httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51020] New: [PATCH] Apache/ does not start in complex Active Directory forest
Date Tue, 05 Apr 2011 02:19:55 GMT

           Summary: [PATCH] Apache/ does not start in complex
                    Active Directory forest
           Product: Apache httpd-2
           Version: 2.2.17
          Platform: PC
        OS/Version: Windows Server 2003
            Status: NEW
          Keywords: PatchAvailable
          Severity: normal
          Priority: P2
         Component: mod_fcgid

Created an attachment (id=26854)
 --> (
Patch for Apache/ startup issue in complex Active Directory Domain

Problem: tries to gather CGI process filestat during startup using apr_stat
() call and fails to fetch all ACLs from Active Directory Domain environment
(having complex groups spanning across multiple domains)

Root Cause:
apr_stat() using APR_FINFO_NORM ends up calling GetEffectiveRightsFromACL
Win32API to proble ACLs for cgi process file object's owner and group trustee
accounts, and per MS this GetEffectiveRightsFromACL API is likely to fail in
complex AD environment. MS KB:

Solution: apr_stat() call is made to use APR_FINFO_IDENT and thereby
avoiding the unnecessary ACL lookup during Apache startup, however if there is
a real ACL issue, will return error during runtime.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message