On Mon, Jan 19, 2009 at 2:37 PM, Oliver Marshall <oliver.marshall@xxxxxxxxxxxxx> wrote: > Hi chaps, > We are seeing a problem with the server giving end users an "internal error" > page at random when viewing trac sites or checking out SVN files. If you hit > F5 a few times, for between 1 and 10'ish seconds, the pages start being > served up again. This isn't awful in a browser, but for people using SVN via > a piece of client software, which may not have an F5 alternative, it's bad > as they just get an error. > > > > When this occurs the apache error.log shows very little other than "Can't > contact ldap server". The debug listing from the error.log is below. > > > > **************************** > > 139874420-[Mon Jan 19 18:16:56 2009] [info] Initial (No.1) HTTPS request > received for child 4 (server dev.company.com:443) > > 139874531-[Mon Jan 19 18:16:56 2009] [debug] mod_authnz_ldap.c(373): [client > 10.1.37.13] [21455] auth_ldap authenticate: using URL > ldap://10.1.37.250:389/OU=Users,OU=Company > LLP,DC=company,DC=local?sAMAccountName?sub?(objectClass=*), referer: > https://dev.company.com/trac/technical/report > > 139874804:[Mon Jan 19 18:16:56 2009] [warn] [client 10.1.37.13] [21455] > auth_ldap authenticate: user john.blogs authentication failed; URI > /trac/technical/newticket [LDAP: ldap_simple_bind_s() failed][Can't contact > LDAP server], referer: https://dev.company.com/trac/technical/report > > 139875080-[Mon Jan 19 18:16:56 2009] [debug] ssl_engine_kernel.c(1770): > OpenSSL: Write: SSL negotiation finished successfully > > 139875196-[Mon Jan 19 18:16:56 2009] [info] [client 10.1.37.13] Connection > closed to child 4 with standard shutdown (server dev.company.com:443) > > 139875329-[Mon Jan 19 18:16:56 2009] [info] [client 10.1.37.13] Connection > to child 3 established (server dev.company.com:443) Can you easily reproduce this _and_ easily rebuild your httpd with a patch? The current code retries in rapid succession without any delay. Interesting that based on the context this seemed to happen on a "new" child process. I'd be interestedif you've ever been able to capture this under a packet trace -- does the connection attempt ever hit the wire? Finally, i'd expect openldap bugs would be the ones of interest, unless I'm misunderstanding. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|