httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "GOVAERTS Lieven" <Lieven.GOVAE...@post.be>
Subject [users@httpd] Problem report: ldap / apache 2.0.54: child process crashes after failed authentication
Date Mon, 27 Jun 2005 14:33:04 GMT
Hi, 

We encounter a problem with an apache server in our system, when 
failing authentication with an Active Directory server.

Environment:
Suse linux ( kernel: vmlinuz-2.6.5-7.97-bigsmp )
apache 2.0.54, one patch applied ( attached )
openldap2-2.2.6-37.rpm
( integrated with subversion 1.2.0 )
integrated with Active Directory

Description:
Apache is providing DAV & authentication services in our subversion
setup. For authentication, an external Active Directory is queried. 
This runs very well, except some random crashes as described here.

Problem is, that at certain moments in time an httpd process will
crash: child pid 19732 exit signal Segmentation fault (11)

The way to reproduce it:
1. With a webbrowser, access a file that needs authentication ( in our
   case, in the subversion repository )
2. Provide a not-existing user and password
3. Apache will lookup the user on the AD server, but this will fail.
   ( normally ), asking the user again for user & password.   
4. Do another request ( user & password you type is not important here )
5. The process handling request of step 1 will crash. 

This problem doesn't happen very often, a few times a day for 50 users, 
but has a lot of impact, since it can happen on a long-running commit
to the subversion repository.

I've searched in bug reports and mailing lists, but didn't find anything
that resembled this problem. It seems to be related to freeing up 
resources?

If anybody has a patch, or a way to workaround this problem, please let 
me know.

I see that more of these types of problem reports exist, and people are 
Urged to wait for apache 2.1, which is now in beta. Can anyone tell me 
when it is supposed to be released?

regards,

Lieven.

Extract from the error.log file:
--------------------------------
[Thu Jun 23 16:19:35 2005] [warn] [client 10.102.65.39] [10137]
auth_ldap authenticate: 
   user govaerl authentication failed; URI /svn/test/trunk/test.txt 
   [ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]
[Thu Jun 23 16:19:35 2005] [warn] [client 10.102.65.39] [9168] auth_ldap
authenticate: 
   user govaerl authentication failed; URI /svn/test/trunk/test.txt 
   [ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]
[Thu Jun 23 16:19:35 2005] [notice] child pid 10137 exit signal
Segmentation fault (11)
[Thu Jun 23 16:21:04 2005] [warn] [client 10.102.65.39] [19732]
auth_ldap authenticate: 
   user govaerl authentication failed; URI /svn/test/trunk/test.txt 
   [ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]
[Thu Jun 23 16:21:04 2005] [warn] [client 10.102.65.39] [19733]
auth_ldap authenticate: 
   user govaerl authentication failed; URI /svn/test/trunk/test.txt 
   [ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]
[Thu Jun 23 16:21:04 2005] [warn] [client 10.102.65.39] [19733]
auth_ldap authenticate: 
   user govaerl authentication failed; URI /svn/test/trunk/test.txt 
   [ldap_simple_bind_s() to check user credentials failed][Invalid
credentials]
[Thu Jun 23 16:21:04 2005] [notice] child pid 19732 exit signal
Segmentation fault (11)

Extract from httpd.conf:
------------------------
LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
<Location /svn>
  DAV svn
  SVNParentPath /test/repos

  # access control policy
  AuthzSVNAccessFile /test/svnaccess.conf

  # try anonymous access first, resort to real authentication if
necessary
  Satisfy Any
  Require valid-user

  # LDAP authentication
  AuthType Basic   
  AuthName "Subversion Repository"
  AuthLDAPEnabled on
  AuthLDAPURL "XXXXXXXXXXXXXXXX"

  AuthLDAPAuthoritative on
  AuthLDAPBindDN "XXXXXXXXXXXXXX"
  AuthLDAPBindPassword xxxxxxxxxxx
  Require valid-user 
</Location> 




STRICTLY PERSONAL AND CONFIDENTIAL
This message may contain confidential and proprietary material for the sole use of the intended
recipient. Any review or distribution by others is strictly prohibited. If you are not the
intended recipient please contact the sender and delete all copies.

Dit bericht is enkel bestemd voor de aangeduide ontvangers en kan vertrouwelijke informatie
bevatten. Als u niet de ontvanger bent, dan mag u de inhoud van dit bericht niet bekendmaken
noch kopiëren. Als u dit bericht per vergissing ontvangen heeft, gelieve er de afzender of
De Post onmiddellijk van op de hoogte te brengen en het bericht vervolgens te verwijderen.

Ce message est uniquement destiné aux destinataires indiqués et peut contenir des informations
confidentielles. Si vous n'êtes pas le destinataire, vous ne devez pas révéler le contenu
de ce message ou en prendre copie. Si vous avez reçu ce message par erreur, veuillez en informer
l'expéditeur, ou La Poste immédiatement, avant de le supprimer.

Mime
View raw message