httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 37814] - auth_ldap built with the Microsoft LDAP SDK will not work at all with Openldap 2.2.x.
Date Thu, 06 Dec 2007 00:19:34 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37814>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=37814





------- Additional Comments From rycarpenter@deloitte.com  2007-12-05 16:19 -------
(In reply to comment #7)
> Also already fixed in the 2.2.x branch of httpd:
> http://svn.apache.org/viewvc?view=rev&revision=527105
> This is a apr-util bug now, revision r586077 needs to be backported.

I'm running Apache 2.2.6 (from a binary distribution on Windows) and I'm still 
seeing this error. The following is the translated LDAP searchRequest from the 
packet sniffer I used to view the traffic to and from my LDAP server during 
debugging:

-----------------------------------------------------------------
Lightweight-Directory-Access-Protocol
	LDAPMessage searchRequest(2) "ou=System" wholeSubtree
		messageID: 2
		protocolOp: searchRequest (3)
			searchRequest
				baseObject: ou=System
				scope: wholeSubtree (2)
				derefAliases: derefAlways (3)
				sizeLimit: 4294967295
				timeLimit: 0
				typesOnly: False
				Filter: (&(objectclass=*)(uid=test))
				attributes: 0 items
-----------------------------------------------------------------

Note that the offending sizeLimit value is still there. This is causing a 
failure with both OpenLDAP, as well as likely being a problem with ApacheDS. I 
can't tell for sure that this is the case, since the error message returned 
from ApacheDS 1.0.2 is the cryptic "The server will disconnect!", rather than 
the informative "invalid size limit" returned by OpenLDAP. However, given this 
is a known issue with other LDAP servers and the fact that the rest of the 
request looks good, it's likely the cause. ApacheDS 1.5.1 reacts quit badly, 
as well. However, instead of returning an error it doesn't return at all, 
hanging the request that initiated the LDAP call, and causing Apache and 
ApacheDS to simply ping each other back and forth with TCP PSH and ACK 
requests.

The above LDAP search request came from an install of the binary distribution 
of Apache 2.2.6 from the apache_2.2.6-win32-x86-openssl-0.9.8e.msi. It's 
running on Windows XP Professional 2002 SP 2. I see the following entry in the 
change logs which came with the distribution:

     *) mod_ldap: Remove the hardcoded size limit parameter for
          ldap_search_ext_s and replace it with an APR_ defined
          value that is set according to the LDAP SDK being used.
          [David Jones ]

Nevertheless, it doesn't seem to have resolve the size limit problem on 
Windows. Shouldn't this have been included in the 2.2.6 release? I see there 
are some comments in the thread here about the "pending" change, but based on 
the entry for the change logs with the 2.2.6 release it appears to me that 
this issue shouldn't be reoccurring in that version. Any feedback on why this 
is still occuring would be appreciated.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message