httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 18712] New: - mod_auth_ldap can't use TLS security in apache 2.0.45
Date Fri, 04 Apr 2003 15:42:44 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18712>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18712

mod_auth_ldap can't use TLS security in apache 2.0.45

           Summary: mod_auth_ldap can't use TLS security in apache 2.0.45
           Product: Apache httpd-2.0
           Version: 2.0.45
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_auth_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: tpeland@tkukoulu.fi


Using openldap 2.0.27.
With ldap there are three possiblities: no (plain), tls, ssl security

Using apache 2.0.45 only plain and ssl are usable.

If AuthLDAPURL has "ldap://..." uri then plain is used (and my ldap server 
notifies that binding is not allowed because no encryption is used)

If AuthLDAPURL has "ldaps://..." uri there are no problems.

[Fri Apr 04 18:04:56 2003] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Fri Apr 04 16:06:15 2003] [notice] LDAP: SSL support available
[Fri Apr 04 16:06:15 2003] [notice] Apache/2.0.45 (Gentoo/Linux) configured -- 
resuming normal operations
[Fri Apr 04 16:26:08 2003] [warn] [client 194.211.112.6] [13271] auth_ldap 
authenticate: user tero authentication failed; URI /~tpeland/x/ 
[ldap_simple_bind_s() to check user credentials failed][Insufficient access]

"Insufficient access" is due to bind requiring a minimum encryption level.

---/etc/openldap/slapd.conf---
access to attr=userPassword,shadowFlag
        by ssf=128 anonymous auth
        by ssf=128 self write
        by * none

access to *
        by * read

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message