httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: [PATCH] fix util_ldap with older OpenLDAPs
Date Tue, 02 Aug 2005 16:55:47 GMT
I'm not seeing the votes in the STATUS file.  If we are +1 to the patch
then lets get the votes recorded and get the patch backported.

Do I smell a 2.0.55?

Brad

>>> wrowe@rowe-clan.net Tuesday, August 02, 2005 7:21:41 AM >>>
+1 to this fix.

Folks, either agree the code is correct, disagree that it should
be some other way, identify it's bugs, or hush up.  Plenty of 
people ARE using 2.2 ldap auth today - and there is no reason
to stand in the way of committing obvious bug fixes, especially
for recently modified code that was just wrong.

Once 2.2 has run around the block a few times, most users will
pick it up to close such bugs.  But this involves reconfiguration,
and the users who would appreciate if we would just fix the bug
aren't looking to be beta testers.  Holding up segfaults as guns
to their heads, attempting to force them to 2.1-unstable isn't cool.

Bill

At 03:59 PM 7/27/2005, Joe Orton wrote:
>Since 2.0.54, it seems mod_auth_ldap just segfaults on any request if

>built against older versions of OpenLDAP, 2.2.20 and earlier
(pre-2005).  
>It looks like this was another regression caused the addition of the 
>LDAPConnectionTimeout option.  (New features, stable branch, 
>regressions?  Hmmm, I spot a pattern)
>
>http://issues.apache.org/bugzilla/show_bug.cgi?id=34618 mentions this

>with "upgrade OpenLDAP" as the solution, which isn't really a great
way 
>to give your users that warm fuzzy feeling.
>
>Any objections to this?
>
>Index: modules/experimental/util_ldap.c
>===================================================================
>--- modules/experimental/util_ldap.c    (revision 225591)
>+++ modules/experimental/util_ldap.c    (working copy)
>@@ -50,7 +50,21 @@
> #define LDAP_CA_TYPE_BASE64             2
> #define LDAP_CA_TYPE_CERT7_DB           3
> 
>+#if APR_HAS_OPENLDAP_LDAPSDK
>+#include <ldap_features.h>
> 
>+/* LDAP_OPT_NETWORK_TIMEOUT is broken in OpenLDAP < 2.2.21, see
>+ * OpenLDAP bug "ITS 3487". */
>+
>+#if LDAP_VENDOR_VERSION_MAJOR < 2 || \
>+    (LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR < 2)
|| \
>+    (LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR == 2
\
>+     && LDAP_VENDOR_VERSION_PATCH < 21)
>+#undef LDAP_OPT_NETWORK_TIMEOUT
>+#endif
>+
>+#endif /* APR_HAS_OPENLDAP_LDAPSDK */
>+
> module AP_MODULE_DECLARE_DATA ldap_module;
> 
> int util_ldap_handler(request_rec *r);



Mime
View raw message