[users@httpd] authnz_ldap LDAP bind + Error 500
Greetings, I understand that apache2, using the authnz_ldap module, prefers to maintain persistent connections to a given LDAP server. While this is contrary to the way LDAP is intended to be used (e.g: connections without the UNBIND operation), I am ok with this. Our LDAP servers themselves have no timeout, nor a timelimit, on operations. Doing a persistent bind against the LDAP server in question, (by hand) produces a connection that persists as long as necessary. Apache2, however, feels differently. When pointed directly at an LDAP server, after some time, we see this (and users begin complaining): [client 192.168.168.40] [18485] auth_ldap authenticate: user joe authentication failed; URI /repo/ [LDAP: ldap_start_tls_s() failed][Connect error], referer: https://svn.example.com/ Invariably restarting apache2 fixes the problem, but it always returns. HOWEVER, if we take LDAP StartTLS out of the equation, and we use something like stunnel4 (thereby telling apache2 to "not worry about using encryption while talking to LDAP"), the problem goes away and does not return. I'll point out that the LDAP server-side SSL certificates are legitimate, are not expired, and are used by other things that require certificates to be in-order. We are stumped. Our LDAP-related apache2 configuration (which generates no errors upon launch, nor configtest): ## /etc/apache2/sites-available/svn LDAPSharedCacheSize 50 LDAPCacheEntries 1024 LDAPCacheTTL 600 LDAPOpCacheEntries 1024 LDAPOpCacheTTL 600 ServerAdmin webmas...@example.com ServerName svn.example.com RewriteEngine on RewriteRule ^/(.*)$ https://svn.example.com/$1 [R,L] ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined ServerAdmin webmas...@example.com ServerName svn.example.com DocumentRoot /var/www SSLEngine on SSLCertificateFile /etc/ssl/certs/wildcard.example.com.crt SSLCertificateKeyFile /etc/ssl/private/wildcard.example.com.key SSLCACertificateFile /etc/ssl/certs/ca-example.cert RewriteEngine on RewriteCond %{SERVER_NAME} !=svn.example.com RewriteRule ^/(.*)$ https://svn.example.com/$1 [R,L] ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined SetHandler ldap-status DAV svn SVNPath /repo/svn AuthType Basic AuthName "Our Repository" AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPBinddn uid=admin,cn=users,dc=example,dc=com AuthLDAPBindPassword password AuthLDAPURL ldap://the.ldap.server:389/cn=users,dc=example,dc=com??one?(&(objectClass=posixAccount)(|(objectClass=svnUser)(objectClass=svnAdmin))(uid=*)) STARTTLS Require valid-user Modules loaded: alias.load auth_basic.load authn_file.load authnz_ldap.load authz_default.load authz_groupfile.load authz_host.load authz_user.load autoindex.load cgi.load dav.load dav_svn.conf dav_svn.load dir.conf dir.load env.load ldap.load mime.load negotiation.load rewrite.load setenvif.load ssl.load status.load We would appreciate some insight into this - thank you. -GF
[users@httpd] Re: Is it possible to add custom properties in WebDAV, on the server side?
Hi all. I figured out that I will have to make changes in the file "modules/dav/fs/repos.c" in httpd's code, to add custom properties. I did manage to tweak around a bit, and things went fine. So far so good :) Now, what I really intend is to read a file (on the server side), and transmit the contents of the file as a (custom) webdav property to the clients. As a part of this, I intend to "fopen" a file, read the contents, and then "fclose" the file. But when I do a "fopen", followed by a "fclose", the server crashes, with the following "error_log" :: # [Tue Apr 17 01:57:31 2012] [notice] child pid 25683 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25684 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25685 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25686 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25687 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25688 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25689 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25690 exit signal Segmentation fault (11) [Tue Apr 17 01:57:32 2012] [notice] child pid 25708 exit signal Segmentation fault (11) [Tue Apr 17 01:57:33 2012] [notice] child pid 25709 exit signal Segmentation fault (11) # I have specifically not put in more details, as random googling seemed to indicate that there might be some configuration that needs to be tweaked, to enable "fopen" on "httpd". Is that so? :| I will be really grateful for a reply, as it's been close to two days, since this is bugging me. Looking forward to a reply. Regards, Ajay On Sat, Apr 14, 2012 at 11:54 PM, Ajay Garg wrote: > Ping :) > > Regards, > Ajay > > > On Fri, Apr 13, 2012 at 3:19 PM, Ajay Garg wrote: > >> Hi all. >> >> I have a Fedora 14 machine. >> >> I have been able to setup a WebDAV share, in httpd's context, at the >> server side. >> Also, I am able to (successfully) access the WebDAV share, through >> gnome-nautilus, on the client side. >> >> I am wondering, if there is a way to add custom properties on the server >> side, which could then be retrieved by "PROPFIND" ? >> Currently, I get the following properties via PROPFIND per resource :: >> >> >> >> ## >> getlastmodified= Thu, 12 Apr 2012 08:17:13 GMT >> supportedlock= >> >> >> >> getetag= "80a30-1e2-4bd76fbb9e370" >> getcontentlength= 482 >> resourcetype= >> creationdate= 2012-04-12T08:17:13Z >> getcontenttype= text/plain >> lockdiscovery= >> Failed for: [(u'DAV:', u'displayname'), (u'DAV:', u'owner')] >> Not Found (404). >> >> ## >> >> >> Looking forward to a reply. >> >> >> Regards, >> Ajay >> > >
Re: [users@httpd] Add a http header if the request comes from an iphone
Hi Eric, Thank you so much. I took your advice and I think it is working now. I did the following configurarion: BrowserMatchNoCase iphone is_iphone RequestHeader add deviceType "HighEnd" env=is_iphone Is it what you mean? Regards, Marcos On Mon, Apr 16, 2012 at 11:39 AM, Eric Covener wrote: > On Mon, Apr 16, 2012 at 10:31 AM, Marcos Filho > wrote: > > Yes, I did copy from my configurations. > > > > I know that this line works if it is isolated: > > 'RequestHeader add deviceType "HighEnd" ' > > > > But I need to check if the request is from an iphone, and that condition > is > > not working at all. > > > > Do you have any idea how I can fix it? > > Use setenvif to heck the user-agent, and set an environment variable > Then use th eoption for RequestHEader to depend on an environment variable. > > > > > > > On Mon, Apr 16, 2012 at 11:27 AM, Eric Covener > wrote: > >> > >> > SetEnvIf %{HTTP_USER_AGENT} value "iphone" [NC] > >> > RequestHeader add deviceType "HighEnd" > >> > > >> > SetEnvIf User-Agent value "iphone" [NC] > >> > RequestHeader add deviceType "HighEnd" > >> > >> This seems completely wrong, did you copy and paste from your > >> configuration? > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> For additional commands, e-mail: users-h...@httpd.apache.org > >> > > > > > > -- > Eric Covener > cove...@gmail.com > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Add a http header if the request comes from an iphone
On Mon, Apr 16, 2012 at 10:31 AM, Marcos Filho wrote: > Yes, I did copy from my configurations. > > I know that this line works if it is isolated: > 'RequestHeader add deviceType "HighEnd" ' > > But I need to check if the request is from an iphone, and that condition is > not working at all. > > Do you have any idea how I can fix it? Use setenvif to heck the user-agent, and set an environment variable Then use th eoption for RequestHEader to depend on an environment variable. > > > On Mon, Apr 16, 2012 at 11:27 AM, Eric Covener wrote: >> >> > SetEnvIf %{HTTP_USER_AGENT} value "iphone" [NC] >> > RequestHeader add deviceType "HighEnd" >> > >> > SetEnvIf User-Agent value "iphone" [NC] >> > RequestHeader add deviceType "HighEnd" >> >> This seems completely wrong, did you copy and paste from your >> configuration? >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Add a http header if the request comes from an iphone
Yes, I did copy from my configurations. I know that this line works if it is isolated: 'RequestHeader add deviceType "HighEnd" ' But I need to check if the request is from an iphone, and that condition is not working at all. Do you have any idea how I can fix it? On Mon, Apr 16, 2012 at 11:27 AM, Eric Covener wrote: > > SetEnvIf %{HTTP_USER_AGENT} value "iphone" [NC] > > RequestHeader add deviceType "HighEnd" > > > > SetEnvIf User-Agent value "iphone" [NC] > > RequestHeader add deviceType "HighEnd" > > This seems completely wrong, did you copy and paste from your > configuration? > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] Add a http header if the request comes from an iphone
> SetEnvIf %{HTTP_USER_AGENT} value "iphone" [NC] > RequestHeader add deviceType "HighEnd" > > SetEnvIf User-Agent value "iphone" [NC] > RequestHeader add deviceType "HighEnd" This seems completely wrong, did you copy and paste from your configuration? - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Add a http header if the request comes from an iphone
Hello Guys, I have the following requirement: "Add a http header if the request is from an iphone." ps: this request will be proxied to a apache tomcat server with mod_proxy. I have checked the mod_headers documentation and it says to use the mod_setenvif My apache's version is 2.2.19 and I am trying this configuration: SetEnvIf %{HTTP_USER_AGENT} value "iphone" [NC] RequestHeader add deviceType "HighEnd" Also, I tried this: SetEnvIf User-Agent value "iphone" [NC] RequestHeader add deviceType "HighEnd" Those "SerEnvIf" are not working and probably I am doing something wrong. I have done lots of research on google and then tried lots of settings but nothing is working. Do you guys have an idea how I can get it working? I would really appreciate your help. Regards, Marcos
Re: [users@httpd] Alias based on IP address
On 12.04.12 11:09, Paulo Silva wrote: Inside a virtualhost is it possible to define an Alias based on the IP of the incoming request? I think mod_rewrite can do that... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Question regarding apache not listening on port 80 and 443.....
On 10/04/2012 17:03, Mark Hamer wrote: > > Hello all > > > Basically I have 2 versions of apache installed.One is an older 2.2.8 and > the other an updated version of 2.2.21. When I shutdown the older version > and start the newer version up to use port 80 and 443 it is not working. > Both > are set up to use port 80 and 443 but I only use one apache version at a time. > The updated apache version starts up.but does not use those ports even > though my config files are pointing to them. Can someone shed some light on > this? which ports is using instead of 80? -- Simone Caruso IT Consultant +39 349 65 90 805 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org