ldap_do_free_request: Assertion `lr->lr_refcnt == 1'

Bug #2009259 reported by AZ
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)

Bug Description

Using apache2 authnz_ldap against Active Directory with require ldap-group (after auth_kerb authentication) crashes apache2 when serving any request with:

[Thu Mar 02 16:43:21.251455 2023] [mpm_prefork:notice] [pid 3809200] AH00163: Apache/2.4.52 (Ubuntu) mod_auth_kerb/5.4 OpenSSL/3.0.2 configured -- resuming normal operations
[Thu Mar 02 16:43:21.251503 2023] [core:notice] [pid 3809200] AH00094: Command line: '/usr/sbin/apache2'
apache2: ../../../../libraries/libldap/request.c:970: ldap_do_free_request: Assertion `lr->lr_refcnt == 1' failed.

This only happens with search base = ad root dsn and seems related to the extra search response items like the following to the user lookup query (traced with tshark), which are only returned when search base = ad root dsn.

Lightweight Directory Access Protocol
    LDAPMessage searchResRef(2)
        messageID: 2
        protocolOp: searchResRef (19)
            searchResRef: 1 item
                LDAPURL: ldap://DomainDnsZones.example.org/DC=DomainDnsZones,DC=example,DC=org
        [Response To: 8]
        [Time: 0.043273000 seconds]

Likely a bug related to openldap, so these are the ldap libs installed:
ii libldap-2.5-0:amd64 2.5.13+dfsg-0ubuntu0.22.04.1 amd64 OpenLDAP libraries
ii libldap-common 2.5.13+dfsg-0ubuntu0.22.04.1 all OpenLDAP common files for libraries

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: apache2 2.4.52-1ubuntu4.3
ProcVersionSignature: Ubuntu 5.19.0-32.33~22.04.1-generic 5.19.17
Uname: Linux 5.19.0-32-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: LXQt
Date: Sat Mar 4 12:57:47 2023
SourcePackage: apache2
UpgradeStatus: Upgraded to jammy on 2022-07-09 (238 days ago)

Revision history for this message
AZ (m-dev) wrote :
description: updated
description: updated
description: updated
description: updated
Revision history for this message
Mitchell Dzurick (mitchdz) wrote :

Hi AZ,

Is this still an issue for you? openldap has been updated since this bug report, so perhaps this has been fixed in the update.

tags: added: server-todo
tags: removed: server-todo
Bryce Harrington (bryce)
Changed in apache2 (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for apache2 (Ubuntu) because there has been no activity for 60 days.]

Changed in apache2 (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.