Bug 66421 - Setting LDAPConnectionPoolTTL to -1 (default value) prevents apache to start
Summary: Setting LDAPConnectionPoolTTL to -1 (default value) prevents apache to start
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ldap (show other bugs)
Version: 2.4.54
Hardware: PC Linux
: P2 minor (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2023-01-13 17:06 UTC by nailyk
Modified: 2024-04-07 10:31 UTC (History)
1 user (show)

Patch proposal for 2.4.54 LDAPConnectionPoolTTL=-1 fix v1 (3.62 KB, patch)
2023-01-16 09:42 UTC, nailyk
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description nailyk 2023-01-13 17:06:21 UTC
With the following configuration, Apache 2.4.54 (self built with OpenSSL 1.1.1s does not start : 

LoadModule ldap_module mod_ldap.so
LoadModule authz_ldap_module mod_authnz_ldap.so

LDAPConnectionPoolTTL -1

and gives the error : "LDAPConnectionPoolTTL has wrong format"

From the documentation https://httpd.apache.org/docs/2.4/mod/mod_ldap.html#ldapconnectionpoolttl :  The default value of -1, and any other negative value, allows connections of any age to be reused.

Looking at the code, the function ap_timeout_parameter_parse cannot return a negative value (https://github.com/apache/httpd/blob/trunk/modules/ldap/util_ldap.c#L2825 & https://github.com/apache/httpd/blob/2.4.54/server/util.c#L2656)
Comment 1 nailyk 2023-01-16 09:42:39 UTC
Created attachment 38464 [details]
Patch proposal for 2.4.54 LDAPConnectionPoolTTL=-1 fix v1

Not the ideal solution but it seems to work. 
(Still testing but, at least, Apache is now starting)
Comment 2 Christophe JAILLET 2023-01-17 18:20:26 UTC

Maybe the (untested) patch below is enough.
Can you give it a try?

Index: util_ldap.c
--- util_ldap.c	(révision 1906512)
+++ util_ldap.c	(copie de travail)
@@ -2817,12 +2817,14 @@
                                           void *dummy,
                                           const char *val)
-    apr_interval_time_t timeout;
+    apr_interval_time_t timeout = -1;
     util_ldap_state_t *st =
         (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
-    if (ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS) {
+    /* Negative values mean AP_LDAP_CONNPOOL_INFINITE */
+    if (val[0] != '-' &&
+        ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS) {
         return "LDAPConnectionPoolTTL has wrong format";
Comment 3 nailyk 2023-01-26 10:15:13 UTC
Confirmed the patch you provided fix the issue. Apache is now starting. 

Thank you very much !
Comment 4 Christophe JAILLET 2023-01-27 13:25:06 UTC
Thanks for the feed-back.

Fixed in trunk in r1907024.
Proposed for 2.4.x backport in r1907025.
Comment 5 Christophe JAILLET 2024-04-07 10:31:54 UTC
This was backported in 2.4.x branch in r1908027 and is part of version 2.4.56.