You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Scott Lamb <sl...@slamb.org> on 2002/07/11 02:04:23 UTC

httpd-ldap maintained?

Is httpd-ldap being maintained? Is this the appropriate list to ask 
about it?

With the worker MPM, it seems to work - ldap_status doesn't ever show 
anything being cached, but mod_auth_ldap authenticates correctly.

With the prefork MPM (I had unrelated problems with worker), it's going 
horribly wrong. Still ldap_status doesn't show anything being cached. 
Connections accumulate until OpenLDAP runs out of filehandles and bad 
things happen.

Is this a known problem? Any workaround?

Thanks,
Scott Lamb

Re: httpd-ldap maintained?

Posted by Scott Lamb <sl...@slamb.org>.

Graham Leggett wrote:
> Ok... worker is threaded? (I don't know my MPM's, been focusing on the 
> other modules).

Yes, worker is threaded. But I was wrong - it has the same problem as 
with prefork. I think I was not as brutal the first time I tested with 
worker; see below.

>> Connections accumulate until OpenLDAP runs out of filehandles and bad 
>> things happen.
> 
> Hmmm... I haven't encountered this behaviour before, I would have 
> thought that threaded environments would have caused more problems as 
> the codebase came from the fork v1.3 server.

There's one thing that made it fail very dramatically: mod_autoindex and 
large directories. I aliased in /usr/share/doc on my RedHat system and 
password-protected it. When viewing that URL, the number of LDAP 
connections shoots up dramatically. A few views and OpenLDAP runs out of 
file handles. (Is it authenticating against each entry? why?)

My workaround was to set LDAPCacheEntries and LDAPOpCacheEntries to -1. 
I probably won't have enough people authenticating against it to require 
the cache for performance.

> Overhauling the code is on my lists of things to do once my other 
> projects have settled down, so no, httpd-ldap has not been forgotten.

Cool, good to know.

> Regards,
> Graham

Thanks,
Scott

Re: httpd-ldap maintained?

Posted by Graham Leggett <mi...@sharp.fm>.

Scott Lamb wrote:

> Is httpd-ldap being maintained? Is this the appropriate list to ask 
> about it?

It is being watched, if not actively maintained :) I have had tonnes of 
work to do of late, so it's fallen behind...

> With the worker MPM, it seems to work - ldap_status doesn't ever show 
> anything being cached, but mod_auth_ldap authenticates correctly.

Ok... worker is threaded? (I don't know my MPM's, been focusing on the 
other modules).

> With the prefork MPM (I had unrelated problems with worker), it's going 
> horribly wrong. Still ldap_status doesn't show anything being cached.

I think in the ldap_status case ldap_status might be broken, because on 
the debug log there were lines there saying caching was taking place, 
but we can look at that.

> Connections accumulate until OpenLDAP runs out of filehandles and bad 
> things happen.

Hmmm... I haven't encountered this behaviour before, I would have 
thought that threaded environments would have caused more problems as 
the codebase came from the fork v1.3 server.

Overhauling the code is on my lists of things to do once my other 
projects have settled down, so no, httpd-ldap has not been forgotten.

Regards,
Graham
-- 
-----------------------------------------
minfrin@sharp.fm 
	"There's a moon
					over Bourbon Street
						tonight..."