[users@httpd] mod_authn_dbd: Stored procedures not supported ... Commands out of sync; you can't run this command now
Hi, I'm having a server installed with Apache 2.2 (Ubuntu LTS 12.04) and I used mod_authn_dbd as documented here http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html to check the permissions. Since I use a MySQL database DBDriver mysql is set. Since there is already an existing user management on a different server with access restrictions, the only way to use it is via a stored procedure, thus AuthDBUserPWQuery CALL queryUser(%s) is defined like this. But this is a problem, since MySQL is - let's say - a little bit special when performing a query which is a call to a stored procedure. If you just perform the query and fetch the result, the next query within the same connection will fail with Commands out of sync; you can't run this command now error. The reason is that when performing a query with a call to a stored procedure you must take result sets into account like you do when doing a multi-query. Multi-Query: SELECT * FROM tUsers1; SELECT * FROM tUsers2; returns in MySQL two result sets and you have to use mysql_use_result() mysql_store_result() mysql_free_result() to properly handle the returned data. And in ANY case where stored procedures are involved, you have to use the methods above otherwise to you get error. I think the reason is, that in stored procedures you can execute two or more SELECTs. I already tried to find the location in the httpd sources where a fix is needed, but it seems to me that httpd is using the apr db driver interface. Maybe the fix has to be done there and not in httpd source, but I'm not sure. Regards Torge - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_authn_dbd: Stored procedures not supported ... Commands out of sync; you can't run this command now
On 06/29/2014 07:25 AM, Torge Riedel wrote: Hi, I'm having a server installed with Apache 2.2 (Ubuntu LTS 12.04) and I used mod_authn_dbd as documented here http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html to check the permissions. Since I use a MySQL database DBDriver mysql is set. Since there is already an existing user management on a different server with access restrictions, the only way to use it is via a stored procedure, thus AuthDBUserPWQuery CALL queryUser(%s) is defined like this. But this is a problem, since MySQL is - let's say - a little bit special when performing a query which is a call to a stored procedure. If you just perform the query and fetch the result, the next query within the same connection will fail with Commands out of sync; you can't run this command now error. The reason is that when performing a query with a call to a stored procedure you must take result sets into account like you do when doing a multi-query. Multi-Query: SELECT * FROM tUsers1; SELECT * FROM tUsers2; returns in MySQL two result sets and you have to use mysql_use_result() mysql_store_result() mysql_free_result() to properly handle the returned data. And in ANY case where stored procedures are involved, you have to use the methods above otherwise to you get error. I think the reason is, that in stored procedures you can execute two or more SELECTs. I already tried to find the location in the httpd sources where a fix is needed, but it seems to me that httpd is using the apr db driver interface. Maybe the fix has to be done there and not in httpd source, but I'm not sure. Regards Torge - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org I had this issue before and I can't remember how I fixed it. If you could provide more of your httpd.conf It might remind me. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] mod_authn_dbd: Stored procedures not supported ... Commands out of sync; you can't run this command now
On 06/29/2014 09:37 AM, Edgar Pettijohn wrote: On 06/29/2014 07:25 AM, Torge Riedel wrote: Hi, I'm having a server installed with Apache 2.2 (Ubuntu LTS 12.04) and I used mod_authn_dbd as documented here http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html to check the permissions. Since I use a MySQL database DBDriver mysql is set. Since there is already an existing user management on a different server with access restrictions, the only way to use it is via a stored procedure, thus AuthDBUserPWQuery CALL queryUser(%s) is defined like this. But this is a problem, since MySQL is - let's say - a little bit special when performing a query which is a call to a stored procedure. If you just perform the query and fetch the result, the next query within the same connection will fail with Commands out of sync; you can't run this command now error. The reason is that when performing a query with a call to a stored procedure you must take result sets into account like you do when doing a multi-query. Multi-Query: SELECT * FROM tUsers1; SELECT * FROM tUsers2; returns in MySQL two result sets and you have to use mysql_use_result() mysql_store_result() mysql_free_result() to properly handle the returned data. And in ANY case where stored procedures are involved, you have to use the methods above otherwise to you get error. I think the reason is, that in stored procedures you can execute two or more SELECTs. I already tried to find the location in the httpd sources where a fix is needed, but it seems to me that httpd is using the apr db driver interface. Maybe the fix has to be done there and not in httpd source, but I'm not sure. Regards Torge - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org I had this issue before and I can't remember how I fixed it. If you could provide more of your httpd.conf It might remind me. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org And httpd-error.log snippets. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Client certificate auth behind f5 loadbalancer
Hi, thanks for your response. I know that F5 loadbalancers can do this - unfortunately i use a shared loadbalancer without the possibility to do fast changes to the certificate revocation list. Regards Marc Am 28.06.2014 19:54, schrieb Marco Pizzoli: Hi Marc, as F5 user maybe you are not yet aware that with F5, leveraging iRules, you can: - implement client cert verification/validation, also specifically checking the CN of the certificate - publish to the apache backend custom HTTP headers carrying informations extracted from the client certificate Both cases are well documented on the F5 site. The first one in particular I can say by having implemented on my own. Is it something useful to your case? Regards Marco On Sat, Jun 28, 2014 at 5:04 PM, Marc Schöchlin m...@256bit.org mailto:m...@256bit.org wrote: Hi, On 06/26/2014 04:08 PM, andre.wen...@bmw.de mailto:andre.wen...@bmw.de wrote: Why do you terminate the ssl on the F5 and not on the Apache-backend? We load balance IP/Port-based on the F5 and terminate the SSL on the Apache backend, so you would be able to turn on your SSLEngine and Proxy the SSL from the F5 on the SSL Standard SSL Port 443 of the Apache and you can do everything you want because you have all SSL information. i use a wildcard certificate on my frontend ip to do irule-based (looking for the hostheader) backend pool selection. Therefore it would be good to terminate ssl in the f5. I will now use a new frontend ip on the loadbalancer and i then i will forward the traffic to the backend servers Regards Marc -- GPG encryption available: 0x670DCBEC/pool.sks-keyservers.net http://pool.sks-keyservers.net - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org mailto:users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org mailto:users-h...@httpd.apache.org
[users@httpd] ProxyPass directive fails on IPv6 address:
I'm using Apache to front-end some servers listening on loopback but the ProxyPass directive doesn't like IPv6 addresses. I spin up a server on IPv6 address [::1]:8001, confirmed working using cURL and shown here on nestat: tcp0 0 ::1:8001:::* LISTEN 1348/./WebToolsTest I use the following ProxyPass directive: ProxyPass / http://[::1]:8001/ ProxyPassReverse / http://[::1]:8001/ However, when I try to connect using any HTTP client, I get the following error in logs: [Sun Jun 29 21:12:40 2014] [error] [client 24.228.250.155] proxy: DNS lookup failure for: ::1 returned by / When I switch everything to IPv4, i.e. bind the back end to 127.0.0.1:8001 and switch ProxyPass, *everything* works fine. Why would mod_proxy accept IPv4 addresses but not IPv6? Why is it doing a DNS lookup on IPv6 addresses? Thanks, Nader