httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50630] Apache return 500 error with authentication by LDAP secure port (ldaps)
Date Wed, 28 Sep 2011 19:08:20 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50630

Andrew Daviel <advax@triumf.ca> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #8 from Andrew Daviel <advax@triumf.ca> 2011-09-28 19:08:20 UTC ---
I have seen this on httpd.2.15-9 on SL 6.1 (RHEL 6.1 recompile)
with openssl-1.0.0 and openldap-2.4.23

Openldap now checks the certificate chain against a certificate bundle. On
RHEL6 this is located in /etc/pki/tls/certs/ca-bundle.crt
Openldap reads a configuration file /etc/openldap/ldap.conf and uses the value
of TLS_CACERT to locate this bundle.
If it does not locate the bundle, or the LDAP server certificate chains to a
root certificate that is not included in the bundle, openldap returns an error.

(ldapsearch on the command line returns 
 ldap_start_tls: Connect error (-11)
    additional info: TLS error -8172:Unknown code ___f 20
With the "-d 1" option, it says that the server certificate is not valid.)

>From the point of view of mod_authnz_ldap, I infer that the module is not
properly handling an error return from the LDAP library. It should generate an
error message in the webserver log to give the server admin a clue to the real
problem.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message