httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Fischer <mike.fisc...@ipsi.fraunhofer.de>
Subject Re: [users@httpd] mod_ldap, mod_auth_ldap, SSL and Active Directory
Date Mon, 02 May 2005 14:21:59 GMT
I solved the problem with mod_auth_ldap not working.

I had set up everything in a SuSE Vserver, and all I got was:
[Wed Feb 02 15:02:43 2005] [warn] [client eee.fff.ggg.hhh] [13851] 
auth_ldap authenticate: user thisuser authentication failed; URI 
/private [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

I had it set up on a 2.0.46 Apache that came with the old SuSE version
I used and also tried a spanking new 2.0.52, built from scratch.

One of our students got it running.
Here is what he tweaked to get it working:

  - you need to set LDAPTrustedCA and LDAPTrustedCAType
    - former needs to point to a BSE64 encoded certificate of the server
      to be contacted
    - latter needs to be 'BASE64_FILE'
    - you can see that this is correctly set up by the startup message
      in error_log stating
[Wed Apr 27 11:46:18 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Wed Apr 27 11:46:18 2005] [notice] LDAP: SSL support available

if this still doesn't let you authenticate, try editing
  - /etc/openldap/ldap.conf
    - TLS_REQCERT never

This is what made my day after months of argling about not being able
to get clear debugging: Neither strace nor turning up Apache's loglevel
wielded any reasonable output.

I hope this can help someone out there not get as frustrated about this
as me.

Kind regards,
Mike Fischer
-- 
Fraunhofer Gesellschaft e.V.
IPSI.ITI

Dolivostr. 15
64293 Darmstadt
Telefon: 06151 / 869 - 845


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message