You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2005/08/02 15:21:41 UTC
Re: [PATCH] fix util_ldap with older OpenLDAPs
+1 to this fix.
Folks, either agree the code is correct, disagree that it should
be some other way, identify it's bugs, or hush up. Plenty of
people ARE using 2.2 ldap auth today - and there is no reason
to stand in the way of committing obvious bug fixes, especially
for recently modified code that was just wrong.
Once 2.2 has run around the block a few times, most users will
pick it up to close such bugs. But this involves reconfiguration,
and the users who would appreciate if we would just fix the bug
aren't looking to be beta testers. Holding up segfaults as guns
to their heads, attempting to force them to 2.1-unstable isn't cool.
Bill
At 03:59 PM 7/27/2005, Joe Orton wrote:
>Since 2.0.54, it seems mod_auth_ldap just segfaults on any request if
>built against older versions of OpenLDAP, 2.2.20 and earlier (pre-2005).
>It looks like this was another regression caused the addition of the
>LDAPConnectionTimeout option. (New features, stable branch,
>regressions? Hmmm, I spot a pattern)
>
>http://issues.apache.org/bugzilla/show_bug.cgi?id=34618 mentions this
>with "upgrade OpenLDAP" as the solution, which isn't really a great way
>to give your users that warm fuzzy feeling.
>
>Any objections to this?
>
>Index: modules/experimental/util_ldap.c
>===================================================================
>--- modules/experimental/util_ldap.c (revision 225591)
>+++ modules/experimental/util_ldap.c (working copy)
>@@ -50,7 +50,21 @@
> #define LDAP_CA_TYPE_BASE64 2
> #define LDAP_CA_TYPE_CERT7_DB 3
>
>+#if APR_HAS_OPENLDAP_LDAPSDK
>+#include <ldap_features.h>
>
>+/* LDAP_OPT_NETWORK_TIMEOUT is broken in OpenLDAP < 2.2.21, see
>+ * OpenLDAP bug "ITS 3487". */
>+
>+#if LDAP_VENDOR_VERSION_MAJOR < 2 || \
>+ (LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR < 2) || \
>+ (LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR == 2 \
>+ && LDAP_VENDOR_VERSION_PATCH < 21)
>+#undef LDAP_OPT_NETWORK_TIMEOUT
>+#endif
>+
>+#endif /* APR_HAS_OPENLDAP_LDAPSDK */
>+
> module AP_MODULE_DECLARE_DATA ldap_module;
>
> int util_ldap_handler(request_rec *r);
Re: [PATCH] fix util_ldap with older OpenLDAPs
Posted by Graham Leggett <mi...@sharp.fm>.
William A. Rowe, Jr. said:
> +1 to this fix.
>
> Folks, either agree the code is correct, disagree that it should
> be some other way, identify it's bugs, or hush up. Plenty of
> people ARE using 2.2 ldap auth today - and there is no reason
> to stand in the way of committing obvious bug fixes, especially
> for recently modified code that was just wrong.
I'm not sure where the impression was gained that anybody is standing in
the way of fixing bugs in v2.0? I gave it a +1, Joe a +1 by submitting it,
and you a +1 above. That's three.
Bugs were fixed in v2.2 due to a rewrite that spanned APR v1.1 and httpd,
making the fixes neither atomic nor easy to backport. That said, if people
want to use v2.0, and if people are keen to fix the remaining bugs in
v2.0, then ++1 to that. Patches posted will definitely not be blocked.
Regards,
Graham
--
Re: [PATCH] fix util_ldap with older OpenLDAPs
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 08:21 AM 8/2/2005, William A. Rowe, Jr. wrote:
>+1 to this fix.
>
>Folks, either agree the code is correct, disagree that it should
>be some other way, identify it's bugs, or hush up. Plenty of
>people ARE using 2.2 ldap auth today - and there is no reason
>to stand in the way of committing obvious bug fixes, especially
>for recently modified code that was just wrong.
s/2.2/2.0/ of course :)
<runs off for more Coffee>