httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: mod_ldap/util_ldap Issues...
Date Fri, 30 Jan 2004 19:59:17 GMT
   There is a patch that was committed to CVS HEAD that is waiting for
enough votes to be backported to the 2.0 branch.  The patch addresses PR
#18756 that deals with shared memory issues and could very possibly fix
the problems that you are seeing.  The patch has been sitting in the
backport queue for sometime now.  I would like to go ahead and backport
this patch now if nobody has any objections and since auth_ldap is an
experimental module anyway.  
   As far as your other question goes, NetWare uses auth_ldap
extensively in our solutions and we have done a lot of testing using the
caching directives.  The difference is that NetWare does not use shared
memory for the cache.  Since the caching directives only appears to be a
problem on shared memory platforms, this leads me to believe that the
proposed patch should resolve this issue.

Brad

Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com 

>>> jessh@ptc.com Friday, January 30, 2004 12:38:21 PM >>>
I've been struggling with mod_ldap / util_ldap for some time now.  The

module is basically working on Windows (and HP Apache has it working 
with the worker MPM on HPUX), but I've been utterly failing on Solaris
(8).

There are a good number of open bugs on this module.  I updated to 
2.0.48 + the latest sources from CVS in hopes that the most critical of

these issues would be resolved.

Unfortunately, I find that my Apache always crashes with core dump on 
the very first attempt to authenticate against LDAP *if* I leave the 
LDAP cache activated.  If I disable the LDAP cache, then LDAP 
authentication appears to work fine (in quick, light testing -- no 
stress testing yet).

I don't have any reasonable debugger on the machine in question, so I 
just threw in some quick debug output.  What is interesting to me is 
that util_ldap_cache_module_kill is called during the Apache startup 
process.  This strikes me as highly suspicious and a possible cause of

the latter crashes when attempting to access the LDAP cache -- but I 
could clearly be barking up the wrong tree.

It is hard for me to believe that no one else in the Apache community 
needs LDAP authentication on Solaris.  It is also hard for me to
believe 
that I'm the only one seeing the issue -- especially given the fact
that 
there are open bugs on this....

Unfortunately, this is just the "showstopper" issue.  Other issues
include:

    * connections staying bound as wrong user preventing reliable
      non-anonymous access to LDAP
    * crashes when LDAP cache size is exceeded (i.e. when cache purge
is
      attempted)
          o *may* be fixed in HEAD -- I last tested in 2.0.47
    * crashes on Windows when LDAP cache shared memory block is full
          o *may* be fixed in HEAD -- I last tested in 2.0.47

Is the community giving up on the Apache groups' Apache 2 LDAP modules

and using some other party's modules for this?

I know there are some few individuals working hard on this area, but
the 
open bugs in this area and severity thereof attest to a lack of 
cross-platform stability.  I also know this is an "experimental"
module, 
but it is one that some of us desparately need...

--
Jess Holle


Mime
View raw message