httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "TARDUCCI, NICOLAS (AG-Contractor/5000)" <nicolas.tardu...@monsanto.com>
Subject RE: DO NOT REPLY [Bug 50823] Provide alternate failure modes for http on https
Date Mon, 16 Apr 2012 16:53:52 GMT
Hi,

All of you, this should work, right? But it is not working for me. The AuthLDAPUrl is correct?


<AuthnProviderAlias ldap north_america>
            AuthLDAPUrl "ldap://na.ds.monsanto.com:389/DC=ds,DC=monsanto,DC=com?sAMAccountName?sub?(memberOf=CN=NA-1000-TPS-DEVELOPERS-G,OU=Groups,OU=1000,OU=Locations,DC=na,DC=ds,DC=monsanto,DC=com)"

  AuthLDAPBindDN "CN=NA1000APP-EC,OU=Non-User Accounts,OU=1000,OU=Locations,DC=na,DC=ds,DC=monsanto,DC=com"
  AuthLDAPBindPassword xxxxxx
</AuthnProviderAlias>


2.	AuthnProviderAlias definition for south_america:

<AuthnProviderAlias ldap south_america>
            AuthLDAPUrl "ldap://la.ds.monsanto.com:389/DC=ds,DC=monsanto,DC=com?sAMAccountName?sub?(memberOf=CN=LA-0000-USCCIADM-G,OU=Regional
Groups,DC=la,DC=ds,DC=monsanto,DC=com)"
  AuthLDAPBindDN "CN=NA1000APP-EC,OU=Non-User Accounts,OU=1000,OU=Locations,DC=na,DC=ds,DC=monsanto,DC=com"
  AuthLDAPBindPassword xxxxxx
</AuthnProviderAlias>

3.	Enterprise repository:

<Location /enterprise>
  AuthType Basic
  AuthName "Enterprise Repository"
  AuthBasicProvider north_america south_america
  #AuthLDAPUrl "ldap://na.ds.monsanto.com:3268/DC=ds,DC=monsanto,DC=com?sAMAccountName?sub"
  #AuthLDAPBindDN "CN=NA1000APP-EC,OU=Non-User Accounts,OU=1000,OU=Locations,DC=na,DC=ds,DC=monsanto,DC=com"
  #AuthLDAPBindPassword xxxxxx
  AuthzLDAPAuthoritative OFF
  Require valid-user
  #Require ldap-group CN=NA-1000-INTERNAL_VCS_ACCESS_TEST-U,OU=Groups,OU=1000,OU=Locations,DC=na,DC=ds,DC=monsanto,DC=com
  DAV svn
  SVNPath /svndata/repos/enterprise
</Location>



Lic. Nicolás Alejandro Tarducci
Monsanto Argentina Development Team
EAS - Java Services Team
Phone: +54 11 4316-2723
Maipú 1210 10th Floor.

-----Original Message-----
From: bugzilla@apache.org [mailto:bugzilla@apache.org] 
Sent: Monday, April 16, 2012 1:51 PM
To: bugs@httpd.apache.org
Subject: DO NOT REPLY [Bug 50823] Provide alternate failure modes for http on https

https://issues.apache.org/bugzilla/show_bug.cgi?id=50823

--- Comment #5 from otheus <otheus+opensource@gmail.com> 2012-04-16 16:51:19 UTC ---
Configuration stripped down -- only so, prefork, core, http_core, vhost and
log_config are enabled.

The access logs show only a request via HTTP/0.9...
 GET   HTTP/0.9 VIRTUAL-HOST       /  10.2.11.81   443   400    10.2.10.17 -

Error logs show:

[Mon Apr 16 18:44:47 2012] [info] [client 10.2.10.17] Connection to child 2
established (server HOST:443)
[Mon Apr 16 18:44:47 2012] [info] Seeding PRNG with 144 bytes of entropy
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_kernel.c(1761): OpenSSL:
Handshake: start
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_kernel.c(1769): OpenSSL: Loop:
before/accept initialization
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_io.c(1795): OpenSSL: read 11/11
bytes from BIO#2b5e9dd6c6f0 [mem: 2b5e9dd73dc0] (BIO dump follows)
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_io.c(1742):
+-------------------------------------------------------------------------+
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_io.c(1767): | 0000: 47 45 54 20
2f 20 48 54-54 50 2f                 GET / HTTP/      |
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_io.c(1773):
+-------------------------------------------------------------------------+
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_kernel.c(1798): OpenSSL: Exit:
error in SSLv2/v3 read client hello A
[Mon Apr 16 18:44:47 2012] [info] [client 10.2.10.17] SSL handshake failed:
HTTP spoken on HTTPS port; trying to send HTML error page
[Mon Apr 16 18:44:47 2012] [info] SSL Library Error: 336027804
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP
to HTTPS port!?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

This e-mail message may contain privileged and/or confidential information, and is intended
to be received only by persons entitled
to receive such information. If you have received this e-mail in error, please notify the
sender immediately. Please delete it and
all attachments from any servers, hard drives or any other media. Other use of this e-mail
by you is strictly prohibited.

All e-mails and attachments sent and received are subject to monitoring, reading and archival
by Monsanto, including its
subsidiaries. The recipient of this e-mail is solely responsible for checking for the presence
of "Viruses" or other "Malware".
Monsanto, along with its subsidiaries, accepts no liability for any damage caused by any such
code transmitted by or accompanying
this e-mail or any attachment.


The information contained in this email may be subject to the export control laws and regulations
of the United States, potentially
including but not limited to the Export Administration Regulations (EAR) and sanctions regulations
issued by the U.S. Department of
Treasury, Office of Foreign Asset Controls (OFAC).  As a recipient of this information you
are obligated to comply with all
applicable U.S. export laws and regulations.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

Mime
View raw message