Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 76491 invoked from network); 19 Jan 2009 20:49:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Jan 2009 20:49:46 -0000 Received: (qmail 41636 invoked by uid 500); 19 Jan 2009 20:49:36 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 41336 invoked by uid 500); 19 Jan 2009 20:49:35 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 41327 invoked by uid 99); 19 Jan 2009 20:49:35 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Jan 2009 12:49:35 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of covener@gmail.com designates 74.125.46.153 as permitted sender) Received: from [74.125.46.153] (HELO yw-out-1718.google.com) (74.125.46.153) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Jan 2009 20:49:25 +0000 Received: by yw-out-1718.google.com with SMTP id 6so1212659ywa.84 for ; Mon, 19 Jan 2009 12:49:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=7BCUQy4sD7EcCBSqU1pUR+AVt/WyCcoL3z50boMBAKo=; b=UKGVKD6Gd7kjJukfWnqbeKaDYdVT8R/r4aCEn2BwtHRwrF3N3kWxoM428u3cg6IZ8Y Kh/fOrav5McGq9y3ur/rgUgEckjDJ6REW6ZplZN58YAnB6wpalEOLB/IuoQ5rCM2TRiR mTh0MTMpzuewk7T4YrWnlOGyAxBUjZQ27pyNE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=jpitnCjXWNv2L5Eu3Cq2vJX69PokR8884kpaw7nnAwFBy4rDoWRf9yoFmvdx+X0iY/ mdNQkiTtDHiTXHsiZ/uAhmElUzOxFlfIhlyqH9CCIDT4eBgJDR1aG8T9cpRD5mz3u6VA WA6VDYmRR1tosR4Im+0YOq+nkCH2uxvKV+T7w= Received: by 10.90.68.12 with SMTP id q12mr132775aga.87.1232398144825; Mon, 19 Jan 2009 12:49:04 -0800 (PST) Received: by 10.90.120.6 with HTTP; Mon, 19 Jan 2009 12:49:04 -0800 (PST) Message-ID: <1404e5910901191249v52765d2dvd9516af78fa0de50@mail.gmail.com> Date: Mon, 19 Jan 2009 15:49:04 -0500 From: "Eric Covener" To: users@httpd.apache.org In-Reply-To: <94BE14063577E942AA3C08528708E0C50807B976C1@BLACK.g2support.local> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <94BE14063577E942AA3C08528708E0C50807B976C1@BLACK.g2support.local> X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Sudden "Can't Contact LDAP Server" On Mon, Jan 19, 2009 at 2:37 PM, Oliver Marshall wrote: > Hi chaps, > We are seeing a problem with the server giving end users an "internal error" > page at random when viewing trac sites or checking out SVN files. If you hit > F5 a few times, for between 1 and 10'ish seconds, the pages start being > served up again. This isn't awful in a browser, but for people using SVN via > a piece of client software, which may not have an F5 alternative, it's bad > as they just get an error. > > > > When this occurs the apache error.log shows very little other than "Can't > contact ldap server". The debug listing from the error.log is below. > > > > **************************** > > 139874420-[Mon Jan 19 18:16:56 2009] [info] Initial (No.1) HTTPS request > received for child 4 (server dev.company.com:443) > > 139874531-[Mon Jan 19 18:16:56 2009] [debug] mod_authnz_ldap.c(373): [client > 10.1.37.13] [21455] auth_ldap authenticate: using URL > ldap://10.1.37.250:389/OU=Users,OU=Company > LLP,DC=company,DC=local?sAMAccountName?sub?(objectClass=*), referer: > https://dev.company.com/trac/technical/report > > 139874804:[Mon Jan 19 18:16:56 2009] [warn] [client 10.1.37.13] [21455] > auth_ldap authenticate: user john.blogs authentication failed; URI > /trac/technical/newticket [LDAP: ldap_simple_bind_s() failed][Can't contact > LDAP server], referer: https://dev.company.com/trac/technical/report > > 139875080-[Mon Jan 19 18:16:56 2009] [debug] ssl_engine_kernel.c(1770): > OpenSSL: Write: SSL negotiation finished successfully > > 139875196-[Mon Jan 19 18:16:56 2009] [info] [client 10.1.37.13] Connection > closed to child 4 with standard shutdown (server dev.company.com:443) > > 139875329-[Mon Jan 19 18:16:56 2009] [info] [client 10.1.37.13] Connection > to child 3 established (server dev.company.com:443) Can you easily reproduce this _and_ easily rebuild your httpd with a patch? The current code retries in rapid succession without any delay. Interesting that based on the context this seemed to happen on a "new" child process. I'd be interestedif you've ever been able to capture this under a packet trace -- does the connection attempt ever hit the wire? Finally, i'd expect openldap bugs would be the ones of interest, unless I'm misunderstanding. -- Eric Covener covener@gmail.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org