我重写了这个问题,重点关注特定部分。原标题为“Apache 挂起或退出,但保持 TCP 套接字打开并且不接受连接”
问题
问题是,配置为使用 LDAP 进行身份验证的网站(Moodle)在尝试 LDAP 身份验证时挂起。
细节
我使用 tcpdump 捕获了 Apache 发送的 LDAP 请求(即来自 Web 应用程序)和 CLI ldapsearch 实用程序发送的 LDAP 请求的 TCP 数据包。Apache 发送的数据包似乎挂起了,然后又重复发送了这个 125 字节的数据包。我不知道该怎么做,我希望别人能做到。
- Apache 错误日志中没有记录任何内容。我将错误日志设置为“调试”,但仍然没有任何记录。
- PHP/Web 应用程序也没有报告任何错误;我也为 PHP 全力提高了 error_reporting。
- 仅当 LDAP 请求由 Web 应用程序生成和执行时才会发生此问题。
- 即当我使用与 Web 应用程序相同的凭据和详细信息运行“ldapsearch”时,我会从 LDAP 服务器获得快速而完整的响应
- LDAP 是 Windows AD。我不知道是什么版本,并且我没有它的管理权限(或者实际上没有任何权限)。
输出自tcpdump
# ## TCP Packets from Apache # # tcpdump -r tcpdump_from_apache.out reading from file tcpdump_from_apache.out, link-type EN10MB (Ethernet) 13:45:00.063879 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [S], seq 920683327, win 5840, options [mss 1460,sackOK,TS val 3353249407 ecr 0,nop,wscale 7], length 0 13:45:00.106582 IP ldapserver.someuniversity.edu.ldap > webserver-0001.56557: Flags [S.], seq 388153653, ack 920683328, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 176288620 ecr 3353249407], length 0 13:45:00.106602 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [.], ack 1, win 46, options [nop,nop,TS val 3353249411 ecr 176288620], length 0 13:45:00.106677 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 1:82, ack 1, win 46, options [nop,nop,TS val 3353249411 ecr 176288620], length 81 13:45:00.152943 IP ldapserver.someuniversity.edu.ldap > webserver-0001.56557: Flags [P.], seq 1:23, ack 82, win 256, options [nop,nop,TS val 176288624 ecr 3353249411], length 22 13:45:00.152961 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [.], ack 23, win 46, options [nop,nop,TS val 3353249416 ecr 176288624], length 0 13:45:00.153216 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 82:207, ack 23, win 46, options [nop,nop,TS val 3353249416 ecr 176288624], length 125 13:45:00.458751 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 82:207, ack 23, win 46, options [nop,nop,TS val 3353249447 ecr 176288624], length 125 13:45:01.078694 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 82:207, ack 23, win 46, options [nop,nop,TS val 3353249509 ecr 176288624], length 125 13:45:02.318668 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 82:207, ack 23, win 46, options [nop,nop,TS val 3353249633 ecr 176288624], length 125 13:45:04.798702 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 82:207, ack 23, win 46, options [nop,nop,TS val 3353249881 ecr 176288624], length 125 13:45:09.758699 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 82:207, ack 23, win 46, options [nop,nop,TS val 3353250377 ecr 176288624], length 125 13:45:19.678660 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 82:207, ack 23, win 46, options [nop,nop,TS val 3353251369 ecr 176288624], length 125 13:45:39.518685 IP webserver-0001.56557 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 82:207, ack 23, win 46, options [nop,nop,TS val 3353253353 ecr 176288624], length 125 ...etc... # ## TCP Packets when running "ldapsearch" # # tcpdump -r tcpdump_from_ldapsearch.out reading from file tcpdump_from_ldapsearch.out, link-type EN10MB (Ethernet) 13:43:16.194111 IP webserver-0001.mroomstech.com.56550 > ldapserver.someuniversity.edu.ldap: Flags [S], seq 3594896697, win 5840, options [mss 1460,sackOK,TS val 3353239020 ecr 0,nop,wscale 7], length 0 13:43:16.250285 IP ldapserver.someuniversity.edu.ldap > webserver-0001.mroomstech.com.56550: Flags [S.], seq 3373619350, ack 3594896698, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 176278235 ecr 3353239020], length 0 13:43:16.250322 IP webserver-0001.mroomstech.com.56550 > ldapserver.someuniversity.edu.ldap: Flags [.], ack 1, win 46, options [nop,nop,TS val 3353239026 ecr 176278235], length 0 13:43:16.250370 IP webserver-0001.mroomstech.com.56550 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 1:82, ack 1, win 46, options [nop,nop,TS val 3353239026 ecr 176278235], length 81 13:43:16.308445 IP ldapserver.someuniversity.edu.ldap > webserver-0001.mroomstech.com.56550: Flags [P.], seq 1:23, ack 82, win 256, options [nop,nop,TS val 176278241 ecr 3353239026], length 22 13:43:16.308482 IP webserver-0001.mroomstech.com.56550 > ldapserver.someuniversity.edu.ldap: Flags [.], ack 23, win 46, options [nop,nop,TS val 3353239031 ecr 176278241], length 0 13:43:16.308680 IP webserver-0001.mroomstech.com.56550 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 82:174, ack 23, win 46, options [nop,nop,TS val 3353239031 ecr 176278241], length 92 13:43:16.372985 IP ldapserver.someuniversity.edu.ldap > webserver-0001.mroomstech.com.56550: Flags [P.], seq 23:476, ack 174, win 256, options [nop,nop,TS val 176278248 ecr 3353239031], length 453 13:43:16.373200 IP webserver-0001.mroomstech.com.56550 > ldapserver.someuniversity.edu.ldap: Flags [P.], seq 174:181, ack 476, win 54, options [nop,nop,TS val 3353239038 ecr 176278248], length 7 13:43:16.373250 IP webserver-0001.mroomstech.com.56550 > ldapserver.someuniversity.edu.ldap: Flags [F.], seq 181, ack 476, win 54, options [nop,nop,TS val 3353239038 ecr 176278248], length 0 13:43:16.439382 IP ldapserver.someuniversity.edu.ldap > webserver-0001.mroomstech.com.56550: Flags [.], ack 182, win 256, options [nop,nop,TS val 176278254 ecr 3353239038], length 0 13:43:16.439413 IP ldapserver.someuniversity.edu.ldap > webserver-0001.mroomstech.com.56550: Flags [R.], seq 476, ack 182, win 0, length 0