httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 42001] LINUX : Could not set LDAP_OPT_X_TLS to LDAP_OPT_X_TLS_HARD][Can't contact LDA
Date Thu, 04 Feb 2010 09:44:09 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=42001

Daniel A. <dak@csis.dk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #3 from Daniel A. <dak@csis.dk> 2010-02-04 01:44:07 UTC ---
(In reply to comment #2)
> can you confirm which SSL toolkit your ldap binaries are linked with via e.g
> ldd?

As the original submitter also said, everything here works perfectly as long as
i remove the "s" from "ldaps://". 
There is no timeout, the failures are immediate.
SSL HTTP connections initiated TO the web server are fine too. 

I'm gonna try and see if it'll work with a newer openssl from ports, but here's
what I've been using so far:

openldap-client-2.4.21 Open s
It's linked to the local libs, 
/usr/local/libexec/apache22/mod_ldap.so:
    libldap-2.4.so.7 => /usr/local/lib/libldap-2.4.so.7 (0x800b0c000)
    libssl.so.5 => /usr/lib/libssl.so.5 (0x800c4a000)
    libcrypto.so.5 => /lib/libcrypto.so.5 (0x800d94000)
    liblber-2.4.so.7 => /usr/local/lib/liblber-2.4.so.7 (0x801026000)
    libc.so.7 => /lib/libc.so.7 (0x800633000)

7.0-RELEASE-p3 FreeBSD...
# httpd -v 
Server version: Apache/2.2.14 (FreeBSD)
Server built:   Feb  1 2010 15:06:58
# pkg_info|grep ldap
openldap-client-2.4.21 Open source LDAP client implementation
# openssl version
OpenSSL 0.9.8e 23 Feb 2007


relevant snips from httpd.conf:
#Load LDAP certificate
LDAPTrustedGlobalCert CA_BASE64 /usr/local/etc/apache22/ldap_cert/<AD
Hostname>.CA.pem

AuthName "Nagios Access"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on

AuthLDAPURL "ldap://<hostname>:3268
<hostname>:3268/?sAMAccountName?sub?(objectClass=*)"
#AuthLDAPURL "ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*)"
#AuthLDAPURL "ldaps://<hostname>:3269/?sAMAccountName?sub?(objectClass=*)"

AuthLDAPBindDN "CN=<cn>,OU=<ou>,OU=<ou>,OU=<ou>,DC=<dc>,DC=<dc>"
AuthLDAPBindPassword <pass>
Require valid-user

[Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client
192.168.64.101] [64980] auth_ldap authenticate: using URL
ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer:
https://nix01/side.html
[Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client
192.168.64.101] [64980] auth_ldap authenticate: using URL
ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer:
https://nix01/side.html
[Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client
192.168.64.101] [64980] auth_ldap authenticate: using URL
ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer:
https://nix01/side.html
[Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client
192.168.64.101] [64980] auth_ldap authenticate: using URL
ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer:
https://nix01/side.html
[Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client
192.168.64.101] [64980] auth_ldap authenticate: using URL
ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer:
https://nix01/side.html
[Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client
192.168.64.101] [64980] auth_ldap authenticate: using URL
ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer:
https://nix01/side.html
[Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client
192.168.64.101] [64980] auth_ldap authenticate: using URL
ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer:
https://nix01/side.html
[Thu Feb 04 10:31:05 2010] [warn] [client 192.168.89.101] [64980] auth_ldap
authenticate: user dak authentication failed; URI /nagios/cgi-bin/status.cgi
[LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server], referer:
https://nix01/side.html

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message