Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap

To: 578566@bugs.debian.org
Subject: Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap
From: Kevin Göser <kevin@kevin-online.com>
Date: Wed, 21 Apr 2010 09:25:33 +0200
Message-id: <[🔎] 4BCEA86D.7090109@kevin-online.com>
Reply-to: Kevin Göser <kevin@kevin-online.com>, 578566@bugs.debian.org
In-reply-to: <[🔎] 201004202337.47242.sf@sfritsch.de>
References: <[🔎] 201004202223.50103.kevin@kevin-online.com> <[🔎] 201004202337.47242.sf@sfritsch.de>

Stefan Fritsch wrote:

On Tuesday 20 April 2010, Kevin Göser wrote:

We are using Apache and basic auth against a Fedora Directory
 Server (v1.1.3, running on a different machine). The setup worked
 fine on etch. After upgrading to lenny today, the LDAP
 authentication seems to be broken: Directly after reloading /
 restarting Apache, one or two browser requests are handled
 successfully (ie. the authentication against LDAP is done, and the
 page is displayed in the browser). All succeeding processes
 however hang.

I suspect a openldap or gnutls problem here. Can you check if you canuse ldapsearch from the lenny machine (using SSL)?

I tested the connection using the ldapsearch tool. Note, that "getentpasswd" or "getent groups" are working fine, ie. the LDAP users andgroups are listed.


These are the results with ldapsearch:

# ldapsearch -h myhost  "*"
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)

-> The process exits, the same message comes when setting -Y ANONYMOUSor EXTERNAL, when using DIGEST-MD5 I'm asked for a password.



# ldapsearch -h myhost -x -LLL -s "base" -b "" supportedSASLMechanisms

dn:supportedSASLMechanisms: EXTERNALsupportedSASLMechanisms: GSSAPIsupportedSASLMechanisms: ANONYMOUSsupportedSASLMechanisms: DIGEST-MD5supportedSASLMechanisms: PLAINsupportedSASLMechanisms: CRAM-MD5supportedSASLMechanisms: LOGIN


-> Note, that EXTERNAL and ANONYMOUS are listed, but don't seem to work


# ldapsearch -h myhost -v -x  "*"
-> Disabled SASL, this works fine


# ldapsearch -Z -h myhost -v -x  "*"
ldap_initialize( ldap://myhost )
ldap_start_tls: Connect error (-11)

-> Disabled SASL but activated TLS. Above error occurs and the process -hangs!


Stack where it is hanging:
#0  0xb7f6c424 in __kernel_vsyscall ()
#1  0xb7d93e2b in poll () from /lib/i686/cmov/libc.so.6
#2  0xb7f46be5 in ldap_int_select (ld=0x80590b0, timeout=0x0) at os-ip.c:974

#3 0xb7f31e38 in ldap_result (ld=0x80590b0, msgid=2, all=1,timeout=0x0, result=0xbfffc2f0) at result.c:355

#4  0x0804efe9 in ?? ()
#5  0x080590b0 in ?? ()
#6  0x00000002 in ?? ()
#7  0x00000001 in ?? ()
#8  0x00000000 in ?? ()


Cheers
Kevin

Reply to:

References:
- Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap
  - From: Kevin Göser <kevin@kevin-online.com>
- Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: Bug#485922: marked as done (apr: -fstack-protector results in FTBFS on etch)
Next by Date: Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap
Previous by thread: Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap
Next by thread: Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap
Index(es):
- Date
- Thread