Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1100782

Summary: Add note to install guide that apr-util-ldap needs to be installed on RHEL7 for LDAP authentication to work
Product: [JBoss] JBoss Enterprise Web Server 2 Reporter: Michal Haško <mhasko>
Component: doc-Installation-GuideAssignee: Mandar Joshi <majoshi>
Status: CLOSED CURRENTRELEASE QA Contact: Michal Haško <mhasko>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 2.1.0CC: jclere, jdoyle, jstefl, lfuka, majoshi, mhasko, pslavice, pyaduvan, rsvoboda, vtunka
Target Milestone: ER03Flags: jclere: needinfo-
Target Release: 2.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1106566 (view as bug list) Environment:
Last Closed: 2014-08-21 08:43:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1106566    
Attachments:
Description Flags
httpd logs none

Description Michal Haško 2014-05-23 12:28:08 UTC 
Created attachment 898666 [details]
httpd logs

Description of problem:
LDAP authentication is not funcitonal wirh HTTPD on RHEL7.

Version-Release number of selected component (if applicable):
http://download.devel.redhat.com/devel/candidates/JBEWS/2.1.0.ER1/jboss-ews-httpd-2.1.0-ER1-RHEL7-x86_64.zip

How reproducible:
100%

Steps to Reproduce:
1. setup httpd with ldap authentication to a running ldap server
2. access a protected webpage without credentials -> 401 Unatuhorized
3. access the same page, supply correct credentials

Actual results:
500 Internal Server Error
in error_log:
[Thu May 22 08:29:20 2014] [info] [client 127.0.0.1] [26754] auth_ldap authenticate: user hnelson authentication failed; URI /ldap-status [LDAP: ldap initialization failed][Unknown (private extension) error]

Expected results:
200 OK

Additional info:
See attached logs
Comment 1 Jean-frederic Clere 2014-05-27 06:44:36 UTC 
Could we also get the configuration files?
Comment 2 Michal Haško 2014-05-30 08:06:36 UTC 
The requested info was provided by email.
Comment 4 Jean-frederic Clere 2014-06-04 11:35:07 UTC 
Could you check in the installation where:
jboss-ews-2.1/httpd/lib/libapr-1.so
and
jboss-ews-2.1/httpd/lib/libaprutil-1.so
are pointing?
Comment 5 Jean-frederic Clere 2014-06-04 11:54:31 UTC 
Also a ldd output for jboss-ews-2.1/httpd/modules/mod_ldap.so would be nice.
Comment 8 Michal Haško 2014-06-10 07:47:40 UTC 
(In reply to Jean-frederic Clere from comment #4)

ER1:
# ls -l jboss-ews-2.1/httpd/lib/libapr*
lrwxrwxrwx. 1 root root 22 Jun 10 03:43 jboss-ews-2.1/httpd/lib/libapr-1.la -> /usr/lib64/libapr-1.la
lrwxrwxrwx. 1 root root 22 Jun 10 03:43 jboss-ews-2.1/httpd/lib/libapr-1.so -> /usr/lib64/libapr-1.so
lrwxrwxrwx. 1 root root 24 Jun 10 03:43 jboss-ews-2.1/httpd/lib/libapr-1.so.0 -> /usr/lib64/libapr-1.so.0
lrwxrwxrwx. 1 root root 28 Jun 10 03:43 jboss-ews-2.1/httpd/lib/libapr-1.so.0.3.9 -> /usr/lib64/libapr-1.so.0.3.9 (symlink broken, target doesn't exist)
lrwxrwxrwx. 1 root root 26 Jun 10 03:43 jboss-ews-2.1/httpd/lib/libaprutil-1.la -> /usr/lib64/libaprutil-1.la
lrwxrwxrwx. 1 root root 26 Jun 10 03:43 jboss-ews-2.1/httpd/lib/libaprutil-1.so -> /usr/lib64/libaprutil-1.so
lrwxrwxrwx. 1 root root 28 Jun 10 03:43 jboss-ews-2.1/httpd/lib/libaprutil-1.so.0 -> /usr/lib64/libaprutil-1.so.0
lrwxrwxrwx. 1 root root 32 Jun 10 03:43 jboss-ews-2.1/httpd/lib/libaprutil-1.so.0.3.9 -> /usr/lib64/libaprutil-1.so.0.3.9 (symlink broken, target doesn't exist)

# ldd jboss-ews-2.1/httpd/modules/mod_ldap.so
	linux-vdso.so.1 =>  (0x00007fff721fe000)
	libldap_r-2.4.so.2 => /lib64/libldap_r-2.4.so.2 (0x00007f4eb0587000)
	liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x00007f4eb0378000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4eb015b000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f4eafd9a000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f4eafb80000)
	libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007f4eaf962000)
	libssl3.so => /lib64/libssl3.so (0x00007f4eaf723000)
	libsmime3.so => /lib64/libsmime3.so (0x00007f4eaf4f6000)
	libnss3.so => /lib64/libnss3.so (0x00007f4eaf1af000)
	libnssutil3.so => /lib64/libnssutil3.so (0x00007f4eaef83000)
	libplds4.so => /lib64/libplds4.so (0x00007f4eaed7f000)
	libplc4.so => /lib64/libplc4.so (0x00007f4eaeb79000)
	libnspr4.so => /lib64/libnspr4.so (0x00007f4eae93b000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007f4eae737000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f4eb09f9000)
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f4eae4ff000)
	libz.so.1 => /lib64/libz.so.1 (0x00007f4eae2e9000)
	librt.so.1 => /lib64/librt.so.1 (0x00007f4eae0e0000)
	libfreebl3.so => /lib64/libfreebl3.so (0x00007f4eade61000)


ER2:
# ls -l jboss-ews-2.1/httpd/lib/libapr*
lrwxrwxrwx. 1 root root 22 Jun 10 03:46 jboss-ews-2.1/httpd/lib/libapr-1.la -> /usr/lib64/libapr-1.la
lrwxrwxrwx. 1 root root 22 Jun 10 03:46 jboss-ews-2.1/httpd/lib/libapr-1.so -> /usr/lib64/libapr-1.so
lrwxrwxrwx. 1 root root 24 Jun 10 03:46 jboss-ews-2.1/httpd/lib/libapr-1.so.0 -> /usr/lib64/libapr-1.so.0
lrwxrwxrwx. 1 root root 28 Jun 10 03:46 jboss-ews-2.1/httpd/lib/libapr-1.so.0.4.8 -> /usr/lib64/libapr-1.so.0.4.8
lrwxrwxrwx. 1 root root 26 Jun 10 03:46 jboss-ews-2.1/httpd/lib/libaprutil-1.la -> /usr/lib64/libaprutil-1.la
lrwxrwxrwx. 1 root root 26 Jun 10 03:46 jboss-ews-2.1/httpd/lib/libaprutil-1.so -> /usr/lib64/libaprutil-1.so
lrwxrwxrwx. 1 root root 28 Jun 10 03:46 jboss-ews-2.1/httpd/lib/libaprutil-1.so.0 -> /usr/lib64/libaprutil-1.so.0
lrwxrwxrwx. 1 root root 32 Jun 10 03:46 jboss-ews-2.1/httpd/lib/libaprutil-1.so.0.5.2 -> /usr/lib64/libaprutil-1.so.0.5.2

# ldd jboss-ews-2.1/httpd/modules/mod_ldap.so
	linux-vdso.so.1 =>  (0x00007fff431df000)
	libldap_r-2.4.so.2 => /lib64/libldap_r-2.4.so.2 (0x00007f85d317b000)
	liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x00007f85d2f6c000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f85d2d4f000)
	libc.so.6 => /lib64/libc.so.6 (0x00007f85d298e000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f85d2774000)
	libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007f85d2556000)
	libssl3.so => /lib64/libssl3.so (0x00007f85d2317000)
	libsmime3.so => /lib64/libsmime3.so (0x00007f85d20ea000)
	libnss3.so => /lib64/libnss3.so (0x00007f85d1da3000)
	libnssutil3.so => /lib64/libnssutil3.so (0x00007f85d1b77000)
	libplds4.so => /lib64/libplds4.so (0x00007f85d1973000)
	libplc4.so => /lib64/libplc4.so (0x00007f85d176d000)
	libnspr4.so => /lib64/libnspr4.so (0x00007f85d152f000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007f85d132b000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f85d35ed000)
	libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f85d10f3000)
	libz.so.1 => /lib64/libz.so.1 (0x00007f85d0edd000)
	librt.so.1 => /lib64/librt.so.1 (0x00007f85d0cd4000)
	libfreebl3.so => /lib64/libfreebl3.so (0x00007f85d0a55000)
Comment 9 Jean-frederic Clere 2014-06-10 08:23:25 UTC 
Is it working with ER2?
ER1 is obviously broken due to missing/wrong symlinks but ER2 looks OK.
Comment 10 Michal Haško 2014-06-10 12:49:05 UTC 
I've tried manually on ER2, and I'm still getting HTTP 500.
Comment 11 Michal Haško 2014-06-10 14:33:07 UTC 
Can this have anything in common with the updated APR version in RHEL7?
Comment 12 Jean-frederic Clere 2014-06-10 14:37:54 UTC 
Yes it is related witht the apr-util and/or apr versions.
ER1 having wrong symlink... So it was broken. I though that ER2 was OK.... At least the symlinks are OK.
Comment 13 Jean-frederic Clere 2014-06-10 14:38:44 UTC 
Are you sure you get the same error message in error_log?
Comment 14 Jean-frederic Clere 2014-06-10 16:24:52 UTC 
strace tells the following
++++
29911 open("/home/jfclere/jboss-ews-2.1/httpd/lib/apr_ldap-1.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
29911 open("/home/jfclere/jboss-ews-2.1/httpd/lib/apr-util-1/apr_ldap-1.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
29911 open("/usr/lib64/apr-util-1/apr_ldap-1.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
29911 open("/home/jfclere/jboss-ews-2.1/httpd/lib/apr_ldap-1.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
29911 open("/home/jfclere/jboss-ews-2.1/httpd/lib/apr-util-1/apr_ldap-1.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
29911 open("/usr/lib64/apr-util-1/apr_ldap-1.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
++++
I don't see what requires nor provides it but that might be the problem.
Comment 15 Jean-frederic Clere 2014-06-10 17:14:48 UTC 
The problem is that apr_ldap-1.so is missing.
In load_ldap() httpd tries to load apr_ldap-1.so but can't locate it.
On Fedora 20 there is a apr-util-ldap package:
+++
[jfclere@jfcpc APACHE-2.2.21]$ repoquery -lq apr-util-ldap
/usr/lib64/apr-util-1/apr_ldap-1.so
/usr/lib64/apr-util-1/apr_ldap.so
+++
Comment 16 Michal Haško 2014-06-11 08:43:56 UTC 
Thank you Jean-Frédéric, you helped a lot! Installing apr-util-ldap (which is also available in RHEL7) fixed the issue.

Installation Guide must be modified to contain information that apr-util-ldap needs to be installed on RHEL7.

I'm changing this bug component to 'doc-Installation-Guide' and modifying the bug description accordingly.
Comment 18 Mandar Joshi 2014-06-17 08:12:49 UTC 
Hi Libor,

Can you please verify the documentation changes?

Thanks,
Mandar
Comment 19 Libor Fuka 2014-06-17 08:29:44 UTC 
Michal, please check.
Comment 20 Libor Fuka 2014-06-17 08:30:18 UTC 
Michal, please check.
Comment 22 Michal Haško 2014-07-09 10:54:10 UTC 
Based on bug 1108181, comment 2 the install guide should not mention that apr-util-ldap is a prerequisite for zip installation (it is possible to install ews-2.1 without apr-util-ldap). Instead it should mention that apr-util-ldap is needed when user wishes to use ldap authentication.
Comment 25 Misha H. Ali 2014-08-21 08:43:10 UTC 
Now available on the customer portal:

https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Web_Server/2.1/