You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/04/28 21:49:39 UTC
DO NOT REPLY [Bug 42285] New: - mod_authnz_ldap reports [Can't contact LDAP server]
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42285>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42285
Summary: mod_authnz_ldap reports [Can't contact LDAP server]
Product: Apache httpd-2
Version: 2.2.4
Platform: Sun
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: Other Modules
AssignedTo: bugs@httpd.apache.org
ReportedBy: john.tracy@covenant.edu
Bug has been reproduced in Apache 2.2.3 and 2.2.4. When we try to authenticate a
user against a Windows 2003 LDAP server, we occasionally get an Internal Server
500, and the error_log shows an entry like this:
[Sat Apr 28 15:42:02 2007] [warn] [client 10.0.15.12] [13775] auth_ldap
authenticate: user covenant authentication failed; URI /em/gs
[ldap_search_ext_s() for user failed][Can't contact LDAP server]
Restarting Apache makes this error go away, or even opening up the .htaccess
file and resaving it with vi (making no modifications) will make it go away.
Also, when the user click reload within their web browser, it will usually go
away after two or three reloads.
I've tried using both anonymous binds and authenticated binds and multiple ldap
servers, and all ultimately exhibit the same 500 Internal Server Error symptoms.
The more users using the website, the more frequently this error occurs. I was
initially thinking it was related to Apache bug 40878, but the changes proposed
in it were committed to version 2.2.4, and I still have the same problems.
It seems to occur when different users authenticate to the given resource--for
example if user tracy authenticates successfully and then user john comes next,
user john will get the "500 internal server error" after being prompted for
authentication. After the reloading, the page will come up without being
reprompted for authentication.
This is running on Solaris 10, on the Sparc platform.
mod_authnz_ldap internal server 500 ldap_search_ext_s ldap
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42285] - mod_authnz_ldap reports [Can't contact LDAP server]
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42285>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42285
------- Additional Comments From john.tracy@covenant.edu 2007-04-30 08:30 -------
Created an attachment (id=20074)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=20074&action=view)
Log of traffic between ldap and web server, five failures and one success (at
the end)
Apache logged this during the failures:
[Mon Apr 30 09:04:11 2007] [info] Initial (No.1) HTTPS request received for
child 8 (server huss.covenant.edu:443)
[Mon Apr 30 09:04:11 2007] [debug] mod_authnz_ldap.c(870): [24970] auth_ldap
url parse:
`ldap://ldap.covenant.edu:3268/OU=covenant,DC=covenant,DC=edu?sAMAccountName?sub?(objectClass=user)'
[Mon Apr 30 09:04:11 2007] [debug] mod_authnz_ldap.c(879): [24970] auth_ldap
url parse: Host: ldap.covenant.edu:3268
[Mon Apr 30 09:04:11 2007] [debug] mod_authnz_ldap.c(881): [24970] auth_ldap
url parse: Port: 3268
[Mon Apr 30 09:04:11 2007] [debug] mod_authnz_ldap.c(883): [24970] auth_ldap
url parse: DN: OU=covenant,DC=covenant,DC=edu
[Mon Apr 30 09:04:11 2007] [debug] mod_authnz_ldap.c(885): [24970] auth_ldap
url parse: attrib: sAMAccountName
[Mon Apr 30 09:04:11 2007] [debug] mod_authnz_ldap.c(887): [24970] auth_ldap
url parse: scope: subtree
[Mon Apr 30 09:04:11 2007] [debug] mod_authnz_ldap.c(892): [24970] auth_ldap
url parse: filter: (objectClass=user)
[Mon Apr 30 09:04:11 2007] [debug] mod_authnz_ldap.c(972): LDAP: auth_ldap not
using SSL connections
[Mon Apr 30 09:04:11 2007] [debug] mod_authnz_ldap.c(376): [client 10.0.15.12]
[24970] auth_ldap authenticate: using URL
ldap://ldap.covenant.edu:3268/OU=covenant,DC=covenant,DC=edu?sAMAccountName?sub?(objectClass=user)
[Mon Apr 30 09:04:11 2007] [warn] [client 10.0.15.12] [24970] auth_ldap
authenticate: user tracy authentication failed; URI /em/gs [LDAP:
ldap_simple_bind_s() failed][Can't contact LDAP server]
[Mon Apr 30 09:04:11 2007] [info] [client 10.0.15.12] Connection closed to
child 8 with unclean shutdown (server huss.covenant.edu:443)
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42285] - mod_authnz_ldap reports [Can't contact LDAP server]
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42285>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42285
john.tracy@covenant.edu changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From john.tracy@covenant.edu 2007-05-01 11:43 -------
The error was actually caused by having multiple ldap libraries installed during
compile time. I had at least two different versions of the OpenLDAP libraries
installed and at various points during compiling, it was linking against each. I
removed these from the libraries path and compiled directly against the Sun
Solaris LDAP libraries (--with-ldap-lib=/usr/lib/sparcv9) and everything started
working perfectly.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42285] - mod_authnz_ldap reports [Can't contact LDAP server]
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42285>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42285
john.tracy@covenant.edu changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #20074|Log of traffic between ldap |Packet capture of traffic
description|and web server, five |between ldap and web server,
|failures and one success (at|five failures and one
|the end) |success (at the end)
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42285] - mod_authnz_ldap reports [Can't contact LDAP server]
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42285>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42285
------- Additional Comments From covener@gmail.com 2007-04-28 19:10 -------
Do you have a packet trace of the communication between Apache and MSAD for one
of these failures?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org