You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Minson, John M Mr ARMY GUEST" <jo...@us.army.mil> on 2008/11/24 16:33:00 UTC
[users@httpd] using ldap secure causes core dump
If I attempt to use ldaps I get
[Mon Nov 24 10:19:07 2008] [debug] mod_authnz_ldap.c(582): [client
150.125.168.140] ldap authorize: Creating LDAP req structure
[Mon Nov 24 10:19:15 2008] [notice] child pid 26129 exit signal
Segmentation fault (11), possible coredump in /usr/local/httpd
Works fine in non-secure mode
Any ideas on what I can do get some more info on whats going on ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] using ldap secure causes core dump PROGRESS
Then STUMPED Again
Posted by Tom Evans <te...@googlemail.com>.
On Tue, 2008-11-25 at 11:03 -0500, Minson, John M Mr ARMY GUEST wrote:
> using the following combo
>
> --with-ldap-lib=/usr/local/lib/
> --with-ldap-include=/usr/local/include/ --with-ldap
>
> make the ldap config/make issue seem to go away but then the make dies
> with
>
> gcc -g -O2 -DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT
> -D_LARGEFILE64_SOURCE
> -I/export/home/minsonj/httpd-2.2.10/srclib/pcre -I.
> -I/export/home/minsonj/httpd-2.2.10/os/unix
> -I/export/home/minsonj/httpd-2.2.10/server/mpm/prefork
> -I/export/home/minsonj/httpd-2.2.10/modules/http
> -I/export/home/minsonj/httpd-2.2.10/modules/filters
> -I/export/home/minsonj/httpd-2.2.10/modules/proxy
> -I/export/home/minsonj/httpd-2.2.10/include
> -I/export/home/minsonj/httpd-2.2.10/modules/generators
> -I/export/home/minsonj/httpd-2.2.10/modules/mappers
> -I/export/home/minsonj/httpd-2.2.10/modules/database
> -I/export/home/minsonj/httpd-2.2.10/srclib/apr/include
> -I/export/home/minsonj/httpd-2.2.10/srclib/apr-util/include
> -I/usr/local/include/
> -I/export/home/minsonj/httpd-2.2.10/modules/proxy/../generators
> -I/usr/local/ssl/include
> -I/export/home/minsonj/httpd-2.2.10/modules/ssl
> -I/export/home/minsonj/httpd-2.2.10/modules/dav/main
> -c /export/home/minsonj/httpd-2.2.10/server/buildmark.c
> /export/home/minsonj/httpd-2.2.10/srclib/apr/libtool --silent
> --mode=link gcc -g -O2 -L/usr/local/lib/ -L/usr/local/ssl/lib
> -R/usr/local/ssl/lib -o httpd modules.lo buildmark.o
> -export-dynamic server/libmain.la modules/aaa/libmod_authn_file.la
> modules/aaa/libmod_authn_default.la modules/aaa/libmod_authz_host.la
> modules/aaa/libmod_authz_groupfile.la modules/aaa/libmod_authz_user.la
> modules/aaa/libmod_authnz_ldap.la modules/aaa/libmod_authz_default.la
> modules/aaa/libmod_auth_basic.la modules/filters/libmod_include.la
> modules/filters/libmod_filter.la modules/ldap/libmod_ldap.la
> modules/loggers/libmod_log_config.la modules/metadata/libmod_env.la
> modules/metadata/libmod_setenvif.la modules/ssl/libmod_ssl.la
> modules/http/libmod_http.la modules/http/libmod_mime.la
> modules/generators/libmod_status.la
> modules/generators/libmod_autoindex.la
> modules/generators/libmod_asis.la modules/generators/libmod_cgi.la
> modules/mappers/libmod_negotiation.la modules/mappers/libmod_dir.la
> modules/mappers/libmod_actions.la modules/mappers/libmod_userdir.la
> modules/mappers/libmod_alias.la modules/mappers/libmod_rewrite.la
> modules/mappers/libmod_so.la server/mpm/prefork/libprefork.la
> os/unix/libos.la
> -lm /export/home/minsonj/httpd-2.2.10/srclib/pcre/libpcre.la /export/home/minsonj/httpd-2.2.10/srclib/apr-util/libaprutil-1.la -lexpat /export/home/minsonj/httpd-2.2.10/srclib/apr/libapr-1.la -luuid -lsendfile -lrt -lsocket -lnsl -lpthread
>
> ld: fatal: library -lnet: not found
>
> before I started messing with the ldap stuff this error never occured
>
>
> I'm growing weary of the chase
That final invocation of libtool doesnt reference /usr/lib, which is
almost certainly where libnet lives. Have you done some hackery to
remove /usr/lib, to avoid it finding LDAP libraries in there?
Could you email, or put on a pastebin somewhere, the contents of:
<apachedir>/config.nice
<apachedir>/config.log
<apachedir>/srclib/apr-util/config.nice
<apachedir>/srclib/apr-util/config.log
Cheers
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] using ldap secure causes core dump
Posted by Tom Evans <te...@googlemail.com>.
On Mon, 2008-11-24 at 14:00 -0500, Minson, John M Mr ARMY GUEST wrote:
> note thi sis apache 2.2.10
>
> # ldd httpd
> libldap.so.5 => /usr/lib/libldap.so.5
> libdl.so.1 => /lib/libdl.so.1
> libssl.so.0.9.8 => /usr/local/ssl/lib/libssl.so.0.9.8
> libcrypto.so.0.9.8 => /usr/local/ssl/lib/libcrypto.so.0.9.8
Yep.
> libm.so.2 => /lib/libm.so.2
> libaprutil-1.so.0
> => /usr/local/httpd/lib/libaprutil-1.so.0
> libexpat.so.1 => /usr/sfw/lib/libexpat.so.1
> libapr-1.so.0 => /usr/local/httpd/lib/libapr-1.so.0
> libuuid.so.1 => /lib/libuuid.so.1
> libsendfile.so.1 => /lib/libsendfile.so.1
> librt.so.1 => /lib/librt.so.1
> libsocket.so.1 => /lib/libsocket.so.1
> libnsl.so.1 => /lib/libnsl.so.1
> libpthread.so.1 => /lib/libpthread.so.1
> libc.so.1 => /lib/libc.so.1
> libsasl.so.1 => /usr/lib/libsasl.so.1
> libmd.so.1 => /lib/libmd.so.1
> libnspr4.so => /usr/lib/mps/libnspr4.so
> libplc4.so => /usr/lib/mps/libplc4.so
> libnss3.so => /usr/lib/mps/libnss3.so
> libssl3.so => /usr/lib/mps/libssl3.so
> libgcc_s.so.1 => /usr/local/lib/libgcc_s.so.1
> libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1
> libaio.so.1 => /lib/libaio.so.1
> libmp.so.2 => /lib/libmp.so.2
> libscf.so.1 => /lib/libscf.so.1
> libthread.so.1 => /lib/libthread.so.1
> libsoftokn3.so => /usr/lib/mps/libsoftokn3.so
> libplds4.so => /usr/lib/mps/libplds4.so
> libdoor.so.1 => /lib/libdoor.so.1
> libuutil.so.1 => /lib/libuutil.so.1
> libgen.so.1 => /lib/libgen.so.1
> libbsm.so.1 => /lib/libbsm.so.1
> libsecdb.so.1 => /lib/libsecdb.so.1
> libtsol.so.2 => /lib/libtsol.so.2
> libcmd.so.1 => /lib/libcmd.so.1
> /platform/SUNW,Sun-Fire-T200/lib/libc_psr.so.1
> /platform/SUNW,Sun-Fire-T200/lib/libmd_psr.so.1
> /usr/lib/mps/cpu/sparcv8plus/libnspr_flt4.so
>
> ldd of mod_ssl and mod_authnz_ldap show nothing ?
They probably have the SSL libraries staticly linked in.
> I think the issue is the 'libldap.so.5 => /usr/lib/libldap.so.5' .
> This is pointing to the standard Solaris 10 ldap which I suspect was
> built against the Solaris 10 ssl .
>
> I cannot get the apache config/make to pick up my install of open ldap
> 2.4.11 installed in /usr/local
>
> If I set LD_LIBRARY_PATH=/usr/local/lib the apache config gives me
>
> checking for ldap support...
> checking for ldap_init in -lldap50... no
> checking for ldap_init in -lldapssl41... no
> checking for ldap_init in -lldapssl40... no
> checking for ldap_init in -lldapssl30... no
> checking for ldap_init in -lldapssl20... no
> checking for ldap_init in -lldapsdk... no
> checking for ldap_init in -lldapsdk... no
> checking for ldap_init in -lldap... no
> checking for ldap_init in -lldap... no
> checking for ldap_init in -lldap... no
> checking for ldap_init in -lldap... no
> configure: error: could not find an LDAP library
> configure failed for srclib/apr-util
Yeah, that is unlikely to work. How about manually installing apr and
apr-util (you'll find them in httpd-2.2.10/srclib/apr and
httpd-2.2.10/srclib/apr-util). When you come to build apr-util, you can
pass the LDAP library path to the configure script with something like
'--with-ldap-include=/usr/local --with-ldap-lib=/usr/local
--with-ldap=/usr/local/lib/libldap.so'.
Thats probably not exactly right, but play around with it and then it
should be fine.
Once you have apr/apr-util built correctly, configure httpd to use those
installed versions with '--with-apr=/usr/local/bin/apr-1-config
--with-apr-util=/usr/local/bin/apu-1-config'.
BTW, your emails all seem to come through as HTML email attachments.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] using ldap secure causes core dump
Posted by Tom Evans <te...@googlemail.com>.
On Mon, 2008-11-24 at 10:33 -0500, Minson, John M Mr ARMY GUEST wrote:
> If I attempt to use ldaps I get
>
> [Mon Nov 24 10:19:07 2008] [debug] mod_authnz_ldap.c(582): [client
> 150.125.168.140] ldap authorize: Creating LDAP req structure
> [Mon Nov 24 10:19:15 2008] [notice] child pid 26129 exit signal
> Segmentation fault (11), possible coredump in /usr/local/httpd
>
> Works fine in non-secure mode
>
> Any ideas on what I can do get some more info on whats going on ?
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
Output of these commands please:
ldd /path/to/sbin/httpd
ldd /path/to/mod_ssl.so
ldd /path/to/mod_*ldap*.so
You almost certainly have httpd/mod_ssl linked to one OpenSSL library,
and mod_{,authnz_}ldap linked to another. Those commands should
demonstrate that. The solution is to rebuild/reinstall apache.
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org