On Tue, Sep 5, 2017 at 8:30 PM, Yehuda Katz <yeh...@ymkatz.net> wrote: > We have set of three servers running Apache 2.4. (version distributed with > RedHat 7) behind a Kemp LoadMaster load balancer. The configuration is > managed by Puppet, so all the servers have the same configuration. I put the > configuration in a Gist to keep the email simple: > https://gist.github.com/yakatz/b406753f6bdc5e19ef5386361afa4b1c > > We have several directories that randomly show 500 errors, but when you > refresh, everytthing works fine. > The 500 error is written to the access log on the expected server, but > nothing shows up in any error log on any of the servers. > > I suspect this is caused by mod_authnz_ldap because the errors usually show > up upon accessing a page that uses basic auth + ldap for the first time > during the day (or after a long, but undetermined, timeout). The document > root is also on an NFS mount, but we have good logging for NFS and haven't > seen any issues, so I don't think that is the source of the issue. > > I know the correct virtual host is being used because I added a custom 500 > error page which is being shown and the correct access log is being written > to. > > I did not see any documentation about enabling additional logging for > mod_ldap or mod_authnz_ldap, but since most connection have no problems, I > think that will lead to much more noise in the logs. >
Well in 2.4 you can set individual modules to log at trace8. Depending on your current level, you could try just debug. Additionally, you can set LDAPLibraryDebug to try to get your ldap library to also log to stderr which will be very noisy. If you want relief, I'd suggest setting a TTL on the connection LDAP connection pool based on your description. But there is likely also a bug if the stale connection in the pool results in a 500, which would maybe be more clear with debug or traceX logging. -- Eric Covener cove...@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
