[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap

Stefan Fritsch wrote:
On Tuesday 20 April 2010, Kevin Göser wrote:
We are using Apache and basic auth against a Fedora Directory
 Server (v1.1.3, running on a different machine). The setup worked
 fine on etch. After upgrading to lenny today, the LDAP
 authentication seems to be broken: Directly after reloading /
 restarting Apache, one or two browser requests are handled
 successfully (ie. the authentication against LDAP is done, and the
 page is displayed in the browser). All succeeding processes
 however hang.

I suspect a openldap or gnutls problem here. Can you check if you can use ldapsearch from the lenny machine (using SSL)?

I tested the connection using the ldapsearch tool. Note, that "getent passwd" or "getent groups" are working fine, ie. the LDAP users and groups are listed.

These are the results with ldapsearch:

# ldapsearch -h myhost  "*"
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)

-> The process exits, the same message comes when setting -Y ANONYMOUS or EXTERNAL, when using DIGEST-MD5 I'm asked for a password.

# ldapsearch -h myhost -x -LLL -s "base" -b "" supportedSASLMechanisms

dn: supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: ANONYMOUS supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: PLAIN supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: LOGIN

-> Note, that EXTERNAL and ANONYMOUS are listed, but don't seem to work

# ldapsearch -h myhost -v -x  "*"
-> Disabled SASL, this works fine

# ldapsearch -Z -h myhost -v -x  "*"
ldap_initialize( ldap://myhost )
ldap_start_tls: Connect error (-11)

-> Disabled SASL but activated TLS. Above error occurs and the process - hangs!

Stack where it is hanging:
#0  0xb7f6c424 in __kernel_vsyscall ()
#1  0xb7d93e2b in poll () from /lib/i686/cmov/libc.so.6
#2  0xb7f46be5 in ldap_int_select (ld=0x80590b0, timeout=0x0) at os-ip.c:974
#3 0xb7f31e38 in ldap_result (ld=0x80590b0, msgid=2, all=1, timeout=0x0, result=0xbfffc2f0) at result.c:355
#4  0x0804efe9 in ?? ()
#5  0x080590b0 in ?? ()
#6  0x00000002 in ?? ()
#7  0x00000001 in ?? ()
#8  0x00000000 in ?? ()


Reply to: