Issue: Apache is issuing bursts of almost simultaneous LDAP search/bind requests. In my organisation, this is causing a single incorrect password attempt to appear as many failed LDAP requests, immediately locking the user's account. I reported this but with an incorrect diagnosis yesterday: https://bz.apache.org/bugzilla/show_bug.cgi?id=66355 Sorry about that. My diagnosis was incorrect, but there definitely is an issue here. Version: 2.4.54 (Debian). Where I quote line numbers below, they are from the 2.4.x branch of the code from GitHub: https://github.com/apache/httpd Log: Here's an extract from the Apache error log (slightly edited): 698114627328] util_ldap.c(757): [client ZZ.ZZ.ZZ.ZZ:55832] Reuse unbound LDC 7f0e0d5d90a0, referer: XXXXX id 139698114627328] mod_authnz_ldap.c(548): [client ZZ.ZZ.ZZ.ZZ:55832] AH01691: auth_ldap authenticate: using URL ldap://YYYYY, referer: XXXXX tid 139698114627328] mod_authnz_ldap.c(554): [client ZZ.ZZ.ZZ.ZZ:55832] auth_ldap authenticate: final authn filter is (&(uid=*)(uid=UUUUU)), referer: XXXXX 698114627328] util_ldap.c(343): [client ZZ.ZZ.ZZ.ZZ:55832] LDC 7f0e0d5d90a0 init, referer: XXXXX 698114627328] util_ldap.c(393): AH01278: LDAP: Setting referrals to On. 698064271104] util_ldap.c(757): [client ZZ.ZZ.ZZ.ZZ:55836] Reuse unbound LDC 7f0e0d5d90a0, referer: XXXXX I think the problem is the first and last lines. This message occurs multiple times from Apache when I see multiple requests on the LDAP server (and only then). Here, I saw two simultaneous requests on the server; sometimes it's as many as 7-8. Diagnoses: My previous diagnosis was incorrect: https://bz.apache.org/bugzilla/show_bug.cgi?id=66355 So my confidence in this is low, but... There's something odd about the mutex code in: httpd/modules/ldap/util_ldap.c uldap_connection_find() (starts line 708 in github/2.4.x branch) http://svn.apache.org/viewvc/httpd/httpd/tags/2.4.54/modules/ldap/util_ldap.c?revision=1901749&view=markup#l708 Specifically, the for loop containing the "Reuse unbound LDC" message: starting line 736: http://svn.apache.org/viewvc/httpd/httpd/tags/2.4.54/modules/ldap/util_ldap.c?revision=1901749&view=markup#l736 More specifically, the "break" at line 761: http://svn.apache.org/viewvc/httpd/httpd/tags/2.4.54/modules/ldap/util_ldap.c?revision=1901749&view=markup#l761 This break jumps out of the loop, thereby skipping the call to: apr_thread_mutex_unlock(l->lock); on line 767: http://svn.apache.org/viewvc/httpd/httpd/tags/2.4.54/modules/ldap/util_ldap.c?revision=1901749&view=markup#l767 (The mutex was acquired on line 738, inside and at the top of the for loop) So, it is possible that a mutex is being retained incorrectly? If my diagnosis is incorrect, then there nevertheless does remain an issue. Thank you for your time.