server after timeouts

[jan]

applied in [818], will be part of 1.4.8, thanks for the patch.