httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark H. Wood" <mw...@IUPUI.Edu>
Subject [users@httpd] mod_auth_ldap drops ldaps: connections without querying
Date Wed, 13 Apr 2005 21:55:31 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

httpd 2.0.52, OpenLDAP 2.1.30 (both from latest Gentoo Linux ebuilds).

I'm trying to authenticate against Microsoft ADS using LDAPS.  A test
always results in:

[Wed Apr 13 15:53:35 2005] [warn] [client 134.68.180.23] [7353] auth_ldap
authenticate: user mwood authentication failed; URI /~mwood/test/ [LDAP:
ldap_simple_bind_s() failed][Can't contact LDAP server]

Tracing network activity shows me that the server repeatedly opens and
closes connections to port 636 on the directory server without ever even
starting the SSL handshake.  I was able to search the directory manually
using 'ldapsearch -H ldaps://our.server/ -W -D "userDN" -b "searchbase"
filter', so the server is willing to talk LDAPS to the client host.

I've made sure that the LDAPtrustedCA and LDAPtrustedCAtype are set
properly, and debug output from httpd shows that it is finding the file
and never complains about it.

- -- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Open-source executable:  $0.00.  Source:  $0.00  Control:  priceless!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQFCXZVXs/NR4JuTKG8RAsgBAJ933Ly7w8EVaQjVHJCIkMFpaYNywACgiOb1
+tIZanIT0eBXOEsLBBQEtdM=
=0fXD
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message