Since 2.0.54, it seems mod_auth_ldap just segfaults on any request if built against older versions of OpenLDAP, 2.2.20 and earlier (pre-2005). It looks like this was another regression caused the addition of the LDAPConnectionTimeout option. (New features, stable branch, regressions? Hmmm, I spot a pattern)
http://issues.apache.org/bugzilla/show_bug.cgi?id=34618 mentions this with "upgrade OpenLDAP" as the solution, which isn't really a great way to give your users that warm fuzzy feeling. Any objections to this? Index: modules/experimental/util_ldap.c =================================================================== --- modules/experimental/util_ldap.c (revision 225591) +++ modules/experimental/util_ldap.c (working copy) @@ -50,7 +50,21 @@ #define LDAP_CA_TYPE_BASE64 2 #define LDAP_CA_TYPE_CERT7_DB 3 +#if APR_HAS_OPENLDAP_LDAPSDK +#include <ldap_features.h> +/* LDAP_OPT_NETWORK_TIMEOUT is broken in OpenLDAP < 2.2.21, see + * OpenLDAP bug "ITS 3487". */ + +#if LDAP_VENDOR_VERSION_MAJOR < 2 || \ + (LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR < 2) || \ + (LDAP_VENDOR_VERSION_MAJOR == 2 && LDAP_VENDOR_VERSION_MINOR == 2 \ + && LDAP_VENDOR_VERSION_PATCH < 21) +#undef LDAP_OPT_NETWORK_TIMEOUT +#endif + +#endif /* APR_HAS_OPENLDAP_LDAPSDK */ + module AP_MODULE_DECLARE_DATA ldap_module; int util_ldap_handler(request_rec *r);
