Attempting to configure mod_authn_dbd with mysql database using the following as guidelines: http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html http://httpd.apache.org/docs/2.2/mod/mod_dbd.html With installed packages: net-www/apache-2.2.4-r7 USE="ldap ssl -debug -doc -mpm-event -mpm-itk -mpm-peruser -mpm-prefork -mpm-worker -no-suexec (-selinux) dev-libs/apr-util-1.2.8-r1 USE="berkdb gdbm ldap mysql -postgres -sqlite -sqlite3" dev-db/mysql-5.0.42 USE="berkdb debug perl ssl -big-tables -cluster -embedded -extraengine -latin1 -max-idx-128 -minimal (-selinux) -static" Results in: ==> /var/log/apache2/vhost-<redacted>-error <== [Mon Jun 18 00:51:34 2007] [error] [client <redacted>] Error looking up <username redacted> in database ==> /var/log/apache2/vhost-<redacted>-access <== 192.168.100.105 - <username redacted> [18/Jun/2007:00:51:34 -0600] "GET /index.php/Main_Page HTTP/1.1" 500 611 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070601 Firefox/2.0.0.4" Full mysql logging is on, and no entries appear whatsoever from this activity (no connects, queries, errors, etc). Mysql activity from other applications is logging successfully and verbosely. Relevant apache configuration: ... DBDriver mysql DBDParams "dbname=<redacted> user=<redacted> password=<redacted>" DBDMin 1 DBDKeep 2 DBDMax 10 DBDExptime 60 ... <Directory "/var/www/localhost/htdocs/vhost-<redacted>"> ... AuthType Basic AuthName "Authorized Personnel Only" AuthBasicProvider dbd Require valid-user AuthDBDUserPWQuery "select user_password from user where user_name = %s" ... </Directory> More info happily available on request. Please advise.
This seems to be a bug in the config merging for virtual hosts, which i was able to workaround with adding "DBDPersist Off". Also make sure to store encoded password in the database or use the correct sql query to encode it on the fly...
Adding "DBDPersist Off" does not work around this for me. Passwords are indeed encoded in the database, but it seems we're not even getting that far. I now get: (20014)Internal error: DBD: Can't connect to mysql Other config remains as originally reported. Please let me know if more detail of any kind would help diagnose.
please try to specify host or socket in DBDParams...
Thanks for the tip, tried both, same result. [Sat Aug 04 19:53:13 2007] [crit] (20014)Internal error: DBD: Can't connect to mysql By the way, I'm following the ~x86 keyword on both of these packages, and after a few emerge cycles since this was originally reported I am now at: www-servers/apache-2.2.4-r11 dev-libs/apr-util-1.2.8-r1 For completeness, my repeatable case for this bug is currently the following (the commented DBDParams entries indicate what I've tried to no avail): <virtualhost 192.168.100.105:443> ServerName mysite.example.com ServerAlias www.mysite.example.com SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl/mysite.crt SSLCertificateKeyFile /etc/apache2/ssl/mysite.key DocumentRoot /var/www/localhost/htdocs/mysite ErrorLog /var/log/apache2/mysite-error CustomLog /var/log/apache2/mysite-access combined DBDriver mysql # DBDParams "host=localhost port=3306 dbname=mysite user=mysiteuser password=mysitepassword sock=/var/run/mysqld/mysqld.sock" # DBDParams "dbname=mysite user=mysiteuser password=mysitepassword" # DBDParams "host=localhost dbname=mysite user=mysiteuser password=mysitepassword" # DBDParams "host=127.0.0.1 dbname=mysite user=mysiteuser password=mysitepassword sock=/var/run/mysqld/mysqld.sock" # DBDParams "host=192.168.100.104 dbname=mysite user=mysiteuser password=mysitepassword sock=/var/run/mysqld/mysqld.sock" # DBDParams "host=localhost port=3306 dbname=mysite user=mysiteuser password=mysitepassword" DBDParams "sock=/var/run/mysqld/mysqld.sock dbname=mysite user=mysiteuser password=mysitepassword" DBDMin 1 DBDKeep 2 DBDMax 10 DBDExptime 60 DBDPersist Off <Directory "/var/www/localhost/htdocs/mysite"> DirectoryIndex index.html index.php Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all AuthType Basic AuthName "Authorized Personnel Only" AuthBasicProvider dbd Require valid-user AuthDBDUserPWQuery "select user_password from user where user_name = %s" </Directory> </VirtualHost>
i have backported mod_dbd from trunk to apache-2.2.4-r12, can you give it a try? should hit the mirrors in an hour... just for reference, here is my config: DBDriver mysql DBDParams "host=localhost dbname=test user=test pass=test" DBDPersist Off DBDMin 1 DBDKeep 2 DBDMax 10 DBDExptime 60 <Directory "/var/www/localhost/htdocs"> AuthType Basic AuthName "Authorized Personnel Only" AuthBasicProvider dbd Require valid-user AuthDBDUserPWQuery "select user_password from user where user_name = %s" </Directory>
Thanks, emerging now... your config looks almost identical to mine, so I will remain optimistic and update here shortly!
Nope. [Sun Aug 19 14:11:04 2007] [error] (20014)Internal error: DBD: Can't connect to mysql A slightly different message (crit replaced with error), but still no goodness. And my config was identical to yours for this test, with the exception of my dbname and credential particulars. I wish the error log message would report *why* it can't connect to mysql (e.g. socket, configs, perms, whatever). I'm wondering what could be different in my failure path than your success path.
well, no idea sorry, it works like a charm here :/
In mysql, you have to use pass=xx, not password=xxx HTH
Wish it did help, but that's what I do have. My config is exactly as in comment 5 of this bug, with only the local credentials different. I'm still trying to identify what exactly the failure is, since the "(20014)Internal error: DBD: Can't connect to mysql" is so non-specific about why it can't connect.
the mysql driver has been merged into apr-util 1.2.12, can you please test this one again?
Thanks for the bump. I expect to be able to test sometime today and report any findings.
closing this now .. reopen if still a problem
Just an update on my testing. I am no longer receiving the error that I was receiving, but I am not yet successfully authenticating. My research so far shows that I'm probably querying wrong -- my passwords are stored as a simple MD5 hash, and from what I have read so far, AuthDBDUserPWQuery seems to be comparing against something generated a bit differently. If anyone following this bug has a tip, I'd be grateful. Regardless, I'll continue testing and update this bug with my final results.
Fix confirmed, tests good here. FWIW, neither "select md5(password)" nor "select sha1(password)" nor even "select password" worked, despite the indications of mod_authn_dbd's upstream documentation. But "select encrypt(password)" did. The rest of my configuration remains as I documented above, so once this bug was fixed that's all I really needed to change in order to test and confirm. That took way too much time chasing than should have been necessary, but all is now well and I can confirm this issue as resolved for me. Thanks again.
