LDAP login execution timeout

Added by M K about 1 year ago

Hi All

We have started experiencing issues while logging into local redmine server hosted on Win server 2012R2 with apache24. The redmine is configured to use LDAP authentication. The login page return 500 error when using Active Directory credentials, but no issues when using local redmine admin account.

The error on the browser:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request POST /login.
Reason: Error reading from remote server

Our Redmine Environment:
Redmine version 3.2.0.stable
Ruby version 2.2.4-p230 (2015-12-16) [x64-mingw32]
Rails version 4.2.5
Environment production
Database adapter Mysql2
SCM:
Filesystem
Redmine plugins:
no plugin installed

The log
Started GET "/" for 127.0.0.1 at 2016-09-23 14:57:10 +0000
Processing by WelcomeController#index as HTML
Current user: anonymous
Rendered news/_news.html.erb (0.0ms)
Rendered welcome/index.html.erb within layouts/base (31.2ms)
Completed 200 OK in 94ms (Views: 56.0ms | ActiveRecord: 15.6ms)
Started GET "/" for 127.0.0.1 at 2016-09-23 14:57:15 +0000
Processing by WelcomeController#index as HTML
Current user: anonymous
Rendered news/_news.html.erb (0.0ms)
Rendered welcome/index.html.erb within layouts/base (15.6ms)
Completed 200 OK in 47ms (Views: 20.9ms | ActiveRecord: 15.6ms)
Started GET "/login" for 127.0.0.1 at 2016-09-23 14:57:17 +0000
Processing by AccountController#login as HTML
Current user: anonymous
Rendered account/login.html.erb within layouts/base (0.0ms)
Completed 200 OK in 16ms (Views: 11.5ms | ActiveRecord: 0.0ms)
Started POST "/login" for 127.0.0.1 at 2016-09-23 14:57:21 +0000
Processing by AccountController#login as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"zjrjx8ofEVMOte9/fm0cK5oekJfqhwI0NAqrxG6hwLWHJWT1KIt6S7n68vv//f2Jz957Kd3jhUSpa/68EdQyaA==", "back_url"=>"http://pe-ap06-ukpar/", "username"=>"nzm8nm", "password"=>"[FILTERED]", "login"=>"Login »"}
Current user: anonymous
An error occured when authenticating nzm8nm: execution expired
Rendered common/error.html.erb within layouts/base (0.0ms)
Completed 500 Internal Server Error in 64531ms (Views: 11.5ms | ActiveRecord: 0.0ms)

Replies (6)

RE: LDAP login execution timeout - Added by Mark Wintch 3 months ago

I am getting the same error:
Log File:
Processing by AccountController#login as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"4ycmPIcQBLVOHO7sCjkjwBk1KKwDzggOe6S9gHOzrVMoYl+d/EqDChG+UMpfkjGIJ3UVJZzvAXkAyFxjLrsrWg==", "back_url"=>"https://myorg/", "username"=>"nope", "password"=>"[FILTERED]", "login"=>"Login »"}
Current user: anonymous
An error occured when authenticating user: execution expired
Rendered common/error.html.erb within layouts/base (0.0ms)
Completed 500 Internal Server Error in 21063ms (Views: 0.0ms | ActiveRecord: 0.0ms)
Started GET "/gates/login" for 127.0.0.1 at 2017-08-14 08:40:03 -0500
Processing by AccountController#login as HTML
Current user: anonymous
Rendered account/login.html.erb within layouts/base (15.6ms)
Completed 200 OK in 16ms (Views: 15.6ms | ActiveRecord: 0.0ms)
Started POST "/gates/login" for 127.0.0.1 at 2017-08-14 08:40:06 -0500

Environment:
Redmine version 3.3.0.stable
Ruby version 2.1.8-p440 (2015-12-16) [x64-mingw32]
Rails version 4.2.6
Environment production
Database adapter SQLServer

We are also using LDAP with Active Directory login accounts.

RE: LDAP login execution timeout - Added by Ben Earner 2 months ago

I also have the same issue, please see here:

LDAP login execution expired

Seems to be a common issue now, with multiple reports e.g. also here:

Internal Error on LDAP Auth

Yet no one has been able to suggest any cause or resolution. Anyone able to provide some advice for us? Will raising an issue help?

Thanks,

Ben

RE: LDAP login execution timeout - Added by Andreas Schnöppl 2 months ago

Did you try to increase expire time?

RE: LDAP login execution timeout - Added by Ben Earner 2 months ago

I set the timeout to 60 seconds. It seems to throw the error almost instantaneously from my experience. If I login with a local account, it works. Then the same LDAP account which was failing will then begin working.

One thing I'm trying now is to use a dynamic bind to see if that prevents the error (RedmineLDAP), I was using a dedicated user before for the initial bind.

RE: LDAP login execution timeout - Added by M K 2 months ago

The issue had gone I changed the host field in the LDAP settings to the domain controller name. It was just a domain name below.
Before - Domain.Lan
After - DC01.Domain.Lan

This fixed the issue.

RE: LDAP login execution timeout - Added by Ben Earner 2 months ago

Thanks, I will try that too.

(1-6/6)