[Date Prev][Date Next] [Chronological] [Thread] [Top]

Report: apache auth_ldap and "DSA is unwilling to perform"



Good day,

I posted this message three days ago, but unfortunately didn't receive a
reply.

I don't mean to spam the list, but, I could really use some insight on why
OpenLDAP is behaving so oddly.

This is starting to become a big problem for me, as I have a monitoring
screen that refreshes every few minutes, and occasionally it will come up
with the "Authorization Required" page, requiring a user to go the machine
and manually refresh the browser page to bring up the monitoring web page.

Thanks in advance,

============================
Darren Gamble
Planner, Regional Services
Shaw Cablesystems GP
630 - 3rd Avenue SW
Calgary, Alberta, Canada
T2P 4L4
(403) 781-4948


> -----Original Message-----
> From: Darren Gamble [mailto:Darren.Gamble@sjrb.ca]
> Sent: Monday, July 22, 2002 1:51 PM
> To: openldap-software@OpenLDAP.org
> Subject: apache auth_ldap and "DSA is unwilling to perform"
> 
> 
> Good day,
> 
> I've set up auth_ldap with apache and configured it to query 
> a local LDAP
> server.  It works properly... most of the time.
> 
> Occasionally, auth_ldap's queries against the server fail.  The server
> responds with error code 53 - "DSA is unwilling to perform".  The next
> second, it will start working again.
> 
> The OpenLDAP documentation says that this error is either 
> returned if the
> operation isn't possible due to the backend, etc. (which I can't see
> applying here) or if there is a resource problem, in which 
> case it instructs
> the user to check the LDAP logs to determine what the problem is.
> Unfortunately, the log doesn't indicate that.  Here's all it has:
> 
> 
> Jul 22 12:05:10 host slapd[14568]: conn=868 op=13 SRCH
> base="ou=People,ou=Accounts,o=Shaw Cablesystems,c=CA" scope=2
> filter="(&(objectClass=*)(uid=dgamble))"
> 
> Jul 22 12:05:10 host slapd[14568]: conn=868 op=13 RESULT 
> tag=101 err=53
> text=authentication required
> 
> ... and, as mentioned, it will just start working again the 
> next moment.
> 
> 
> auth_ldap logs:
> 
> 
> [Fri Jul 19 12:48:54 2002] [error] [client X.X.X.X] LDAP search for
> (&(Objectclass=*)(uid=dgamble)) failed: LDAP error: DSA is 
> unwilling to
> perform; URI /url
> 
> 
> The machine is lightly loaded with ample memory and disk 
> space.  There are
> only a handful of LDAP queries per minute.
> 
> I don't really see any rhyme or reason to the errors; they just
> spontaneously happen during the day.
> 
> I've also Googled for a resolution, and I have found a 
> handful of people
> writing in with this problem, but no resolutions.
> 
> Why would the LDAP server return this error code out of the 
> blue, but work
> fine the other 99% of the time?  Is there anything else that 
> I could be
> looking for?
> 
> We're running openldap-2.0.21 and auth_ldap-1.6.0 on Red Hat 7.2 .
> 
> Thanks in advance,
> 
> ============================
> Darren Gamble
> Planner, Regional Services
> Shaw Cablesystems GP
> 630 - 3rd Avenue SW
> Calgary, Alberta, Canada
> T2P 4L4
> (403) 781-4948
>