Bug#578566: Apache process hangs when trying to authenticate against Fedora Directory Server LDAP using mod_authnz_ldap
Stefan Fritsch wrote:
On Tuesday 20 April 2010, Kevin Göser wrote:
We are using Apache and basic auth against a Fedora Directory
Server (v1.1.3, running on a different machine). The setup worked
fine on etch. After upgrading to lenny today, the LDAP
authentication seems to be broken: Directly after reloading /
restarting Apache, one or two browser requests are handled
successfully (ie. the authentication against LDAP is done, and the
page is displayed in the browser). All succeeding processes
I suspect a openldap or gnutls problem here. Can you check if you can
use ldapsearch from the lenny machine (using SSL)?
I tested the connection using the ldapsearch tool. Note, that "getent
passwd" or "getent groups" are working fine, ie. the LDAP users and
groups are listed.
These are the results with ldapsearch:
# ldapsearch -h myhost "*"
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
-> The process exits, the same message comes when setting -Y ANONYMOUS
or EXTERNAL, when using DIGEST-MD5 I'm asked for a password.
# ldapsearch -h myhost -x -LLL -s "base" -b "" supportedSASLMechanisms
-> Note, that EXTERNAL and ANONYMOUS are listed, but don't seem to work
# ldapsearch -h myhost -v -x "*"
-> Disabled SASL, this works fine
# ldapsearch -Z -h myhost -v -x "*"
ldap_initialize( ldap://myhost )
ldap_start_tls: Connect error (-11)
-> Disabled SASL but activated TLS. Above error occurs and the process -
Stack where it is hanging:
#0 0xb7f6c424 in __kernel_vsyscall ()
#1 0xb7d93e2b in poll () from /lib/i686/cmov/libc.so.6
#2 0xb7f46be5 in ldap_int_select (ld=0x80590b0, timeout=0x0) at os-ip.c:974
#3 0xb7f31e38 in ldap_result (ld=0x80590b0, msgid=2, all=1,
timeout=0x0, result=0xbfffc2f0) at result.c:355
#4 0x0804efe9 in ?? ()
#5 0x080590b0 in ?? ()
#6 0x00000002 in ?? ()
#7 0x00000001 in ?? ()
#8 0x00000000 in ?? ()