httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46317] New: mod_authnz_ldap.c(373) seg fault
Date Mon, 01 Dec 2008 20:43:44 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46317

           Summary: mod_authnz_ldap.c(373)  seg fault
           Product: Apache httpd-2
           Version: 2.2.10
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authz_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: arkadiyg@yahoo.com


Our LDAP Active Directory tree looks like this:
DC=xxx,DC=COM
-OU=Accounts
 -OU=Usernames
  -OU=Finance&Administration
  -OU=Generic accounts
  -OU=Security
  -....
-DC=sng,DC=xxx,DC=com
 -OU=Singapore Users
-DC=uk,DC=xxx,DC=com
 -OU=Accounts
  -OU=Users

If I use the following configuration, everything works, except I am not able to
authonticate UK and SNG users because the root of the search does not include
UK ans SNG domains.

AuthBasicProvider ldap
AuthLDAPURL
"ldap://nydomain04.xxx.com/OU=Accounts,DC=xxx,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=ldap connector,OU=Generic
accounts,OU=Accounts,DC=xxx,DC=com"
AuthLDAPBindPassword ******
AuthType Basic
AuthName "xxx Domain"
Require ldap-group CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts,
DC=xxx,DC=com


[Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(373): [client
192.168.2.75] [3718] auth_ldap authenticate: using URL
ldap://nydomain04.xxx.com/OU=Accounts,DC=xxx,DC=com?sAMAccountName?sub?(objectClass=*)
[Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(454): [client
192.168.2.75] [3718] auth_ldap authenticate: accepting testuser
[Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(691): [client
192.168.2.75] [3718] auth_ldap authorise: require group: testing for group
membership in "CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts,
DC=xxx,DC=com"
[Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(697): [client
192.168.2.75] [3718] auth_ldap authorise: require group: testing for member:
CN=Test User,OU=Finance&Administration,OU=Usernames,OU=Accounts,DC=xxx,DC=com
(CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts, DC=xxx,DC=com)
[Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(706): [client
192.168.2.75] [3718] auth_ldap authorise: require group: authorisation
successful (attribute member) [Comparison true (adding to cache)][Compare True]


However, if I use the follwong configuration, mod_authnz_ldap.c produces a seg
fault.

AuthBasicProvider ldap
AuthLDAPURL
"ldap://nydomain04.xxx.com/DC=xxx,DC=com?sAMAccountName?sub?(objectClass=*)" 
AuthLDAPBindDN "CN=ldap connector,OU=Generic
accounts,OU=Accounts,DC=xxx,DC=com"
AuthLDAPBindPassword ******
AuthType Basic
AuthName "xxx Domain"
Require ldap-group CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts,
DC=xxx,DC=com


[Wed Nov 26 20:24:31 2008] [debug] mod_authnz_ldap.c(373): [client
192.168.2.75] [3110] auth_ldap authenticate: using URL
ldap://nydomain04.xxx.com/DC=xxx,DC=com?sAMAccountName?sub?(objectClass=*)
[Wed Nov 26 20:24:42 2008] [notice] child pid 3110 exit signal Segmentation
fault (11)


# rpm -qi httpd
Name        : httpd                        Relocations: (not relocatable)
Version     : 2.2.3                             Vendor: CentOS
Release     : 11.el5_2.centos.4             Build Date: Wed 12 Nov 2008
10:44:43 AM EST
Install Date: Fri 14 Nov 2008 07:42:56 AM EST      Build Host:
builder16.centos.org
Group       : System Environment/Daemons    Source RPM:
httpd-2.2.3-11.el5_2.centos.4.src.rpm
Size        : 2899288                          License: Apache Software License
Signature   : DSA/SHA1, Wed 12 Nov 2008 05:54:31 PM EST, Key ID
a8a447dce8562897
URL         : http://httpd.apache.org/
Summary     : Apache HTTP Server
Description : The Apache HTTP Server is a powerful, efficient, and extensible
web server.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message