This only happens with search base = ad root dsn and seems related to the following extra search response items to the user lookup query (traced with tshark), which are only returned when search base = ad root dsn.
Likely a bug related to openldap, so these are the ldap libs installed:
ii libldap-2.5-0:amd64 2.5.13+dfsg-0ubuntu0.22.04.1 amd64 OpenLDAP libraries
ii libldap-common 2.5.13+dfsg-0ubuntu0.22.04.1 all OpenLDAP common files for libraries
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: apache2 2.4.52-1ubuntu4.3
ProcVersionSignature: Ubuntu 5.19.0-32.33~22.04.1-generic 5.19.17
Uname: Linux 5.19.0-32-generic x86_64
Apache2ConfdDirListing: False
Apache2Modules:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
httpd (pid 4107) already running
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: LXQt
Date: Sat Mar 4 12:57:47 2023
SourcePackage: apache2
UpgradeStatus: Upgraded to jammy on 2022-07-09 (238 days ago)
error.log: Error: [Errno 13] Keine Berechtigung: '/var/log/apache2/error.log'
Using apache2 authnz_ldap against Active Directory with ldap-group crashes apache2 when serving any request with:
[Thu Mar 02 16:43:21.251455 2023] [mpm_prefork: notice] [pid 3809200] AH00163: Apache/2.4.52 (Ubuntu) mod_auth_kerb/5.4 OpenSSL/3.0.2 configured -- resuming normal operations ./../libraries/ libldap/ request. c:970: ldap_do_ free_request: Assertion `lr->lr_refcnt == 1' failed.
[Thu Mar 02 16:43:21.251503 2023] [core:notice] [pid 3809200] AH00094: Command line: '/usr/sbin/apache2'
apache2: ../../.
This only happens with search base = ad root dsn and seems related to the following extra search response items to the user lookup query (traced with tshark), which are only returned when search base = ad root dsn.
Lightweight Directory Access Protocol
searchResR ef: 1 item
LDAPURL: ldap:// DomainDnsZones. example. org/DC= DomainDnsZones, DC=example, DC=org
LDAPMessage searchResRef(2)
messageID: 2
protocolOp: searchResRef (19)
[Response To: 8]
[Time: 0.043273000 seconds]
Likely a bug related to openldap, so these are the ldap libs installed: dfsg-0ubuntu0. 22.04.1 amd64 OpenLDAP libraries dfsg-0ubuntu0. 22.04.1 all OpenLDAP common files for libraries
ii libldap-2.5-0:amd64 2.5.13+
ii libldap-common 2.5.13+
ProblemType: Bug ature: Ubuntu 5.19.0- 32.33~22. 04.1-generic 5.19.17 Listing: False esult: unknown apache2/ error.log'
DistroRelease: Ubuntu 22.04
Package: apache2 2.4.52-1ubuntu4.3
ProcVersionSign
Uname: Linux 5.19.0-32-generic x86_64
Apache2ConfdDir
Apache2Modules:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
httpd (pid 4107) already running
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: LXQt
Date: Sat Mar 4 12:57:47 2023
SourcePackage: apache2
UpgradeStatus: Upgraded to jammy on 2022-07-09 (238 days ago)
error.log: Error: [Errno 13] Keine Berechtigung: '/var/log/