Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
Received-SPF: neutral (asf.osuosl.org: local policy)
Message-ID: <42EFC5BA.9020904@rowe-clan.net>
Date: Tue, 02 Aug 2005 14:12:58 -0500
From: "William A. Rowe, Jr." <wrowe@rowe-clan.net>
User-Agent: Mozilla Thunderbird 1.0.6-1.1.fc3 (X11/20050720)
MIME-Version: 1.0
To: Brad Nicholes <BNICHOLES@novell.com>
CC: dev@httpd.apache.org
Subject: Re: [PATCH] fix util_ldap with older OpenLDAPs
References: <42EF5133020000AC00001688@lyle.provo.novell.com>
In-Reply-To: <42EF5133020000AC00001688@lyle.provo.novell.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Voting on dev@ is equivilant to voting in STATUS.

There is an open Veto on the current 2.0.55 - would appreciate some
reviewers.  I'll back out the improper patch tonight to make it easier,
if that partial correction was part of the reason this isn't getting
any attention. Perhaps a full backport is easier to review.

Joe's raised an issue of a segfault on 2.1 head.  I'm unable to
reproduce on the 2.0.x branch, so perhaps more details of the back
trace of that patch are in order?

Bill

Brad Nicholes wrote:
> I'm not seeing the votes in the STATUS file.  If we are +1 to the patch
> then lets get the votes recorded and get the patch backported.
> 
> Do I smell a 2.0.55?
> 
> Brad
> 
> 
>>>>wrowe@rowe-clan.net Tuesday, August 02, 2005 7:21:41 AM >>>
> 
> +1 to this fix.
> 
> Folks, either agree the code is correct, disagree that it should
> be some other way, identify it's bugs, or hush up.  Plenty of 
> people ARE using 2.2 ldap auth today - and there is no reason
> to stand in the way of committing obvious bug fixes, especially
> for recently modified code that was just wrong.
> 
> Once 2.2 has run around the block a few times, most users will
> pick it up to close such bugs.  But this involves reconfiguration,
> and the users who would appreciate if we would just fix the bug
> aren't looking to be beta testers.  Holding up segfaults as guns
> to their heads, attempting to force them to 2.1-unstable isn't cool.
> 
> Bill
> 
> At 03:59 PM 7/27/2005, Joe Orton wrote:
> 
>>Since 2.0.54, it seems mod_auth_ldap just segfaults on any request if
> 
> 
>>built against older versions of OpenLDAP, 2.2.20 and earlier
> 
> (pre-2005).  
> 
>>It looks like this was another regression caused the addition of the 
>>LDAPConnectionTimeout option.  (New features, stable branch, 
>>regressions?  Hmmm, I spot a pattern)
>>
>>http://issues.apache.org/bugzilla/show_bug.cgi?id=34618 mentions this
> 
> 
>>with "upgrade OpenLDAP" as the solution, which isn't really a great
> 
> way 
> 
>>to give your users that warm fuzzy feeling.
>>
>>Any objections to this?
>>
>>Index: modules/experimental/util_ldap.c
>>===================================================================
>>--- modules/experimental/util_ldap.c    (revision 225591)
>>+++ modules/experimental/util_ldap.c    (working copy)
>>@@ -50,7 +50,21 @@
>>#define LDAP_CA_TYPE_BASE64             2
>>#define LDAP_CA_TYPE_CERT7_DB           3
>>
>>+#if APR_HAS_OPENLDAP_LDAPSDK
>>+#include <ldap_features.h>
>>
>>+/* LDAP_OPT_NETWORK_TIMEOUT is broken in OpenLDAP < 2.2.21, see
>>+ * OpenLDAP bug "ITS 3487". */
>>+
>>+#if LDAP_VENDOR_VERSION_MAJOR < 2 || \
>>+    (LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR < 2)
> 
> || \
> 
>>+    (LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR == 2
> 
> \
> 
>>+     && LDAP_VENDOR_VERSION_PATCH < 21)
>>+#undef LDAP_OPT_NETWORK_TIMEOUT
>>+#endif
>>+
>>+#endif /* APR_HAS_OPENLDAP_LDAPSDK */
>>+
>>module AP_MODULE_DECLARE_DATA ldap_module;
>>
>>int util_ldap_handler(request_rec *r);
> 
> 
> 
> 
>