You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by GOVAERTS Lieven <Li...@post.be> on 2005/06/27 16:33:04 UTC
[users@httpd] Problem report: ldap / apache 2.0.54: child process crashes after failed authentication
Hi,
We encounter a problem with an apache server in our system, when
failing authentication with an Active Directory server.
Environment:
Suse linux ( kernel: vmlinuz-2.6.5-7.97-bigsmp )
apache 2.0.54, one patch applied ( attached )
openldap2-2.2.6-37.rpm
( integrated with subversion 1.2.0 )
integrated with Active Directory
Description:
Apache is providing DAV & authentication services in our subversion
setup. For authentication, an external Active Directory is queried.
This runs very well, except some random crashes as described here.
Problem is, that at certain moments in time an httpd process will
crash: child pid 19732 exit signal Segmentation fault (11)
The way to reproduce it:
1. With a webbrowser, access a file that needs authentication ( in our
case, in the subversion repository )
2. Provide a not-existing user and password
3. Apache will lookup the user on the AD server, but this will fail.
( normally ), asking the user again for user & password.
4. Do another request ( user & password you type is not important here )
5. The process handling request of step 1 will crash.
This problem doesn't happen very often, a few times a day for 50 users,
but has a lot of impact, since it can happen on a long-running commit
to the subversion repository.
I've searched in bug reports and mailing lists, but didn't find anything
that resembled this problem. It seems to be related to freeing up
resources?
If anybody has a patch, or a way to workaround this problem, please let
me know.
I see that more of these types of problem reports exist, and people are
Urged to wait for apache 2.1, which is now in beta. Can anyone tell me
when it is supposed to be released?
regards,
Lieven.
Extract from the error.log file:
--------------------------------
[Thu Jun 23 16:19:35 2005] [warn] [client 10.102.65.39] [10137]
auth_ldap authenticate:
user govaerl authentication failed; URI /svn/test/trunk/test.txt
[ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]
[Thu Jun 23 16:19:35 2005] [warn] [client 10.102.65.39] [9168] auth_ldap
authenticate:
user govaerl authentication failed; URI /svn/test/trunk/test.txt
[ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]
[Thu Jun 23 16:19:35 2005] [notice] child pid 10137 exit signal
Segmentation fault (11)
[Thu Jun 23 16:21:04 2005] [warn] [client 10.102.65.39] [19732]
auth_ldap authenticate:
user govaerl authentication failed; URI /svn/test/trunk/test.txt
[ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]
[Thu Jun 23 16:21:04 2005] [warn] [client 10.102.65.39] [19733]
auth_ldap authenticate:
user govaerl authentication failed; URI /svn/test/trunk/test.txt
[ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]
[Thu Jun 23 16:21:04 2005] [warn] [client 10.102.65.39] [19733]
auth_ldap authenticate:
user govaerl authentication failed; URI /svn/test/trunk/test.txt
[ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]
[Thu Jun 23 16:21:04 2005] [notice] child pid 19732 exit signal
Segmentation fault (11)
Extract from httpd.conf:
------------------------
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /svn>
DAV svn
SVNParentPath /test/repos
# access control policy
AuthzSVNAccessFile /test/svnaccess.conf
# try anonymous access first, resort to real authentication if
necessary
Satisfy Any
Require valid-user
# LDAP authentication
AuthType Basic
AuthName "Subversion Repository"
AuthLDAPEnabled on
AuthLDAPURL "XXXXXXXXXXXXXXXX"
AuthLDAPAuthoritative on
AuthLDAPBindDN "XXXXXXXXXXXXXX"
AuthLDAPBindPassword xxxxxxxxxxx
Require valid-user
</Location>
STRICTLY PERSONAL AND CONFIDENTIAL
This message may contain confidential and proprietary material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.
Dit bericht is enkel bestemd voor de aangeduide ontvangers en kan vertrouwelijke informatie bevatten. Als u niet de ontvanger bent, dan mag u de inhoud van dit bericht niet bekendmaken noch kopi�ren. Als u dit bericht per vergissing ontvangen heeft, gelieve er de afzender of De Post onmiddellijk van op de hoogte te brengen en het bericht vervolgens te verwijderen.
Ce message est uniquement destin� aux destinataires indiqu�s et peut contenir des informations confidentielles. Si vous n'�tes pas le destinataire, vous ne devez pas r�v�ler le contenu de ce message ou en prendre copie. Si vous avez re�u ce message par erreur, veuillez en informer l'exp�diteur, ou La Poste imm�diatement, avant de le supprimer.