PK79583: MOD_LDAP RETRYS ONLY ONCE, WITHOUT DELAY, WHEN LDAP

APAR status

Closed as program error.

Error description

Failures during various LDAP library calls from within mod_ldap
and mod_ibm_ldap resulted in different responses to the client.
Most resulted in varying numbers of retries. Some resulted in
delays between retries. Bind failures, however, resulted in the
client receiving an immediate HTML 503 or 500 error without
delay or retry.

All operating systems are impacted by this APAR.

Local fix

Problem summary

****************************************************************
* USERS AFFECTED: IBM HTTP Server 6.0 and 6.1 users of         *
* mod_ibm_ldap and users of IBM HTTP Server 7.0 mod_ibm_ldap   *
* and mod_ldap may encounter this issue.                       *
****************************************************************
* PROBLEM DESCRIPTION: LDAP calls from the mod_ibm_ldap and    *
* mod_ldap modules to an LDAP server may encounter failures    *
* that result in varying numbers of retries (including none)   *
* with varying delay (including none) and possibly return an   *
* HTTP_SERVICE_UNAVAILABLE (503) or HTTP_INTERNAL_SERVER_ERROR *
* (500) to the client.                                         *
****************************************************************
* RECOMMENDATION: Apply this fix if an LDAP module is enabled  *
* and the error_log contains messages indicating that the LDAP *
* module was "Unable to contact the LDAP Server". This should  *
* also be applied if clients have received an HTTP_INTERNAL_   *
* SERVER_ERROR (500) or HTTP_SERVICE_UNAVAILABLE (503) return  *
* value to a request requiring LDAP authentication.            *
****************************************************************
No circumvention or workaround.

Problem conclusion

This problem has been addressed by carefully making sure that
all LDAP library calls from mod_ibm_ldap and mod_ldap utilize
the same number of retries with the same pattern of delays and
return a meaningful and accurate response to the client.

This fix is targeted for IHS fixpacks:
 - 6.0.2.37
 - 6.1.0.27
 - 7.0.0.5

Temporary fix

Comments

APAR Information

APAR number
PK79583
Reported component name
IBM HTTP SERVER
Reported component ID
5724J0801
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2009-01-28
Closed date
2009-04-23
Last modified date
2009-04-23

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
IBM HTTP SERVER
Fixed component ID
5724J0801

Applicable component levels

R60A PSN
UP
R60H PSN
UP
R60I PSN
UP
R60P PSN
UP
R60S PSN
UP
R60W PSN
UP
R60Z PSN
UP
R61A PSN
UP
R61H PSN
UP
R61I PSN
UP
R61P PSN
UP
R61S PSN
UP
R61W PSN
UP
R61Z PSN
UP
R700 PSN
UP

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0"}]

Document Information

Modified date:
07 September 2022

Tips

PK79583: MOD_LDAP RETRYS ONLY ONCE, WITHOUT DELAY, WHEN LDAP_BIND FAILS

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R60A PSN

R60H PSN

R60I PSN

R60P PSN

R60S PSN

R60W PSN

R60Z PSN

R61A PSN

R61H PSN

R61I PSN

R61P PSN

R61S PSN

R61W PSN

R61Z PSN

R700 PSN

Document Information

Share your feedback

Need support?