ports/86416: apache <=2.0.54. mod_ldap can't work with ldap-server over SSL
Dmitriy Kirhlarov
dimma at higis.ru
Wed Sep 21 14:40:06 UTC 2005
>Number: 86416
>Category: ports
>Synopsis: apache <=2.0.54. mod_ldap can't work with ldap-server over SSL
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Sep 21 14:40:05 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Dmitriy Kirhlarov
>Release: 5.4-RELEASE-p5
>Organization:
Oilspace
>Environment:
FreeBSD clh0.cluster 5.4-RELEASE-p5 FreeBSD 5.4-RELEASE-p5 #2: Fri Aug 5 22:34:00 MSD 2005 root at clh0.cluster:/usr/obj/usr/src/sys/clh i386
>Description:
Apache can't understand CAcert format and can't switch on SSL support for LDAP.
>How-To-Repeat:
compile apache from ports with
-DWITH_LDAP_MODULES -DWITH_AUTH_MODULES -DWITH_SSL_MODULES params
include in httpd.conf
LDAPTrustedCA
LDAPTrustedCAType
and in .htaccess
AuthLDAPURL ldaps://...
parameters.
When apache started you get in error log:
[notice] LDAP: Built with OpenLDAP LDAP SDK
[notice] LDAP: SSL support unavailable
after that your authorization work over plain ldap.
It's bug described with patch:
http://issues.apache.org/bugzilla/show_bug.cgi?id=36563
But little bug not gone
Wnen your use DER or BASE64 type CAcert. In both situation you must use
LDAPTrustedCAType BASE64_FILE
Configure your log-files with *debug* level _before_ configure mod_ldap in httpd
.conf for verbose description in error log.
>Fix:
--- patch-modules-experimental-util_ldap_cache.c begins here ---
--- modules/experimental/util_ldap_cache.c.orig Wed Sep 21 12:17:53 2005
+++ modules/experimental/util_ldap_cache.c Wed Sep 21 12:14:26 2005
@@ -158,18 +158,22 @@
/* copy vals */
if (node->vals) {
- int k = 0;
+ int k = node->numvals;
int i = 0;
- while (node->vals[k++]);
if (!(newnode->vals = util_ald_alloc(cache, sizeof(char *) * (k+1)))) {
util_ldap_search_node_free(cache, newnode);
return NULL;
}
- while (node->vals[i]) {
- if (!(newnode->vals[i] = util_ald_strdup(cache, node->vals[i]))) {
- util_ldap_search_node_free(cache, newnode);
- return NULL;
+ newnode->numvals = node->numvals;
+ for (;k;k--) {
+ if (node->vals[i]) {
+ if (!(newnode->vals[i] = util_ald_strdup(cache, node->vals[i]))) {
+ util_ldap_search_node_free(cache, newnode);
+ return NULL;
+ }
}
+ else
+ newnode->vals[i] = NULL;
i++;
}
}
@@ -199,9 +203,13 @@
{
int i = 0;
util_search_node_t *node = (util_search_node_t *)n;
+ int k = node->numvals;
+
if (node->vals) {
- while (node->vals[i]) {
- util_ald_free(cache, node->vals[i++]);
+ for (;k;k--,i++) {
+ if (node->vals[i]) {
+ util_ald_free(cache, node->vals[i]);
+ }
}
util_ald_free(cache, node->vals);
}
--- patch-modules-experimental-util_ldap_cache.c ends here ---
--- patch-modules-experimental-util_ldap_cache.h begins here ---
--- modules/experimental/util_ldap_cache.h.orig Wed Sep 21 12:32:57 2005
+++ modules/experimental/util_ldap_cache.h Wed Sep 21 12:14:26 2005
@@ -110,6 +110,7 @@
NULL if the bind failed */
apr_time_t lastbind; /* Time of last successful bind */
const char **vals; /* Values of queried attributes */
+ int numvals; /* Number of queried attributes */
} util_search_node_t;
/*
--- patch-modules-experimental-util_ldap_cache.h ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list