Return-Path: 
 <users-return-90812-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 53252 invoked from network); 28 Sep 2009 18:22:27 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 28 Sep 2009 18:22:27 -0000
Received: (qmail 30377 invoked by uid 500); 28 Sep 2009 18:22:24 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 30349 invoked by uid 500); 28 Sep 2009 18:22:24 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 30340 invoked by uid 99); 28 Sep 2009 18:22:24 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Sep 2009 18:22:24 +0000
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [71.74.56.123] (HELO hrndva-omtalb.mail.rr.com) (71.74.56.123)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Sep 2009 18:22:14 +0000
Received: from waterloo.OrangeBlood.org ([24.174.84.31])
          by hrndva-omta02.mail.rr.com with ESMTP
          id <20090928182153335.JYTO24669@hrndva-omta02.mail.rr.com>
          for <users@httpd.apache.org>; Mon, 28 Sep 2009 18:21:53 +0000
Received: from [172.29.4.63] (firewall.OrangeBlood.org [172.29.4.254])
	(authenticated bits=0)
	by waterloo.OrangeBlood.org (8.14.3/8.14.3) with ESMTP id n8SILqiq005438
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <users@httpd.apache.org>; Mon, 28 Sep 2009 13:21:52 -0500
Message-ID: <4AC0FEC1.4090304@OrangeBlood.org>
Date: Mon, 28 Sep 2009 13:21:53 -0500
From: "David L. Crow" <crow@OrangeBlood.org>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: users@httpd.apache.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.94.2/9844/Mon Sep 28 10:39:01 2009 on
 waterloo.OrangeBlood.org
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
	waterloo.OrangeBlood.org
X-Virus-Checked: Checked by ClamAV on apache.org
X-Old-Spam-Status: No, score=-3.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
	autolearn=ham version=3.2.5
Subject: [users@httpd] Segmentation fault in mod_ldap

Server OS: CentOS 5.3
Kernel: 2.6.18-164.el5
httpd: 2.2.3-22.el5.centos.2

One of my httpd servers started getting a segmentation fault in mod_ldap 
this morning.

As far as I can tell, nothing related to httpd changed between a time I 
know it worked and when the failures started showing up in the 
error_log.  The httpd binary, the conf files, and the module binaries do 
not have new timestamps.

I have several different locations protected via LDAP authentication to 
our Active Directory server.  Some are applications like Subversion and 
Trac.  Others are for static content.  It appears that any URL that is 
protected via LDAP is failing.

According to auditing in Active Directory, the authentication is 
succeeding there.

Here is a sample config with sensitive data in the URL's changed:

     AuthType basic
     AuthName "OrangeBlood AD"
     AuthBasicProvider ldap
     AuthzLDAPAuthoritative off
     AuthLDAPURL 
"ldap://company.com/DC=orangeblood,DC=org?sAMAccountName?sub?"
     AuthLDAPBindDN       "CN=ProxyUser,DC=orangeblood,DC=org"
     AuthLDAPBindPassword "*******"
     Require valid-user

Here is a stack trace:

#0  0x00002b23b9be4020 in ?? () from /etc/httpd/modules/mod_ldap.so
#1  0x00002b23b9be5066 in ?? () from /etc/httpd/modules/mod_ldap.so
#2  0x00002b23b9def7ad in ?? () from /etc/httpd/modules/mod_authnz_ldap.so
#3  0x00002b23b81b8f93 in ?? () from /etc/httpd/modules/mod_auth_basic.so
#4  0x00002b23b422ecb2 in ap_run_check_user_id () from /usr/sbin/httpd
#5  0x00002b23b422feb7 in ap_process_request_internal () from 
/usr/sbin/httpd
#6  0x00002b23b42418f8 in ap_process_request () from /usr/sbin/httpd
#7  0x00002b23b423eb40 in ?? () from /usr/sbin/httpd
#8  0x00002b23b423aca2 in ap_run_process_connection () from /usr/sbin/httpd
#9  0x00002b23b4245849 in ?? () from /usr/sbin/httpd
#10 0x00002b23b4245ada in ?? () from /usr/sbin/httpd
#11 0x00002b23b4245b90 in ?? () from /usr/sbin/httpd
#12 0x00002b23b424687b in ap_mpm_run () from /usr/sbin/httpd
#13 0x00002b23b4220e48 in main () from /usr/sbin/httpd

I changed LogLevel to debug in httpd.conf and was able to see some debug 
level logging, but nothing about the failure.

Do I have any choice but to compile mod_ldap.so with symbols?
-- 
  David L. Crow                     Texas!  It's like a
  crow@OrangeBlood.org              whole other country.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org