LDAP authentication timing out
Hello All,
I have the following config:
host samerole +myrole samenet ldap
ldapserver="ldap1,ldap2,ldap3" ldapbinddn="mybinddn"
ldapbindpasswd="mypass" ldapbasedn="mybase" ldapsearchattribute="myatt"
Usually auth works perfectly with LDAP (starting a session from psql using
an LDAP connection, authenticating with the LDAP password then exiting
straight away) I see this:
2013-06-20 15:19:53 EST DEBUG: edb-postgres child[15901]: starting with (
2013-06-20 15:19:53 EST DEBUG: forked new backend, pid=15901 socket=10
2013-06-20 15:19:53 EST DEBUG: edb-postgres
2013-06-20 15:19:53 EST DEBUG: dccn
2013-06-20 15:19:53 EST DEBUG: )
2013-06-20 15:19:53 EST DEBUG: InitPostgres
2013-06-20 15:19:53 EST DEBUG: my backend ID is 1
2013-06-20 15:19:53 EST DEBUG: StartTransaction
2013-06-20 15:19:53 EST DEBUG: name: unnamed; blockState: DEFAULT;
state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
2013-06-20 15:19:53 EST DEBUG: received password packet
2013-06-20 15:19:53 EST DEBUG: CommitTransaction
2013-06-20 15:19:53 EST DEBUG: name: unnamed; blockState: STARTED;
state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
2013-06-20 15:19:56 EST DEBUG: shmem_exit(0): 7 callbacks to make
2013-06-20 15:19:56 EST DEBUG: proc_exit(0): 3 callbacks to make
2013-06-20 15:19:56 EST DEBUG: exit(0)
2013-06-20 15:19:56 EST DEBUG: shmem_exit(-1): 0 callbacks to make
2013-06-20 15:19:56 EST DEBUG: proc_exit(-1): 0 callbacks to make
2013-06-20 15:19:56 EST DEBUG: reaping dead processes
2013-06-20 15:19:56 EST DEBUG: server process (PID 15901) exited with exit
code 0
However around 10% of the time (although this varies) the session hangs
after I type in my password till the auth timeout and I see this:
2013-06-20 15:07:46 EST DEBUG: forked new backend, pid=15587 socket=10
2013-06-20 15:07:46 EST DEBUG: edb-postgres child[15587]: starting with (
2013-06-20 15:07:46 EST DEBUG: edb-postgres
2013-06-20 15:07:46 EST DEBUG: dccn
2013-06-20 15:07:46 EST DEBUG: )
2013-06-20 15:07:46 EST DEBUG: InitPostgres
2013-06-20 15:07:46 EST DEBUG: my backend ID is 1
2013-06-20 15:07:46 EST DEBUG: StartTransaction
2013-06-20 15:07:46 EST DEBUG: name: unnamed; blockState: DEFAULT;
state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
2013-06-20 15:07:46 EST DEBUG: received password packet
2013-06-20 15:08:46 EST DEBUG: shmem_exit(1): 7 callbacks to make
2013-06-20 15:08:46 EST DEBUG: proc_exit(1): 3 callbacks to make
2013-06-20 15:08:46 EST DEBUG: exit(1)
2013-06-20 15:08:46 EST DEBUG: shmem_exit(-1): 0 callbacks to make
2013-06-20 15:08:46 EST DEBUG: proc_exit(-1): 0 callbacks to make
2013-06-20 15:08:46 EST DEBUG: reaping dead processes
2013-06-20 15:08:46 EST DEBUG: server process (PID 15587) exited with exit
code 1
Anyone have any ideas? I never see this with MD5.
I can multiple quickfire binds from an LDAP application and the same bind
DN with no problems.
Cheers,
James Sewell
PostgreSQL Team Lead / Solutions Architect
_____________________________________
[image:
http://www.lisasoft.com/sites/lisasoft/files/u1/2013hieghtslogan_0.png]
Level 2, 50 Queen St,
Melbourne, VIC, 3000
P: 03 8370 8000 F: 03 8370 8099 W: www.lisasoft.com
--
------------------------------
The contents of this email are confidential and may be subject to legal or
professional privilege and copyright. No representation is made that this
email is free of viruses or other defects. If you have received this
communication in error, you may not copy or distribute any part of it or
otherwise disclose its contents to anyone. Please advise the sender of your
incorrect receipt of this correspondence.
Attachments:
On Thu, Jun 20, 2013 at 7:24 AM, James Sewell <james.sewell@lisasoft.com>wrote:
Hello All,
I have the following config:
host samerole +myrole samenet ldap
ldapserver="ldap1,ldap2,ldap3" ldapbinddn="mybinddn"
ldapbindpasswd="mypass" ldapbasedn="mybase" ldapsearchattribute="myatt"Usually auth works perfectly with LDAP (starting a session from psql using
an LDAP connection, authenticating with the LDAP password then exiting
straight away) I see this:2013-06-20 15:19:53 EST DEBUG: edb-postgres child[15901]: starting with (
2013-06-20 15:19:53 EST DEBUG: forked new backend, pid=15901 socket=10
2013-06-20 15:19:53 EST DEBUG: edb-postgres
2013-06-20 15:19:53 EST DEBUG: dccn
2013-06-20 15:19:53 EST DEBUG: )
2013-06-20 15:19:53 EST DEBUG: InitPostgres
2013-06-20 15:19:53 EST DEBUG: my backend ID is 1
2013-06-20 15:19:53 EST DEBUG: StartTransaction
2013-06-20 15:19:53 EST DEBUG: name: unnamed; blockState: DEFAULT;
state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
2013-06-20 15:19:53 EST DEBUG: received password packet
2013-06-20 15:19:53 EST DEBUG: CommitTransaction
2013-06-20 15:19:53 EST DEBUG: name: unnamed; blockState: STARTED;
state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
2013-06-20 15:19:56 EST DEBUG: shmem_exit(0): 7 callbacks to make
2013-06-20 15:19:56 EST DEBUG: proc_exit(0): 3 callbacks to make
2013-06-20 15:19:56 EST DEBUG: exit(0)
2013-06-20 15:19:56 EST DEBUG: shmem_exit(-1): 0 callbacks to make
2013-06-20 15:19:56 EST DEBUG: proc_exit(-1): 0 callbacks to make
2013-06-20 15:19:56 EST DEBUG: reaping dead processes
2013-06-20 15:19:56 EST DEBUG: server process (PID 15901) exited with
exit code 0However around 10% of the time (although this varies) the session hangs
after I type in my password till the auth timeout and I see this:2013-06-20 15:07:46 EST DEBUG: forked new backend, pid=15587 socket=10
2013-06-20 15:07:46 EST DEBUG: edb-postgres child[15587]: starting with (
2013-06-20 15:07:46 EST DEBUG: edb-postgres
2013-06-20 15:07:46 EST DEBUG: dccn
2013-06-20 15:07:46 EST DEBUG: )
2013-06-20 15:07:46 EST DEBUG: InitPostgres
2013-06-20 15:07:46 EST DEBUG: my backend ID is 1
2013-06-20 15:07:46 EST DEBUG: StartTransaction
2013-06-20 15:07:46 EST DEBUG: name: unnamed; blockState: DEFAULT;
state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
2013-06-20 15:07:46 EST DEBUG: received password packet
2013-06-20 15:08:46 EST DEBUG: shmem_exit(1): 7 callbacks to make
2013-06-20 15:08:46 EST DEBUG: proc_exit(1): 3 callbacks to make
2013-06-20 15:08:46 EST DEBUG: exit(1)
2013-06-20 15:08:46 EST DEBUG: shmem_exit(-1): 0 callbacks to make
2013-06-20 15:08:46 EST DEBUG: proc_exit(-1): 0 callbacks to make
2013-06-20 15:08:46 EST DEBUG: reaping dead processes
2013-06-20 15:08:46 EST DEBUG: server process (PID 15587) exited with
exit code 1Anyone have any ideas? I never see this with MD5.
I can multiple quickfire binds from an LDAP application and the same bind
DN with no problems.
Sounds like an issue either with your ldap server, your network or the ldap
client library. But it's kind of hard to tell. You're probably best off
getting a network trace of the traffic between the ldap server and
postgres, to see how far it gets at all - that's usually a good pointer
when it comes to timeouts.
Also, what version of postgres (looks from the names that this might be edb
advanced server and not actually postgres? In that case you might be better
off talking to the EDB people - they may have made some modifications to
the ldap code perhaps)?
What OS?
Versions?
What ldap client and version?
What ldap server?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
Hey,
Thanks for the reply Magnus.
I'm getting some packet captures now - I just thought I'd throw this out
there in case anyone else had faced similar problems.
This is EDB PPAS, I'm following up with them in parallel.
Cheers,
James Sewell
James Sewell
Solutions Architect
_____________________________________
[image:
http://www.lisasoft.com/sites/lisasoft/files/u1/2013hieghtslogan_0.png]
Level 2, 50 Queen St,
Melbourne, VIC, 3000
P: 03 8370 8000 F: 03 8370 8099 W: www.lisasoft.com
On Thu, Jun 20, 2013 at 6:30 PM, Magnus Hagander <magnus@hagander.net>wrote:
On Thu, Jun 20, 2013 at 7:24 AM, James Sewell <james.sewell@lisasoft.com>wrote:
Hello All,
I have the following config:
host samerole +myrole samenet ldap
ldapserver="ldap1,ldap2,ldap3" ldapbinddn="mybinddn"
ldapbindpasswd="mypass" ldapbasedn="mybase" ldapsearchattribute="myatt"Usually auth works perfectly with LDAP (starting a session from psql
using an LDAP connection, authenticating with the LDAP password then
exiting straight away) I see this:2013-06-20 15:19:53 EST DEBUG: edb-postgres child[15901]: starting with (
2013-06-20 15:19:53 EST DEBUG: forked new backend, pid=15901 socket=10
2013-06-20 15:19:53 EST DEBUG: edb-postgres
2013-06-20 15:19:53 EST DEBUG: dccn
2013-06-20 15:19:53 EST DEBUG: )
2013-06-20 15:19:53 EST DEBUG: InitPostgres
2013-06-20 15:19:53 EST DEBUG: my backend ID is 1
2013-06-20 15:19:53 EST DEBUG: StartTransaction
2013-06-20 15:19:53 EST DEBUG: name: unnamed; blockState: DEFAULT;
state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
2013-06-20 15:19:53 EST DEBUG: received password packet
2013-06-20 15:19:53 EST DEBUG: CommitTransaction
2013-06-20 15:19:53 EST DEBUG: name: unnamed; blockState: STARTED;
state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
2013-06-20 15:19:56 EST DEBUG: shmem_exit(0): 7 callbacks to make
2013-06-20 15:19:56 EST DEBUG: proc_exit(0): 3 callbacks to make
2013-06-20 15:19:56 EST DEBUG: exit(0)
2013-06-20 15:19:56 EST DEBUG: shmem_exit(-1): 0 callbacks to make
2013-06-20 15:19:56 EST DEBUG: proc_exit(-1): 0 callbacks to make
2013-06-20 15:19:56 EST DEBUG: reaping dead processes
2013-06-20 15:19:56 EST DEBUG: server process (PID 15901) exited with
exit code 0However around 10% of the time (although this varies) the session hangs
after I type in my password till the auth timeout and I see this:2013-06-20 15:07:46 EST DEBUG: forked new backend, pid=15587 socket=10
2013-06-20 15:07:46 EST DEBUG: edb-postgres child[15587]: starting with (
2013-06-20 15:07:46 EST DEBUG: edb-postgres
2013-06-20 15:07:46 EST DEBUG: dccn
2013-06-20 15:07:46 EST DEBUG: )
2013-06-20 15:07:46 EST DEBUG: InitPostgres
2013-06-20 15:07:46 EST DEBUG: my backend ID is 1
2013-06-20 15:07:46 EST DEBUG: StartTransaction
2013-06-20 15:07:46 EST DEBUG: name: unnamed; blockState: DEFAULT;
state: INPROGR, xid/subid/cid: 0/1/0, nestlvl: 1, children:
2013-06-20 15:07:46 EST DEBUG: received password packet
2013-06-20 15:08:46 EST DEBUG: shmem_exit(1): 7 callbacks to make
2013-06-20 15:08:46 EST DEBUG: proc_exit(1): 3 callbacks to make
2013-06-20 15:08:46 EST DEBUG: exit(1)
2013-06-20 15:08:46 EST DEBUG: shmem_exit(-1): 0 callbacks to make
2013-06-20 15:08:46 EST DEBUG: proc_exit(-1): 0 callbacks to make
2013-06-20 15:08:46 EST DEBUG: reaping dead processes
2013-06-20 15:08:46 EST DEBUG: server process (PID 15587) exited with
exit code 1Anyone have any ideas? I never see this with MD5.
I can multiple quickfire binds from an LDAP application and the same bind
DN with no problems.Sounds like an issue either with your ldap server, your network or the
ldap client library. But it's kind of hard to tell. You're probably best
off getting a network trace of the traffic between the ldap server and
postgres, to see how far it gets at all - that's usually a good pointer
when it comes to timeouts.Also, what version of postgres (looks from the names that this might be
edb advanced server and not actually postgres? In that case you might be
better off talking to the EDB people - they may have made some
modifications to the ldap code perhaps)?What OS?
Versions?
What ldap client and version?
What ldap server?--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
--
------------------------------
The contents of this email are confidential and may be subject to legal or
professional privilege and copyright. No representation is made that this
email is free of viruses or other defects. If you have received this
communication in error, you may not copy or distribute any part of it or
otherwise disclose its contents to anyone. Please advise the sender of your
incorrect receipt of this correspondence.