[Fedora-directory-users] Directory Server gateway over SSL
Jason Russler
jrussler at helix.nih.gov
Mon Apr 24 20:32:00 UTC 2006
Crud - I was looking at the wrong logs.... At any rate here's what I see
in the admin server's error logs:
[Mon Apr 24 15:28:34 2006] [notice] child pid 17051 exit signal
Segmentation fault (11)
[Mon Apr 24 15:28:36 2006] [notice] [client x.x.x.x]
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x
[Mon Apr 24 15:28:37 2006] [notice] child pid 17151 exit signal
Segmentation fault (11)
[Mon Apr 24 15:28:38 2006] [notice] [client x.x.x.x]
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x
[Mon Apr 24 15:28:39 2006] [notice] child pid 17226 exit signal
Segmentation fault (11)
[Mon Apr 24 15:28:40 2006] [notice] [client x.x.x.x]
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x
[Mon Apr 24 15:28:41 2006] [notice] child pid 17298 exit signal
Segmentation fault (11)
[Mon Apr 24 15:28:42 2006] [notice] [client x.x.x.x]
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x
[Mon Apr 24 15:28:43 2006] [notice] child pid 17374 exit signal
Segmentation fault (11)
...
Where x.x.x.x is the ip of the client system (accessing the admin server
via a web browser). "% host x.x.x.x" executed on the server system
returns the correct host name for the remote client. Now, if I turn off
SSL for the admin server I get similar entries:
...
[Mon Apr 24 16:01:27 2006] [notice] [client x.x.x.x]
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x,
referer:
http://this.here.host:49657/clients/dsgw/bin/csearch?context=dsgw&file=base
[Mon Apr 24 16:01:27 2006] [notice] [client x.x.x.x]
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x,
referer:
http://this.here.host:49657/clients/dsgw/bin/csearch?context=dsgw&file=attr
[Mon Apr 24 16:01:27 2006] [notice] [client x.x.x.x]
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x,
referer:
http://this.here.host:49657/clients/dsgw/bin/csearch?context=dsgw&file=match
[Mon Apr 24 16:01:27 2006] [notice] [client x.x.x.x]
admserv_host_ip_check: ap_get_remote_host could not resolve x.x.x.x,
referer:
http://this.here.host:49657/clients/dsgw/bin/csearch?context=dsgw&file=string
...
This is now without the segfault following every entry. Everything
works fine, just over a unencrypted connection.
The system in question here is on 3 networks and is on one of our
higher-end administrative systems (and the backup system when I get this
one working). The /etc/hosts file entry for the system's "real"
external IP address is not correct - the actual DNS name is associated
with a private internal interface - for a pile of reasons that I won't
go into. However DNS ("% host [system's full name]") resolves the
system's real external IP address just fine. My wild guess is that the
discrepancy between the hosts file and DNS is causing trouble when using
SSL? But it is filling the error logs with or without SSL enabled. I
have a stand-alone test system with one interface (running FC5) that
works just fine over SSL - sucks for me that I have to get it working on
the more complicated system.
-Jason
Rob Crittenden wrote:
> Jason Russler wrote:
>> Hi all,
>> After sorting out my SSL problems for the admin server I've run into
>> an odd issue. The Directory server gateway runs very slowly and
>> misses page items (images, form fields, etc): the "Authentication"
>> tab, for instance, shows only the top menu bar and nothing else - the
>> forms are left out. "Advanced Search" shows only the drop-down for
>> "is, is not etc...". If I turn SSL off for the admin server and
>> restart it, things go back to working great. Turn it on, and it
>> slows and breaks again. Not sure what could cause this. The system
>> is REH 3 with FDS 1.0.2. Anyone else see this behavior?
>> -Jason
>
> Can you look in /opt/fedora-ds/admin-serv/logs/errors? The problem is
> likely being logged there.
>
> rob
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the Fedora-directory-users
mailing list