Module makes nginx 1.23.* crash if enabled

Question

Module makes nginx 1.23.* crash if enabled

Opened this issue 2 years ago · 4 comments

nginx 1.23 has apparently seen massive API changes, and while nginx-auth-ldap still builds, it does make nginx 1.23.* exit with signal 10 and signal 11 if enabled. Disabling the module makes nginx great again.

Any plans on addressing it?

Answer 1 · 2022-11-28T10:11:40.000Z

For anyone finding this: @freultwah was nice enough to provide pull request #250 which works in my environment but hasn't been merged yet...
Thanks, @freultwah :-)

Answer 2 · 2024-04-25T09:29:06.000Z

i have to admit that i'm puzzled, since im running this module on 1.24 and 1.26 without issues using this config:

ldap_server ldap1_main {
        url ldap://db2/ou=users,dc=foo,dc=bar?uid?sub?(objectClass=*);
        group_attribute member;
        group_attribute_is_dn on;
        satisfy all;
        require group "cn=SOME_GROUP,ou=roles,dc=foo,dc=bar";
        require valid_user;
}
ldap_server ldap1_extern_other {
        url ldap://db2/ou=other,ou=wxs,dc=foo,dc=bar?uid?sub?(objectClass=*);
        require valid_user;
}

i've never seen crashes and many users are authenticating against the service... looking at the fix in #250 and #253 and 221529c, it seems to be because i don't ask for any ldap attributes ?

Answer 3 · 2024-04-25T10:54:41.000Z

Perhaps you're running an already patched version. My config is even slightly simpler than yours, no (objectClass=*) and also no attributes requested.

Answer 4 · 2024-04-25T11:20:32.000Z

well that's what surprises me because i run the master branch of that repo without patches, built as a debian package and dlopen'ed module at runtime by nginx upstream debian packages...