LDAP auth creates constant queries


  • Hi,

    i configured my pfsense, for ldap (SSL) user login. So i have ldap groups defined, for my vpn users, my pfsense admin users, and so on.
    It works perfectly fine, except, that if a admin user is logged into the pfSense WebGUI, the pfSense does constant storm of LDAP queries for the logged in user. I have no idea for what. It queries the logged in user for the groupmembership attriubte, and it gets an answer.
    What is the point in that? Is it a bug?

    Thank you
    best regards
    Halandar

  • Rebel Alliance Developer Netgate

    It's how the auth system is designed, which is sort of a bug but not quite.

    Each time a client loads a page it re-checks the auth to make sure it's still valid, because it doesn't do a persistent LDAP session style login, only an immediate one-off access request.


  • Thank you! So would this issue be worth a bug report?
    Becourse for normal login, this behaviour makes sense, but not for ldap.


  • I've the same issue here: A LDAP server is configured (for VPN auth) but only using local account (admins) on webGUI.
    Moreover theses LDAP connections/lookup can breaks webGUI when LDAP server is down/unreachable (eg. down Internet connection): each page takes about 40-50 seconds to display: I'm guessing it's because LDAP queries that have to timeout before PHP script can continue…

    Others have already encountered the same timeout problem: