On Mon, 31 Jan 2005 13:18:38 -0800, Justin Erenkrantz
[EMAIL PROTECTED] wrote:
Any opposition to doing a tag and roll of 2.0.53 soon? (Yes, I volunteer
to be RM.) How about targetting next Tuesday (2/8) for 2.0.53? I can lay
down the candidate tarball on Friday morning, so whatever backports
A while ago, Neil Hillard posted about a problem with a reverse proxy setup:
http://marc.theaimsgroup.com/?l=apache-httpd-usersm=110373067819763w=2
The problem is with ProxyPassReverse:
(1) ProxyPassReverse is documented as working inside Location
(2) ... but ProxyPassReverse is implemented on
Nick Kew said:
The simple fix is to move raliases to the dir_config so it supports
Location
by the usual means. Any reason I shouldn't patch it do do that?
This is definitely reasonable.
Regards,
Graham
--
Justin Erenkrantz wrote:
On Sun, Jan 30, 2005 at 10:11:44PM +1100, dean wrote:
Ive enabled mod_disk_cache in the 'stock-standard' httpd.conf, and
cached pages come back wrong (missing images css)
Ive found a bugzilla report that explained the exact same behaviour [Bug
31486].
Are you using the
Brad Nicholes wrote:
[EMAIL PROTECTED] Monday, January 31, 2005 2:26:09 PM
I'd love to see the LDAP socket timeout configuration stuff make it in
for 2.0.53!
--
Jess Holle
justin
Me too ;) Any voters out there?
On Feb 1, 2005, at 7:18 AM, Nick Kew wrote:
A while ago, Neil Hillard posted about a problem with a reverse proxy
setup:
http://marc.theaimsgroup.com/?l=apache-httpd-
usersm=110373067819763w=2
The problem is with ProxyPassReverse:
(1) ProxyPassReverse is documented as working inside Location
From: dean
I can capture traffic using tcpdump,
but there is so much mess (arp,
dns, acks etc), is there a filter to clean
it up to only show the relevant packets.
B.T.W. Im running the proxy on Mandrake 9.1.
and testing it from winxp Firefox IE6.
Perhaps
quote
Learn how to use the Microsoft
Jess Holle said:
I don't have a vote, but I believe the socket timeout configuration is
necessary to address issues seen with firewall timeouts and the LDAP
connections held open by Apache.
Is there an outstanding patch for this yet?
The right way to solve this problem is to allocate the
Graham Leggett wrote:
Jess Holle said:
I don't have a vote, but I believe the socket timeout configuration is
necessary to address issues seen with firewall timeouts and the LDAP
connections held open by Apache.
Is there an outstanding patch for this yet?
The right way to solve
I have already added a new directive to util_ldap called
LDAPConnectionTimeout (
http://httpd.apache.org/docs-2.1/mod/mod_ldap.html#ldapconnectiontimeout
) which allows util_ldap to set the network timeout through
rc = apr_ldap_set_option(p, NULL, LDAP_OPT_NETWORK_TIMEOUT,
I hate to say it but any solution would be appreciated.
This is the one brick wall customers are running into when trying to
use Apache (with mod_auth_ldap and mod_jk being the heaviest
dependencies beyond core functionality).
--
Jess Holle
Brad Nicholes wrote:
I have already added a
Brad Nicholes wrote:
I have already added a new directive to util_ldap called
LDAPConnectionTimeout (
http://httpd.apache.org/docs-2.1/mod/mod_ldap.html#ldapconnectiontimeout
) which allows util_ldap to set the network timeout through
rc = apr_ldap_set_option(p, NULL, LDAP_OPT_NETWORK_TIMEOUT,
Ouch!
Does the MS LDAP SDK define anything equivalent?
Fixing this on some platforms is better than on none, though.
--
Jess Holle
Mladen Turk wrote:
Brad Nicholes wrote:
I have already added a new directive to util_ldap called
LDAPConnectionTimeout (
I don't have a vote, but I believe the socket timeout configuration is
necessary to address issues seen with firewall timeouts and the LDAP
connections held open by Apache.
--
Jess Holle
I don't know if this is the best time/place to make a request for
patches to be included in 2.0.53, but
I was hoping that this wouldn't be the case. But since it is, take a
look at SVN r149419
Brad
[EMAIL PROTECTED] Tuesday, February 01, 2005 9:39:20 AM
Brad Nicholes wrote:
I have already added a new directive to util_ldap called
LDAPConnectionTimeout (
--On Tuesday, February 1, 2005 6:41 AM -0500 Jeff Trawick
[EMAIL PROTECTED] wrote:
Heck, I don't know how we get from here to closure on the 2.1-dev
equivalent ;) What do we do with the proxy-reqbody branch? Merge to
trunk?
Is it ready to be reviewed? I'd suggest asking for review to merge it
Brad Nicholes wrote:
I was hoping that this wouldn't be the case. But since it is, take a
look at SVN r149419
util_ldap.c
util_ldap.c(1615) : error C2065: 's' : undeclared identifier
util_ldap.c(1615) : warning C4047: 'function' : 'const server_rec *'
differs in levels of indirection from
I hate it when I get bit by copy and paste. Try r149421.
Brad
[EMAIL PROTECTED] Tuesday, February 01, 2005 10:23:01 AM
Brad Nicholes wrote:
I was hoping that this wouldn't be the case. But since it is, take
a
look at SVN r149419
util_ldap.c
util_ldap.c(1615) : error C2065: 's' :
Justin Erenkrantz wrote:
--On Tuesday, February 1, 2005 6:41 AM -0500 Jeff Trawick
[EMAIL PROTECTED] wrote:
Heck, I don't know how we get from here to closure on the 2.1-dev
equivalent ;) What do we do with the proxy-reqbody branch? Merge to
trunk?
Is it ready to be reviewed?
The LDAP_OPT_SEND_TIMEOUT option appears to be a Microsoft LDAP SDK
only option. As I see it we can go in a couple of different ways here.
1) Implement the connection pool as an apr_reslist and let it handle
the connection timeouts as Graham suggested.
2) Add another #ifdef to the existing
--On Wednesday, February 2, 2005 12:25 AM +1100 dean
[EMAIL PROTECTED] wrote:
My first thought was that Firefox has an issue. Then I installed 2.0.53
as a cache-proxy BUT I couldn't reproduce the above, Google logo loads
everytime.
Another simple page I tried is news.com.au/wireless.
Steps 1 -3
Hi,
The last couple of weeks I've had to dive into mod_proxy. I'd
like to know what all the #ifdef FIX_15207 lines are all about
in mod_proxy.c. Keeping the #define breaks the crap out of
interaction with mod_rewrite for instance.
Furthermore the documentation of mod_proxy* explains a lot
of
--On Tuesday, February 1, 2005 10:33 AM -0700 Brad Nicholes
[EMAIL PROTECTED] wrote:
The LDAP_OPT_SEND_TIMEOUT option appears to be a Microsoft LDAP SDK
only option. As I see it we can go in a couple of different ways here.
OpenLDAP has LDAP_OPT_TIMELIMIT, LDAP_OPT_TIMEOUT, and
Sander Striker wrote:
Hi,
The last couple of weeks I've had to dive into mod_proxy. I'd
like to know what all the #ifdef FIX_15207 lines are all about
in mod_proxy.c. Keeping the #define breaks the crap out of
interaction with mod_rewrite for instance.
I agree with you. Take a look at:
The Novell SDK has the same options but they all perform different
functions
LDAP_OPT_TIMELIMIT - Searching timeout
LDAP_OPT_TIMEOUT - default timeout value
LDAP_OPT_NETWORK_TIMEOUT - Socket level timeout
Brad
[EMAIL PROTECTED] Tuesday, February 01, 2005 10:41:04 AM
--On Tuesday, February
It's been on my table to attack the FIX_15207 fooishness,
but neither keeping the define nor commenting it out
results in expected, correct behavior :(...
On Feb 1, 2005, at 12:39 PM, Sander Striker wrote:
Hi,
The last couple of weeks I've had to dive into mod_proxy. I'd
like to know what all the
From: Jim Jagielski [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 01, 2005 8:03 PM
It's been on my table to attack the FIX_15207 fooishness, but neither
keeping the define nor commenting it out results in expected, correct
behavior :(...
For my specific use case (mod_rewrite,
On Feb 1, 2005, at 2:23 PM, Sander Striker wrote:
From: Jim Jagielski [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 01, 2005 8:03 PM
It's been on my table to attack the FIX_15207 fooishness, but neither
keeping the define nor commenting it out results in expected, correct
behavior :(...
For
On Tue, Feb 01, 2005 at 08:23:38PM +0100, Sander Striker wrote:
From: Jim Jagielski [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 01, 2005 8:03 PM
It's been on my table to attack the FIX_15207 fooishness, but neither
keeping the define nor commenting it out results in expected,
On Tue, Feb 01, 2005 at 09:24:43PM +, Joe Orton wrote:
On Tue, Feb 01, 2005 at 08:23:38PM +0100, Sander Striker wrote:
From: Jim Jagielski [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 01, 2005 8:03 PM
It's been on my table to attack the FIX_15207 fooishness, but neither
After testing mod_authnz_ldap and util_ldap some more, it appears
that the directive LDAPTrustedMode should be pushed up into
mod_authnz_ldap rather than util_ldap and become AuthLDAPTrustedMode.
The reason why is because the connection type (ie. NONE, SSL, STARTTLS)
is tied to the
Just a quick fix to the Request Processing in Apache 2.0 document, which may
cause people, like myself, to search for non-existing function for some time,
before figuring out it's a typo :-)
--
Bojandiff -ruN httpd-2.0.52-vanilla/docs/manual/developer/request.xml
The attached patches convert LDAPTrustedMode into a per-directory
directive rather than a per-server. This allows the configuration to
specify which mode should be applied for the associated AuthLDAPURL.
Thoughts on whether this should be the way to go or if LDAPTrustedMode
should be moved up
Index: ssl_engine_kernel.c
===
--- ssl_engine_kernel.c (revision 123890)
+++ ssl_engine_kernel.c (working copy)
@@ -798,6 +798,20 @@
}
}
+/* If we're trying to have the user name set from a client
+ * certificate
At 07:07 PM 2/1/2005, Brad Nicholes wrote:
Thoughts on whether this should be the way to go or if LDAPTrustedMode
should be moved up into mod_authnz_ldap as AuthLDAPTrustedMode?
Absolutely!!! TrustedMode should always be paired to URL
My only concern ... does this new scope pair up properly if the
user cert has been renegotiated? If so +1
Bill
At 07:17 PM 2/1/2005, you wrote:
Index: ssl_engine_kernel.c
===
--- ssl_engine_kernel.c (revision 123890)
+++
36 matches
Mail list logo