Description
When I try to connect to an ssl enabled ldap server, MoinMoin gets a Zero Sized Reply Error.
I have a ldap server that works fine over just ldap ('ldap://ldap.vmware.com'). I recently discovered that this server has ssl enabled and a few users of the wiki have asked for this ssl feature. I have successfully connected and authenticated to this server using ssl ('ldaps://ldap.vmware.com') in a php page that I made. When I make the change in MoinMoin (wikiconfig.py -> ldap_uri='ldaps://ldap.vmware.com') and restart apache, it gives a zero sized reply when I try to login or logout.
Steps to reproduce
- Change ldap_uri in wikiconfig.py to a ldaps enabled ldap server.
- Restart Apache.
- Try to logout or login.
Example
This is the screenshot of the zero sized reply that I get when I try to login or logout.
This is the screenshot of my wikiconfig.py file (with ldaps).
Details
I saw this in the apache log file: [Mon Nov 27 11:48:03 2006] [notice] mod_python: (Re)importing module 'moinmodpy' [Mon Nov 27 11:48:03 2006] [notice] child pid 31149 exit signal Segmentation fault (11)
MoinMoin Version |
1.5.6 |
OS and Version |
RHEL 3 |
Python Version |
2.4.3 |
Server Setup |
|
Server Details |
Apache 2.2.2, mod_ssl 2.2.2 |
Language you are using the wiki in (set in the browser/UserPreferences) |
En |
Workaround
- Don't enable access though ldaps.
Discussion
Can you please retry with the changes committed to 1.5 branch at 2006-12-22? See docs/CHANGES there.
I added a call to support ldaps with self-signed certs, but I have no setup to test this.
-> I tried w/the newer patch as you requested and it still gives the same error.
(Counterpoke 12-27-2006)
That segmentation fault doesn't look like an error caused by moin code or other python code, but rather some problem on a lower level.
-> What do you mean? Like a mod-python bug or something? No idea, but something written in C, not in Python.
I found those hints about ldaps usage:
1. You have to build the OpenLDAP libs --with-tls against OpenSSL. 2. python-ldap has to be build with SSL support by adding "ssl crypto" to line libs of setup.cfg. 3. See Demo/initialize.py for examples. Some more hints: + # python-ldap needs to be at least 2.0.0pre06 (available since mid 2002) for ldaps support + # some older debian installations (woody and older?) require libldap2-tls and python2.x-ldap-tls, + # otherwise you get ldap.SERVER_DOWN: "Can't contact LDAP server" - + # more recent debian installations have tls support in libldap2 (see dependency on gnutls) + # and also in python-ldap + # use ldaps://server:636
BTW, does anybody know some publically reachable ldaps: server i could use for some basic experiments?
![/!\](/moin_static19/modernized/img/alert.png "/!\"){kind=small}
Check whether the different pieces of software (apache/mod_python, python-ldap, libldap2) were linked against different versions of the openssl libs. This causes trouble.
See also this bug: MoinMoinBugs/ModPythonBreaksLdapAuth
- Sorry I took so long to test this out and respond. I installed a test instance with apache 2.0, python 2.3 (all just default packages that came with rhel4) and I used fastcgi instead of mod_python and the wiki connected beautifully to the ldap server using the following syntax: "ldaps://blah.blah.com". Thank you for helping me through this bug. This is was probably a linking bug or a bug w/mod_python. I'm moving all the wikis I manage off of mod_python and to fastcgi, so I consider this bug fixed. --counterpoke
Plan
- Priority:
- Assigned to:
- Status: mod_python related problem, not a moin bug, see comment above