httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eirik Lygre <eirik.ly...@gmail.com>
Subject Re: Bug using authnz_ldap_module with Microsoft LDAP SDK and ldaps (secure ldap)?
Date Tue, 05 Mar 2013 09:59:42 GMT
Eric Covener wrote
> On Mon, Mar 4, 2013 at 3:34 PM, Steffen &lt;

> info@

> &gt; wrote:
>> On your request a patched mod_ldap.so available at AL post,
>> with following changes in ldap_util.c :
> 
> Thanks!

Better, but. The initialization now works fine, but it then fails during
bind. I guess that since nobody ever got past init, nobody ever got to test
this further either, and there may be many issues in the remaining process.

The messages are now like this, where the first two show that we have
progress, and the last three show that there are still problems (fwiw, it
seems to fail inside apr_ldap_rebind_add in
http://svn.apache.org/viewvc/apr/apr-util/tags/1.4.1/ldap/apr_ldap_rebind.c?view=markup):

[Tue Mar 05 10:07:06.898979 2013] [ldap:info] [pid 4492:tid 356] AH01318:
APR LDAP: Built with Microsoft Corporation. LDAP SDK
[Tue Mar 05 10:07:06.898979 2013] [ldap:info] [pid 4492:tid 356] AH01319:
LDAP: SSL support available
...
[Tue Mar 05 10:07:47.862394 2013] [authnz_ldap:debug] [pid 4492:tid 884]
mod_authnz_ldap.c(500): [client ::1:62053] AH01691: auth_ldap authenticate:
using URL ldaps://server:1389/ou=People,dc=example,dc=com?uid
[Tue Mar 05 10:07:47.878395 2013] [ldap:error] [pid 4492:tid 884]
(70023)This function has not been implemented on this platform: AH01277:
LDAP: Unable to add rebind cross reference entry. Out of memory?
[Tue Mar 05 10:07:47.878395 2013] [authnz_ldap:info] [pid 4492:tid 884]
[client ::1:62053] AH01695: auth_ldap authenticate: user MYUSERNAME
authentication failed; URI /server-status [LDAP: Unable to add rebind cross
reference entry.][]

Now, given that this seems to be a non-working, and probably never-tested,
configuration, I guess actually debugging and stabilizing it is probably a
bigger task than expected. Also, the current workflow (I read code, you
compile, I test) is, um, sub-optimal. Thus:

- I'm going to stop trying to understand the code and propose fixes this way
- If anybody wants to take this forward (which would be nice!), I can
instead offer to set up a publicly available ldaps-server, and create a
httpd.conf-file which can be used to test and debug the issue
- Or, if there are any other items I can do, please ask!

Anyway, thanks a lot for spending time on helping out, and sorry that I
can't take it all the way.

Eirik



--
View this message in context: http://apache-http-server.18135.n6.nabble.com/Bug-using-authnz-ldap-module-with-Microsoft-LDAP-SDK-and-ldaps-secure-ldap-tp5003960p5004121.html
Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.

Mime
View raw message