httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 41042] New: - LDAP auth fails: Could not set LDAP_OPT_X_TLS to LDAP_OPT_X_TLS_HARD
Date Mon, 27 Nov 2006 00:58:14 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41042>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41042

           Summary: LDAP auth fails: Could not set LDAP_OPT_X_TLS to
                    LDAP_OPT_X_TLS_HARD
           Product: Apache httpd-2
           Version: 2.2.3
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authn_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: e61559@ems.rmit.edu.au


LDAP authentication fails when using SSL with the following error:

[debug] mod_authnz_ldap.c(373): [client 131.170.25.205] [14315] auth_ldap
authenticate: using URL ldap://my.ldap.server/o=myorg?cn?sub
[warn] [client 131.170.25.205] [14315] auth_ldap authenticate: user username
authentication failed; URI /ldap-status [LDAP: ldap_set_option failed. Could not
set LDAP_OPT_X_TLS to LDAP_OPT_X_TLS_HARD][Unknown error]

I'm using Apache-2.2.3 with OpenLDAP 2.3.30 built with Sun C 5.8 Patch 121015-02
2006/03/29.

I can fire off the equivalent query using ldapsearch and it works fine, so I
suspect mod_ldap is involved somehow.

The config I'm using for this is:
<IfModule ldap_module>
   LDAPTrustedGlobalCert CA_BASE64 /www/my-cert.pem
   <Location /ldap-status>
      SetHandler ldap-status
      AuthType basic
      AuthName "NDS Username and Password"
      AuthBasicProvider ldap
      AuthUserFile /dev/null
      AuthLDAPURL ldap://my.lpap.server/o=myorg?cn?sub SSL
      AuthzLDAPAuthoritative off
      require valid-user
   </Location>
</IfModule>

Using an 'ldaps://' URL makes no difference.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message