Our LDAP Active Directory tree looks like this: DC=xxx,DC=COM -OU=Accounts -OU=Usernames -OU=Finance&Administration -OU=Generic accounts -OU=Security -.... -DC=sng,DC=xxx,DC=com -OU=Singapore Users -DC=uk,DC=xxx,DC=com -OU=Accounts -OU=Users If I use the following configuration, everything works, except I am not able to authonticate UK and SNG users because the root of the search does not include UK ans SNG domains. AuthBasicProvider ldap AuthLDAPURL "ldap://nydomain04.xxx.com/OU=Accounts,DC=xxx,DC=com?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN "CN=ldap connector,OU=Generic accounts,OU=Accounts,DC=xxx,DC=com" AuthLDAPBindPassword ****** AuthType Basic AuthName "xxx Domain" Require ldap-group CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts, DC=xxx,DC=com [Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(373): [client 192.168.2.75] [3718] auth_ldap authenticate: using URL ldap://nydomain04.xxx.com/OU=Accounts,DC=xxx,DC=com?sAMAccountName?sub?(objectClass=*) [Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(454): [client 192.168.2.75] [3718] auth_ldap authenticate: accepting testuser [Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(691): [client 192.168.2.75] [3718] auth_ldap authorise: require group: testing for group membership in "CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts, DC=xxx,DC=com" [Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(697): [client 192.168.2.75] [3718] auth_ldap authorise: require group: testing for member: CN=Test User,OU=Finance&Administration,OU=Usernames,OU=Accounts,DC=xxx,DC=com (CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts, DC=xxx,DC=com) [Wed Nov 26 22:24:36 2008] [debug] mod_authnz_ldap.c(706): [client 192.168.2.75] [3718] auth_ldap authorise: require group: authorisation successful (attribute member) [Comparison true (adding to cache)][Compare True] However, if I use the follwong configuration, mod_authnz_ldap.c produces a seg fault. AuthBasicProvider ldap AuthLDAPURL "ldap://nydomain04.xxx.com/DC=xxx,DC=com?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN "CN=ldap connector,OU=Generic accounts,OU=Accounts,DC=xxx,DC=com" AuthLDAPBindPassword ****** AuthType Basic AuthName "xxx Domain" Require ldap-group CN=JMX_Security, OU=Security, OU=Usernames, OU=Accounts, DC=xxx,DC=com [Wed Nov 26 20:24:31 2008] [debug] mod_authnz_ldap.c(373): [client 192.168.2.75] [3110] auth_ldap authenticate: using URL ldap://nydomain04.xxx.com/DC=xxx,DC=com?sAMAccountName?sub?(objectClass=*) [Wed Nov 26 20:24:42 2008] [notice] child pid 3110 exit signal Segmentation fault (11) # rpm -qi httpd Name : httpd Relocations: (not relocatable) Version : 2.2.3 Vendor: CentOS Release : 11.el5_2.centos.4 Build Date: Wed 12 Nov 2008 10:44:43 AM EST Install Date: Fri 14 Nov 2008 07:42:56 AM EST Build Host: builder16.centos.org Group : System Environment/Daemons Source RPM: httpd-2.2.3-11.el5_2.centos.4.src.rpm Size : 2899288 License: Apache Software License Signature : DSA/SHA1, Wed 12 Nov 2008 05:54:31 PM EST, Key ID a8a447dce8562897 URL : http://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server.
Is this the same as https://bugzilla.redhat.com/show_bug.cgi?id=471898 Using Fedora 10, Apache 2.2.10 I had the same problem. Installing apr-util-ldap fixed it. Can the assignee verify this please. Ken
I'm using solaris 10 and have the similar problem. I use apache 2.2.11. CC="gcc"; export CC CPPFLAGS="-I/opt1/util/db/include -I/opt1/util/openssl98k/include"; export CPPFLAGS LDFLAGS="-L/opt1/util/db/lib -L/opt1/util/openssl98k/lib"; export LDFLAGS "./configure" \ "--prefix=/PDS/twh/apache2ssl" \ "--enable-mime-magic" \ "--enable-so" \ "--enable-ssl" \ "--with-ssl=/opt1/util/openssl98k" \ "--with-ldap" \ "--with-port=5000" \ "--enable-mods-shared=mime-magic ssl ldap authnz-ldap" \ "CC=gcc" \ "LDFLAGS=-L/opt1/util/db/lib -L/opt1/util/openssl98k/lib" \ "CPPFLAGS=-I/opt1/util/db/include -I/opt1/util/openssl98k/include" \ "$@" I need help on Apache ldaps setup.
>I'm using solaris 10 and have the similar problem... I need help on Apache ldaps setup. As mentioned in the docs, Apache doesn't support ldaps using native Solaris LDAP. (In fact it segfaults.) Build Apache with OpenLDAP if you need ldaps on Solaris 10.
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd. As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd. If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question. If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with. Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.