[users@httpd] authnz_ldap LDAP bind + Error 500
Greetings,
I understand that apache2, using the authnz_ldap module, prefers to
maintain persistent connections to a given LDAP server. While this is
contrary to the way LDAP is intended to be used (e.g: connections without
the UNBIND operation), I am ok with this.
Our LDAP servers themselves have no timeout, nor a timelimit, on
operations. Doing a persistent bind against the LDAP server in question,
(by hand) produces a connection that persists as long as necessary.
Apache2, however, feels differently. When pointed directly at an LDAP
server, after some time, we see this (and users begin complaining):
[client 192.168.168.40] [18485] auth_ldap authenticate: user joe
authentication failed; URI /repo/ [LDAP: ldap_start_tls_s() failed][Connect
error], referer: https://svn.example.com/
Invariably restarting apache2 fixes the problem, but it always returns.
HOWEVER, if we take LDAP StartTLS out of the equation, and we use something
like stunnel4 (thereby telling apache2 to "not worry about using encryption
while talking to LDAP"), the problem goes away and does not return. I'll
point out that the LDAP server-side SSL certificates are legitimate, are
not expired, and are used by other things that require certificates to be
in-order.
We are stumped.
Our LDAP-related apache2 configuration (which generates no errors upon
launch, nor configtest):
## /etc/apache2/sites-available/svn
LDAPSharedCacheSize 50
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
ServerAdmin webmas...@example.com
ServerName svn.example.com
RewriteEngine on
RewriteRule ^/(.*)$ https://svn.example.com/$1 [R,L]
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ServerAdmin webmas...@example.com
ServerName svn.example.com
DocumentRoot /var/www
SSLEngine on
SSLCertificateFile /etc/ssl/certs/wildcard.example.com.crt
SSLCertificateKeyFile /etc/ssl/private/wildcard.example.com.key
SSLCACertificateFile /etc/ssl/certs/ca-example.cert
RewriteEngine on
RewriteCond %{SERVER_NAME} !=svn.example.com
RewriteRule ^/(.*)$ https://svn.example.com/$1 [R,L]
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
SetHandler ldap-status
DAV svn
SVNPath /repo/svn
AuthType Basic
AuthName "Our Repository"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPBinddn uid=admin,cn=users,dc=example,dc=com
AuthLDAPBindPassword password
AuthLDAPURL
ldap://the.ldap.server:389/cn=users,dc=example,dc=com??one?(&(objectClass=posixAccount)(|(objectClass=svnUser)(objectClass=svnAdmin))(uid=*))
STARTTLS
Require valid-user
Modules loaded:
alias.load
auth_basic.load
authn_file.load
authnz_ldap.load
authz_default.load
authz_groupfile.load
authz_host.load
authz_user.load
autoindex.load
cgi.load
dav.load
dav_svn.conf
dav_svn.load
dir.conf
dir.load
env.load
ldap.load
mime.load
negotiation.load
rewrite.load
setenvif.load
ssl.load
status.load
We would appreciate some insight into this - thank you.
-GF
[users@httpd] Re: Is it possible to add custom properties in WebDAV, on the server side?
Hi all. I figured out that I will have to make changes in the file "modules/dav/fs/repos.c" in httpd's code, to add custom properties. I did manage to tweak around a bit, and things went fine. So far so good :) Now, what I really intend is to read a file (on the server side), and transmit the contents of the file as a (custom) webdav property to the clients. As a part of this, I intend to "fopen" a file, read the contents, and then "fclose" the file. But when I do a "fopen", followed by a "fclose", the server crashes, with the following "error_log" :: # [Tue Apr 17 01:57:31 2012] [notice] child pid 25683 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25684 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25685 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25686 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25687 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25688 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25689 exit signal Segmentation fault (11) [Tue Apr 17 01:57:31 2012] [notice] child pid 25690 exit signal Segmentation fault (11) [Tue Apr 17 01:57:32 2012] [notice] child pid 25708 exit signal Segmentation fault (11) [Tue Apr 17 01:57:33 2012] [notice] child pid 25709 exit signal Segmentation fault (11) # I have specifically not put in more details, as random googling seemed to indicate that there might be some configuration that needs to be tweaked, to enable "fopen" on "httpd". Is that so? :| I will be really grateful for a reply, as it's been close to two days, since this is bugging me. Looking forward to a reply. Regards, Ajay On Sat, Apr 14, 2012 at 11:54 PM, Ajay Garg wrote: > Ping :) > > Regards, > Ajay > > > On Fri, Apr 13, 2012 at 3:19 PM, Ajay Garg wrote: > >> Hi all. >> >> I have a Fedora 14 machine. >> >> I have been able to setup a WebDAV share, in httpd's context, at the >> server side. >> Also, I am able to (successfully) access the WebDAV share, through >> gnome-nautilus, on the client side. >> >> I am wondering, if there is a way to add custom properties on the server >> side, which could then be retrieved by "PROPFIND" ? >> Currently, I get the following properties via PROPFIND per resource :: >> >> >> >> ## >> getlastmodified= Thu, 12 Apr 2012 08:17:13 GMT >> supportedlock= >> >> >> >> getetag= "80a30-1e2-4bd76fbb9e370" >> getcontentlength= 482 >> resourcetype= >> creationdate= 2012-04-12T08:17:13Z >> getcontenttype= text/plain >> lockdiscovery= >> Failed for: [(u'DAV:', u'displayname'), (u'DAV:', u'owner')] >> Not Found (404). >> >> ## >> >> >> Looking forward to a reply. >> >> >> Regards, >> Ajay >> > >
Re: [users@httpd] Add a http header if the request comes from an iphone
Hi Eric,
Thank you so much.
I took your advice and I think it is working now.
I did the following configurarion:
BrowserMatchNoCase iphone is_iphone
RequestHeader add deviceType "HighEnd" env=is_iphone
Is it what you mean?
Regards,
Marcos
On Mon, Apr 16, 2012 at 11:39 AM, Eric Covener wrote:
> On Mon, Apr 16, 2012 at 10:31 AM, Marcos Filho
> wrote:
> > Yes, I did copy from my configurations.
> >
> > I know that this line works if it is isolated:
> > 'RequestHeader add deviceType "HighEnd" '
> >
> > But I need to check if the request is from an iphone, and that condition
> is
> > not working at all.
> >
> > Do you have any idea how I can fix it?
>
> Use setenvif to heck the user-agent, and set an environment variable
> Then use th eoption for RequestHEader to depend on an environment variable.
>
> >
> >
> > On Mon, Apr 16, 2012 at 11:27 AM, Eric Covener
> wrote:
> >>
> >> > SetEnvIf %{HTTP_USER_AGENT} value "iphone" [NC]
> >> > RequestHeader add deviceType "HighEnd"
> >> >
> >> > SetEnvIf User-Agent value "iphone" [NC]
> >> > RequestHeader add deviceType "HighEnd"
> >>
> >> This seems completely wrong, did you copy and paste from your
> >> configuration?
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
>
>
>
> --
> Eric Covener
> cove...@gmail.com
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Re: [users@httpd] Add a http header if the request comes from an iphone
On Mon, Apr 16, 2012 at 10:31 AM, Marcos Filho wrote:
> Yes, I did copy from my configurations.
>
> I know that this line works if it is isolated:
> 'RequestHeader add deviceType "HighEnd" '
>
> But I need to check if the request is from an iphone, and that condition is
> not working at all.
>
> Do you have any idea how I can fix it?
Use setenvif to heck the user-agent, and set an environment variable
Then use th eoption for RequestHEader to depend on an environment variable.
>
>
> On Mon, Apr 16, 2012 at 11:27 AM, Eric Covener wrote:
>>
>> > SetEnvIf %{HTTP_USER_AGENT} value "iphone" [NC]
>> > RequestHeader add deviceType "HighEnd"
>> >
>> > SetEnvIf User-Agent value "iphone" [NC]
>> > RequestHeader add deviceType "HighEnd"
>>
>> This seems completely wrong, did you copy and paste from your
>> configuration?
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>
--
Eric Covener
cove...@gmail.com
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Add a http header if the request comes from an iphone
Yes, I did copy from my configurations.
I know that this line works if it is isolated:
'RequestHeader add deviceType "HighEnd" '
But I need to check if the request is from an iphone, and that condition is
not working at all.
Do you have any idea how I can fix it?
On Mon, Apr 16, 2012 at 11:27 AM, Eric Covener wrote:
> > SetEnvIf %{HTTP_USER_AGENT} value "iphone" [NC]
> > RequestHeader add deviceType "HighEnd"
> >
> > SetEnvIf User-Agent value "iphone" [NC]
> > RequestHeader add deviceType "HighEnd"
>
> This seems completely wrong, did you copy and paste from your
> configuration?
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Re: [users@httpd] Add a http header if the request comes from an iphone
> SetEnvIf %{HTTP_USER_AGENT} value "iphone" [NC]
> RequestHeader add deviceType "HighEnd"
>
> SetEnvIf User-Agent value "iphone" [NC]
> RequestHeader add deviceType "HighEnd"
This seems completely wrong, did you copy and paste from your configuration?
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Add a http header if the request comes from an iphone
Hello Guys,
I have the following requirement:
"Add a http header if the request is from an iphone."
ps: this request will be proxied to a apache tomcat server with mod_proxy.
I have checked the mod_headers documentation and it says to use the
mod_setenvif
My apache's version is 2.2.19 and I am trying this configuration:
SetEnvIf %{HTTP_USER_AGENT} value "iphone" [NC]
RequestHeader add deviceType "HighEnd"
Also, I tried this:
SetEnvIf User-Agent value "iphone" [NC]
RequestHeader add deviceType "HighEnd"
Those "SerEnvIf" are not working and probably I am doing something wrong.
I have done lots of research on google and then tried lots of settings but
nothing is working.
Do you guys have an idea how I can get it working? I would really
appreciate your help.
Regards,
Marcos
Re: [users@httpd] Alias based on IP address
On 12.04.12 11:09, Paulo Silva wrote: Inside a virtualhost is it possible to define an Alias based on the IP of the incoming request? I think mod_rewrite can do that... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Question regarding apache not listening on port 80 and 443.....
On 10/04/2012 17:03, Mark Hamer wrote: > > Hello all > > > Basically I have 2 versions of apache installed.One is an older 2.2.8 and > the other an updated version of 2.2.21. When I shutdown the older version > and start the newer version up to use port 80 and 443 it is not working. > Both > are set up to use port 80 and 443 but I only use one apache version at a time. > The updated apache version starts up.but does not use those ports even > though my config files are pointing to them. Can someone shed some light on > this? which ports is using instead of 80? -- Simone Caruso IT Consultant +39 349 65 90 805 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
