[Date Prev][Date Next] [Chronological] [Thread] [Top]

apache auth_ldap and "DSA is unwilling to perform"

Good day,

I've set up auth_ldap with apache and configured it to query a local LDAP
server.  It works properly... most of the time.

Occasionally, auth_ldap's queries against the server fail.  The server
responds with error code 53 - "DSA is unwilling to perform".  The next
second, it will start working again.

The OpenLDAP documentation says that this error is either returned if the
operation isn't possible due to the backend, etc. (which I can't see
applying here) or if there is a resource problem, in which case it instructs
the user to check the LDAP logs to determine what the problem is.
Unfortunately, the log doesn't indicate that.  Here's all it has:

Jul 22 12:05:10 host slapd[14568]: conn=868 op=13 SRCH
base="ou=People,ou=Accounts,o=Shaw Cablesystems,c=CA" scope=2

Jul 22 12:05:10 host slapd[14568]: conn=868 op=13 RESULT tag=101 err=53
text=authentication required

... and, as mentioned, it will just start working again the next moment.

auth_ldap logs:

[Fri Jul 19 12:48:54 2002] [error] [client X.X.X.X] LDAP search for
(&(Objectclass=*)(uid=dgamble)) failed: LDAP error: DSA is unwilling to
perform; URI /url

The machine is lightly loaded with ample memory and disk space.  There are
only a handful of LDAP queries per minute.

I don't really see any rhyme or reason to the errors; they just
spontaneously happen during the day.

I've also Googled for a resolution, and I have found a handful of people
writing in with this problem, but no resolutions.

Why would the LDAP server return this error code out of the blue, but work
fine the other 99% of the time?  Is there anything else that I could be
looking for?

We're running openldap-2.0.21 and auth_ldap-1.6.0 on Red Hat 7.2 .

Thanks in advance,

Darren Gamble
Planner, Regional Services
Shaw Cablesystems GP
630 - 3rd Avenue SW
Calgary, Alberta, Canada
T2P 4L4
(403) 781-4948