httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: [PATCH] fix util_ldap with older OpenLDAPs
Date Wed, 03 Aug 2005 17:24:49 GMT
   This is why I would like to see the release of 2.2 as soon as
possible.  My only explanation is that I missed changing the NULL
parameter to ldc->ldap when I did the backport of the conversion from
global to per-connection from trunk (rev. 170805).  Since the code bases
for util_ldap are significantly different between trunk and 2.0,
backporting this kind of functionality is closer to a rewrite than a
backport.  In this case, I just missed it.  The correct code should be:

Index: util_ldap.c
===================================================================
--- util_ldap.c	(revision 226877)
+++ util_ldap.c	(working copy)
@@ -325,7 +325,7 @@
         }
 
         if (st->connectionTimeout >= 0) {
-            rc = ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, (void
*)&timeOut);
+            rc = ldap_set_option(ldc->ldap, LDAP_OPT_NETWORK_TIMEOUT,
(void *)&timeOut);
             if (APR_SUCCESS != rc) {
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                                  "LDAP: Could not set the connection
timeout" );


Brad

>>> jorton@redhat.com Wednesday, August 03, 2005 4:48:46 AM >>>
On Wed, Jul 27, 2005 at 09:59:18PM +0100, Joe Orton wrote:
> Since 2.0.54, it seems mod_auth_ldap just segfaults on any request if

> built against older versions of OpenLDAP, 2.2.20 and earlier
(pre-2005).  

I worked this out a little better.  It triggers only the *second* time

the LDAP connection is opened for a given process.  I think I must have

started testing the 2.0.x code with slapd stopped and saw this being 
triggered by the retry-10-times logic for every request.

Brad, can you explain why the ldap_set_option() call is used to change

the *process-global* connection timeout setting in the 2.0.x code, 
rather than the connection-specific setting like the trunk code does? 

Doing that seems generally undesirable as well as triggering the 
OpenLDAP bug.  Is it because some SDKs don't handle per-connection 
settings, perhaps?

If so, this would be a a simpler, better fix for the issue:

Index: modules/experimental/util_ldap.c
===================================================================
--- modules/experimental/util_ldap.c	(revision 227189)
+++ modules/experimental/util_ldap.c	(working copy)
@@ -325,7 +325,11 @@
         }
 
         if (st->connectionTimeout >= 0) {
+#if APR_HAS_OPENLDAP_LDAPSDK
+            rc = ldap_set_option(ldc->ldap, LDAP_OPT_NETWORK_TIMEOUT,
(void *)&timeOut);
+#else
             rc = ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, (void
*)&timeOut);
+#endif
             if (APR_SUCCESS != rc) {
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                                  "LDAP: Could not set the connection
timeout" );


Mime
View raw message