Bug 44155 - smarter retry for LDAP_UNAVAILABLE, LDAP_BUSY, etc.
Summary: smarter retry for LDAP_UNAVAILABLE, LDAP_BUSY, etc.
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ldap (show other bugs)
Version: 2.5-HEAD
Hardware: Other other
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: FixedInTrunk
Depends on:
Reported: 2007-12-31 09:49 UTC by Eric Covener
Modified: 2012-03-12 09:59 UTC (History)
2 users (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Eric Covener 2007-12-31 09:49:44 UTC
mod_ldap currently distinguishes between very few LDAP return codes and only
retries when LDAP_SERVER_DOWN (or LDAP_UNAVAILABLE using MS SDK) imply that the
backend connection has gone sour since it's last use.

Some return codes, such as LDAP_UNAVAILABLE or LDAP_BUSY could do a better of
job of retrying (with delay?). 

It's unclear what combination of events, servers, and SDKs cause these various
return codes to be generated, returned, or masked.  

See the discussion in:

(ignoring the LDAP_UNAVAILABLE-on-MSSDK issue)
Comment 1 Philipp Gühring 2012-02-28 17:38:24 UTC
I have this problem too: The LDAP server I have to authenticate against seems to have limits regarding how often a user can try to authenticate, and if it does not want, it returns this error:

[Tue Feb 28 14:46:53 2012] [info] [client] [12698] auth_ldap authenticate: user philipp authentication failed; URI /svn/ [LDAP: ldap_simple_bind_s() failed][Administrative limit exceeded]

I would like to be able to configure that Apache does up to 5 retries, each after 3 seconds, to authenticate in those cases.
Comment 2 Stefan Fritsch 2012-03-12 09:59:56 UTC
This is possible in 2.4.1 with LDAPRetries and LDAPRetryDelay, but the documentation is still lacking.