962819 – Apache Use of LDAP+SSL Doesn't Work on Windows

Bug 962819 - Apache Use of LDAP+SSL Doesn't Work on Windows

Summary: Apache Use of LDAP+SSL Doesn't Work on Windows

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	JBoss Enterprise Web Server 2
Classification:	JBoss
Component:	httpd
Sub Component:
Version:	2.0.0,2.0.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	---
Assignee:	Weinan Li
QA Contact:	Libor Fuka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-05-14 13:56 UTC by Jimmy Wilson
Modified:	2019-06-13 12:09 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2019-06-13 12:09:53 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)
httpd error_log (8.12 KB, text/plain) 2013-10-22 12:34 UTC, Libor Fuka	no flags	Details
access_log (417 bytes, text/plain) 2013-10-22 12:35 UTC, Libor Fuka	no flags	Details
ldap conf (804 bytes, text/plain) 2013-10-22 12:35 UTC, Libor Fuka	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Apache Bugzilla	54626	0	None	None	None	Never

Description Jimmy Wilson 2013-05-14 13:56:12 UTC

Apache use of LDAP+SSL doesn't work on Windows.

There's an upstream bug report (linked).

Comment 2 Jean-frederic Clere 2013-05-14 14:57:36 UTC

This bug isn't yet fixed in 2.4.x upstream.
Additionally it is a bit tricky to test/develop on windows so except people from the ASF fix the bug we won't be able to have it EWS 2.0.1.

Comment 5 Mandar Joshi 2013-05-29 17:02:43 UTC

Added DocText.

@Jean-Frederic Clere, can you please review the Doc Text content?

Comment 7 Weinan Li 2013-05-30 02:46:37 UTC

This issue won't be included in EWS 2.0.1 as it's already NACKed by PM

Comment 8 Misha H. Ali 2013-05-30 07:09:39 UTC

Identified by Jean-Frederic as a Known Issue. Added release note, assuming no workaround exists. Need SMEs to confirm the release note is accurate.

Comment 9 Jean-frederic Clere 2013-09-25 16:05:26 UTC

I have submitted a better patch upstream for 2.2.25. Now porting to 2.2.22

Comment 10 Jean-frederic Clere 2013-10-14 12:13:14 UTC

The upstream patch "https://issues.apache.org/bugzilla/attachment.cgi?id=30881"
also applies to our httpd version.

Comment 11 Mladen Turk 2013-10-16 08:44:56 UTC

I have rebuild httpd with applied patch
You can download binaries from
https://brewweb.devel.redhat.com/buildinfo?buildID=300050

Note that you only need to extract and copy mod_ldap.so and mod_authnz_ldap.so
over the existing EWS.

Please check if that does the tick.

Comment 12 Libor Fuka 2013-10-22 06:30:51 UTC

Is this bug ON_QA ?
If so, please change the status.

Comment 13 Libor Fuka 2013-10-22 09:27:24 UTC

Are you sure Mladen, that only mod_ldap.so and mod_authnz_ldap.so copies from build are enough ?
The test still returns httpd status code 500 - internal server error

Comment 14 Mladen Turk 2013-10-22 10:22:56 UTC

(In reply to Libor Fuka from comment #13)
> Are you sure Mladen, that only mod_ldap.so and mod_authnz_ldap.so copies
> from build are enough ?
> The test still returns httpd status code 500 - internal server error

The patch only touches util_ldap.c so yes, that's the only file changed by this patch. No other files are affected.

Comment 15 Libor Fuka 2013-10-22 12:34:00 UTC

ok, so patch doesn't work.

Comment 16 Libor Fuka 2013-10-22 12:34:46 UTC

Created attachment 814970 [details]
httpd error_log

Comment 17 Libor Fuka 2013-10-22 12:35:13 UTC

Created attachment 814971 [details]
access_log

Comment 18 Libor Fuka 2013-10-22 12:35:46 UTC

Created attachment 814972 [details]
ldap conf

Comment 19 Mladen Turk 2013-10-22 13:57:29 UTC

Do you have a log files without patched mod_ldap?

Comment 20 Libor Fuka 2013-10-23 07:09:03 UTC

Yes, I  have. error_log is the same.

Comment 21 Jean-frederic Clere 2013-10-23 13:11:46 UTC

[Tue Oct 22 04:39:14 2013] [info] [client 127.0.0.1] [3152] auth_ldap authenticate: user hnelson authentication failed; URI /ldap-status [LDAP: ldap_simple_bind_s() failed][Server Down]

Are you sure the ldap server is running?

Comment 22 Libor Fuka 2013-10-23 13:13:15 UTC

Sure, LDAP is running

Comment 23 Jean-frederic Clere 2013-10-23 14:16:06 UTC

you should remove the STARTTLS in the AuthLDAPURL

Comment 24 Libor Fuka 2013-10-23 14:56:15 UTC

The result is the same without or with STARTTLS

Comment 25 Jean-frederic Clere 2013-10-23 15:40:53 UTC

Note: TLS | STARTTLS is not supported by the Windows operating system LDAP SDK you need to use SSL or ldaps://

Comment 26 Libor Fuka 2013-10-25 11:43:11 UTC

Tested with SSL and it still doesn't work :(

Comment 27 Jean-frederic Clere 2013-10-25 12:41:36 UTC

We need one more patch http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/util_ldap.h?r1=1375696&r2=1445119&pathrev=1445119&view=patch

Comment 28 Libor Fuka 2013-10-29 14:03:42 UTC

New build: https://brewweb.devel.redhat.com/buildinfo?buildID=302150

Comment 29 Libor Fuka 2013-10-30 06:52:00 UTC

VERIFED build from #28 (mod_ldap.so, mod_authnz_ldap.so) on MS Windows 2008 32-bit, MS Windows 2008 64-bit, MS Windows 2008R2 64-bit.
No regressions found.

Comment 30 Mandar Joshi 2014-08-08 12:14:26 UTC

Changed Doc type to Bug Fix.
Updated Doc Text.

Note You need to log in before you can comment on or make changes to this bug.