httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <>
Subject Re: mod_ldap/util_ldap Issues...
Date Fri, 30 Jan 2004 20:28:01 GMT
>Since you mention it, though, Brad, is non-anonymous bind heavily used

>in NetWare?  As noted in my previous message, there are open reports

I couldn't tell how heavily it is used since our default install uses
an anonymous bind.  But I do know that there are a lot of NetWare
administrators that have set up auth_ldap using non-anonymous bind.  I
haven't heard of any problems from them on our devnet forums or from our
support engineers.


Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions 

>>> Friday, January 30, 2004 1:16:25 PM >>>
Brad Nicholes wrote:

>   There is a patch that was committed to CVS HEAD that is waiting
>enough votes to be backported to the 2.0 branch.  The patch addresses
>#18756 that deals with shared memory issues and could very possibly
>the problems that you are seeing.
The crash on Solaris is with a binary built from 2.0.48 sources + all 
committed mod_ldap changes from HEAD, i.e. I intentionally took the 
latest sources whether they were from the 2.0 or 2.1 branch.  [Well, 
okay, I didn't take the latest APR/APU deprecation changes to give a 
better chance of compilation.]

These same sources worked just fine on Windows, i.e. I built a 2.0.48+

binary and have been using it without issue, so my selection of newer 
sources does not seem to be abhorrantly amiss.

>The patch has been sitting in the
>backport queue for sometime now.  I would like to go ahead and
>this patch now if nobody has any objections and since auth_ldap is an
>experimental module anyway.
Sounds good to me, but this does not appear to fix the Solaris issue
seeing.  There are other comments attached to the bug report you site 
indicating that the patch did not fix their Solaris 8 crashes either.

>   As far as your other question goes, NetWare uses auth_ldap
>extensively in our solutions and we have done a lot of testing using
>caching directives.  The difference is that NetWare does not use
>memory for the cache.  Since the caching directives only appears to be
>problem on shared memory platforms, this leads me to believe that the
>proposed patch should resolve this issue.
I really hoped that this would be the case.  Unfortunately, it does not

appear to be true.

As I said, I know there are a few folk out there working this problem 
hard (and you're one of them, Brad).  Unfortunately, there does not
to be good coverage on common platforms like worker-MPM + shared memory

(which is not to fault Brad, this is not his platform).

Since you mention it, though, Brad, is non-anonymous bind heavily used

in NetWare?  As noted in my previous message, there are open reports of

connections staying bound to the user being authenticated and then not

properly rebound to the "search/read-only-admin" dn to perform the next

search.  [Unfortunately, I've not personally reproduced this issue, but

I've seen reports of it from auth_ldap 1.6.0 to all but the latest 
Apache 2 code -- perhaps you specifically fixed this in your 2.0.48 

>    * connections staying bound as wrong user preventing reliable
>      non-anonymous access to LDAP
Jess Holle

View raw message