HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Ldap and Apache 2.2 on HP-UX 11.23
Operating System - HP-UX
1825777
Members
2124
Online
109687
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-22-2008 08:01 AM
10-22-2008 08:01 AM
Ldap and Apache 2.2 on HP-UX 11.23
I'm trying to get ldap authentication working on an HP-UX 11.23 box running Apache 2.2 but get the following error message in the error.log:
[Tue Oct 21 10:43:15 2008] [debug] mod_authnz_ldap.c(377): [client 10.20.100.75] [29071] auth_ldap authenticate: using URL ldap://10.20.100
.79/ou=Faculty,dc=salem,dc=edu?uid?sub?(objectClass=posixAccount), referer: http://sabert:9040/
Assertion failed: ld != NULL, file sasl.c, line 79
Any help would be appreciated.
[Tue Oct 21 10:43:15 2008] [debug] mod_authnz_ldap.c(377): [client 10.20.100.75] [29071] auth_ldap authenticate: using URL ldap://10.20.100
.79/ou=Faculty,dc=salem,dc=edu?uid?sub?(objectClass=posixAccount), referer: http://sabert:9040/
Assertion failed: ld != NULL, file sasl.c, line 79
Any help would be appreciated.
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2009 09:57 AM
03-03-2009 09:57 AM
Re: Ldap and Apache 2.2 on HP-UX 11.23
Greetings,
We are experiencing a very similar error running Apache 2.2.11 on HP-UX 11.11. In our case the assertion fails in line 74 of the sasl.c file instead of line 79. Likewise, this happens just as our Apache 2.2.11 instance tries to connect to the LDAP server to authenticate a user. In fact, the logs on our LDAP server show that Apache 2.2.11 is not even connecting.
This is on an Apache 2.2.11 built from source, using libraries from OpenLDAP 2.4.11 and OpenSSL 0.9.8j, also built from source. We are aware that Apache 2.2.X is available in depot for 11.23, but we are stuck on 11.11 for the immediate future.
We believe that the sasl.c file referenced in the Apache error log is part of the OpenLDAP source tree. We have tried explicitly including CyrusSASL (also built from source) in our build of OpenLDAP, and we have tried explicitly excluding SASL support from the OpenLDAP build process. In each case the "make test" part of the OpenLDAP build process appears to succeed. In both cases, after rebuilding Apache with the rebuilt OpenLDAP libraries, we continue to get the failed assertion in sasl.c in the Apache error log.
Likewise, we have tried this with and without SSL encrypting the traffic between Apache 2.2.11 and the LDAP server, and we get the failed assertion in sasl.c in the Apache error log either way.
We have also built/run an Apache 2.0.63 instance against these same OpenLDAP and OpenSSL libraries, and it can authenticate users successfully with our LDAP server.
Has anyone seen anything like this? Likewise, does anyone have any thoughts on why Apache 2.2.11 is getting this error, but Apache 2.0.63 works? I plan on looking at the Apache source code directly next, but it never hurts to crowd source this as well. Also, in case you are wondering, using Apache 2.0.63 is not an option for us. We somehow have to get 2.2.11 working.
Thanks in advance for any assistance.
Regards.
We are experiencing a very similar error running Apache 2.2.11 on HP-UX 11.11. In our case the assertion fails in line 74 of the sasl.c file instead of line 79. Likewise, this happens just as our Apache 2.2.11 instance tries to connect to the LDAP server to authenticate a user. In fact, the logs on our LDAP server show that Apache 2.2.11 is not even connecting.
This is on an Apache 2.2.11 built from source, using libraries from OpenLDAP 2.4.11 and OpenSSL 0.9.8j, also built from source. We are aware that Apache 2.2.X is available in depot for 11.23, but we are stuck on 11.11 for the immediate future.
We believe that the sasl.c file referenced in the Apache error log is part of the OpenLDAP source tree. We have tried explicitly including CyrusSASL (also built from source) in our build of OpenLDAP, and we have tried explicitly excluding SASL support from the OpenLDAP build process. In each case the "make test" part of the OpenLDAP build process appears to succeed. In both cases, after rebuilding Apache with the rebuilt OpenLDAP libraries, we continue to get the failed assertion in sasl.c in the Apache error log.
Likewise, we have tried this with and without SSL encrypting the traffic between Apache 2.2.11 and the LDAP server, and we get the failed assertion in sasl.c in the Apache error log either way.
We have also built/run an Apache 2.0.63 instance against these same OpenLDAP and OpenSSL libraries, and it can authenticate users successfully with our LDAP server.
Has anyone seen anything like this? Likewise, does anyone have any thoughts on why Apache 2.2.11 is getting this error, but Apache 2.0.63 works? I plan on looking at the Apache source code directly next, but it never hurts to crowd source this as well. Also, in case you are wondering, using Apache 2.0.63 is not an option for us. We somehow have to get 2.2.11 working.
Thanks in advance for any assistance.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2009 10:15 AM
03-03-2009 10:15 AM
Re: Ldap and Apache 2.2 on HP-UX 11.23
Shalom,
Apache's LDAP integration is proven. It works.
My guess based in experience is the HP-UX integration needs to be looked at.
http://www.docs.hp.com/en/15204/CIFSUnifiedLogin.pdf
That is the integration document you want to check.
You need if Windows is involved your latest Windows 2003 Server release, the older releases won't work.
SEP
Apache's LDAP integration is proven. It works.
My guess based in experience is the HP-UX integration needs to be looked at.
http://www.docs.hp.com/en/15204/CIFSUnifiedLogin.pdf
That is the integration document you want to check.
You need if Windows is involved your latest Windows 2003 Server release, the older releases won't work.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2009 11:50 AM
03-04-2009 11:50 AM
Re: Ldap and Apache 2.2 on HP-UX 11.23
Steven,
Thank you for the reply. Some our machines have LDAP-UX installed, but not configured. I tried building Apache against the Mozilla LDAP SDK that comes with LDAP-UX. Unfortunately, the Apache build process could not find the function ldap_init in the Mozilla LDAP SDK libraries. I tried running strings on the libraries, and ldap_init was one of the strings I found. I'm not sure at this point why the Apache config process is failing when pointed to the Mozilla LDAP SDK. I checked the config.log from the Apache config process, but it was no help. Any thoughts?
I also tried using pre-built OpenLDAP installed from depot that I acquired from HP. When Apache 2.2.11 was built with these OpenLDAP libraries, I was able to exactly duplicate the error reported by RClark. The ld != NULL assertion fails in line 79. Before, I was getting this in line 74.
When I said I was going to look at the source code, I wasn't so much looking for a coding error on the part of the Apache developers. I think that the Apache code base is one of the cleanest around. I just was hoping to find a clue. I took a look today, and I noticed that almost immediately after control passes from util_ldap.c in the Apache code base to search.c in the OpenLDAP code base, OpenLDAP asserts that ld != NULL. Since we are getting the failed assertion in sasl.c (not search.c), this suggests the OpenLDAP build is not fully baked.
Again, any further thoughts?
Again, thanks in advance for any assistance.
Regards,
Patrick
Thank you for the reply. Some our machines have LDAP-UX installed, but not configured. I tried building Apache against the Mozilla LDAP SDK that comes with LDAP-UX. Unfortunately, the Apache build process could not find the function ldap_init in the Mozilla LDAP SDK libraries. I tried running strings on the libraries, and ldap_init was one of the strings I found. I'm not sure at this point why the Apache config process is failing when pointed to the Mozilla LDAP SDK. I checked the config.log from the Apache config process, but it was no help. Any thoughts?
I also tried using pre-built OpenLDAP installed from depot that I acquired from HP. When Apache 2.2.11 was built with these OpenLDAP libraries, I was able to exactly duplicate the error reported by RClark. The ld != NULL assertion fails in line 79. Before, I was getting this in line 74.
When I said I was going to look at the source code, I wasn't so much looking for a coding error on the part of the Apache developers. I think that the Apache code base is one of the cleanest around. I just was hoping to find a clue. I took a look today, and I noticed that almost immediately after control passes from util_ldap.c in the Apache code base to search.c in the OpenLDAP code base, OpenLDAP asserts that ld != NULL. Since we are getting the failed assertion in sasl.c (not search.c), this suggests the OpenLDAP build is not fully baked.
Again, any further thoughts?
Again, thanks in advance for any assistance.
Regards,
Patrick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2009 06:50 AM
03-16-2009 06:50 AM
Re: Ldap and Apache 2.2 on HP-UX 11.23
Greetings,
I found a solution to this problem by running Apache in the gdb C debugger. Thankfully, the Apache Foundation offers documentation on how to do this:
http://httpd.apache.org/dev/debugging.html
It turns out that the issue is in the file apr_ldap_stub.c. Observe the following code snippet starting in line 48:
#if defined(NETWARE)
modname = "aprldap.nlm";
#elif defined(WIN32)
modname = "apr_ldap-" APU_STRINGIFY(APU_MAJOR_VERSION) ".dll";
#else
modname = "apr_ldap-" APU_STRINGIFY(APU_MAJOR_VERSION) ".so";
#endif
rv = apu_dso_load(&symbol, modname, "apr__ldap_fns", pool);
if (rv == APR_SUCCESS) {
lfn = symbol;
}
Since we are running this on UNIX, the variable modname acquires the value â apr_ldap-1.soâ . However, because all the machines involved are PA-Risc based and running 11.11, the Apache build process generates this file as â apr_ldap-1.slâ . This causes the call to apu_dso_load () to fail, which in turn causes Apache to call the OpenLDAP libraries with improperly initialized parameter(s).
Thankfully, the workaround is trivial. In SERVERROOT/lib/apr-util-1, I symlinked apr_ldap-1.so to apr_ldap-1.sl, and LDAP authentication started working.
I found a solution to this problem by running Apache in the gdb C debugger. Thankfully, the Apache Foundation offers documentation on how to do this:
http://httpd.apache.org/dev/debugging.html
It turns out that the issue is in the file apr_ldap_stub.c. Observe the following code snippet starting in line 48:
#if defined(NETWARE)
modname = "aprldap.nlm";
#elif defined(WIN32)
modname = "apr_ldap-" APU_STRINGIFY(APU_MAJOR_VERSION) ".dll";
#else
modname = "apr_ldap-" APU_STRINGIFY(APU_MAJOR_VERSION) ".so";
#endif
rv = apu_dso_load(&symbol, modname, "apr__ldap_fns", pool);
if (rv == APR_SUCCESS) {
lfn = symbol;
}
Since we are running this on UNIX, the variable modname acquires the value â apr_ldap-1.soâ . However, because all the machines involved are PA-Risc based and running 11.11, the Apache build process generates this file as â apr_ldap-1.slâ . This causes the call to apu_dso_load () to fail, which in turn causes Apache to call the OpenLDAP libraries with improperly initialized parameter(s).
Thankfully, the workaround is trivial. In SERVERROOT/lib/apr-util-1, I symlinked apr_ldap-1.so to apr_ldap-1.sl, and LDAP authentication started working.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP