With the following configuration, Apache 2.4.54 (self built with OpenSSL 1.1.1s does not start : ---- LoadModule ldap_module mod_ldap.so LoadModule authz_ldap_module mod_authnz_ldap.so LDAPConnectionPoolTTL -1 ---- and gives the error : "LDAPConnectionPoolTTL has wrong format" From the documentation https://httpd.apache.org/docs/2.4/mod/mod_ldap.html#ldapconnectionpoolttl : The default value of -1, and any other negative value, allows connections of any age to be reused. Looking at the code, the function ap_timeout_parameter_parse cannot return a negative value (https://github.com/apache/httpd/blob/trunk/modules/ldap/util_ldap.c#L2825 & https://github.com/apache/httpd/blob/2.4.54/server/util.c#L2656)
Created attachment 38464 [details] Patch proposal for 2.4.54 LDAPConnectionPoolTTL=-1 fix v1 Not the ideal solution but it seems to work. (Still testing but, at least, Apache is now starting)
Hi, Maybe the (untested) patch below is enough. Can you give it a try? Index: util_ldap.c =================================================================== --- util_ldap.c (révision 1906512) +++ util_ldap.c (copie de travail) @@ -2817,12 +2817,14 @@ void *dummy, const char *val) { - apr_interval_time_t timeout; + apr_interval_time_t timeout = -1; util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, &ldap_module); - if (ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS) { + /* Negative values mean AP_LDAP_CONNPOOL_INFINITE */ + if (val[0] != '-' && + ap_timeout_parameter_parse(val, &timeout, "s") != APR_SUCCESS) { return "LDAPConnectionPoolTTL has wrong format"; }
Confirmed the patch you provided fix the issue. Apache is now starting. Thank you very much !
Thanks for the feed-back. Fixed in trunk in r1907024. Proposed for 2.4.x backport in r1907025.
This was backported in 2.4.x branch in r1908027 and is part of version 2.4.56.