LDAP login execution expired

Added by Ben Earner over 2 years ago

Hi,

I have set up Redmine to use LDAP authentication which works fine most of the time. However, occasionally (seemingly randomly) I will receive an "execution expired" error message. I can then only login using a local user, which then seems to allow the LDAP authentication to work again. Having searched for users with the same problem I've found similar issues raised a number of times over the years but with no resolution suggested: #23917 Internal Error on LDAP Auth

Running on Windows 2008 R2:

Environment:
  Redmine version                3.3.0.stable
  Ruby version                   2.1.8-p440 (2015-12-16) [i386-mingw32]
  Rails version                  4.2.6
  Environment                    production
  Database adapter               Mysql2
SCM:
  Git                            2.7.4
  Filesystem                     
Redmine plugins:
  redmine_materials              0.1.5
  redmine_percent_done           1.1.0
  redmine_silencer               0.4.1

Production.log:

Started POST "/redmine/login" for 127.0.0.1 at 2017-05-08 10:48:00 +0100
Processing by AccountController#login as HTML
  Parameters: {"utf8"=>"?", "authenticity_token"=>"TGG5MGpf4uhIY3V4OpUKZ9kloH9RPa1cRFzKa7bva3sf5ZqWbuh4gQeK2KVKcoh6UbhQV0H78/wzEZHAu/kbYA==", "back_url"=>"http://at01:8080/redmine/projects/la-102/issues/new", "username"=>"bsmith", "password"=>"[FILTERED]", "login"=>"Login »"}
  Current user: anonymous
An error occured when authenticating bsmith: execution expired

Is this a redmine issue, an underlying issue with the ldap implementation Redmine uses or a problem with my configuration?

Many thanks for any comments or suggestions,

Ben

Replies (4)

RE: LDAP login execution expired - Added by Ben Earner over 2 years ago

Can anyone help with this or should I raise an issue?

Thanks,

Ben

RE: LDAP login execution expired - Added by Tuan Tran about 2 years ago

I have the same problem. Did you found any solutions yet?

RE: LDAP login execution expired - Added by Ben Earner almost 2 years ago

Sorry for the slow reply. Yes the issue seems to be resolved for me, see another discussion here: LDAP login execution timeout

To summarize what worked for me:

E.g. Account: $login@COMPANY.DOMAIN.NAME

  • Be explicit in which server to use for AD authentication rather than using just the domain.

E.g. Host: HOSTNAME.COMPANY.DOMAIN.NAME (rather than just Host: COMPANY.DOMAIN.NAME)

RE: LDAP login execution expired - Added by Maximilian Eschenbacher 4 months ago

Choosing a specific domain controller over the windows domain itself is rather misleading because you are throwing away the DNS load balancing of windows domain controllers. DNS load balancing can be very useful in the case of using them as ldap server because the ldap (or rather Socket.tcp) will then choose the first available server from DNS. Please see also https://www.redmine.org/boards/2/topics/37819?r=57467

Long story short: keep the domain name as server and increase the timeout for ldap authentication to give redmine enough time for establishing ldap connections.

(1-4/4)