httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sturgis, Grant" <Grant.Stur...@arraybiopharma.com>
Subject RE: [users@httpd] ldaps authentication
Date Fri, 20 Jan 2006 17:17:42 GMT
> From: Ricardo Stella [mailto:stella@rider.edu] 

> What do logs show ?

The error_log shows this:

[Fri Jan 20 10:08:47 2006] [warn] [client 10.10.233.101] [2056]
auth_ldap authenticate: user jgood authentication failed; URI
/servers/smtp0/smtp0.htm [LDAP: ldap_simple_bind_s() failed][Can't
contact LDAP server], referer: http://mrtg/mail_servers.htm


> 
> Also, do you know if you are establishing a connection ?

Yes, it appears that apache is trying to set up an ldaps session, but
failing.  Perhaps something analogous to the 'tls_checkpeer no' in
ldap.conf?

> 
> And, also, any permissions issue with the server reading the 
> certificate ?

The cert file is owned by apache with a mode of 400.  All of the parent
directories are 755.

> 
> Sturgis, Grant wrote:
> > No luck on this thread.  Let me ask a different question:
> >
> > Is anyone using ldaps authentication - or ldap for that matter?  
> >
> > Anyone using ldaps to AD?
> >
> > Thanks,
> >
> > Grant
> > --------------- 
> >
> >   
> >> -----Original Message-----
> >> From: Sturgis, Grant 
> >> Sent: Wednesday, January 18, 2006 2:12 PM
> >> To: users@httpd.apache.org
> >> Subject: [users@httpd] ldaps authentication
> >>
> >> Greetings List,
> >>
> >> I have seen this question posted several times, but have not seen a
> >> resolution.  If it is in the archives, I apologize for not 
> seeing it
> >> there.
> >>
> >> I have ldap authentication working using mod_auth_ldap, 
> but I want to
> >> enable ldaps to avoid transmitting passwords in clear text.  
> >> This is the
> >> configuration so far:
> >>
> >> <Directory "/home/httpd/ldap_test">
> >>    AuthType basic
> >>    AuthName "ldap test"
> >>    AuthLDAPUrl
> >> ldap://dc1.domain.com/dc=domain,dc=com?sAMAccountName?sub?(obj
> >> ectClass=u
> >> ser)
> >>    AuthLDAPBindDN cn=nobody,ou=Users-IT,dc=domain,dc=com
> >>    AuthLDAPBindPassword password
> >>    AuthLDAPGroupAttribute member
> >>    require group cn=ldap_test_group,ou=Users-IT,dc=domain,dc=com
> >> </Directory>
> >>
> >> however, to enable ldaps, I add these lines (outside the 
> >> <Directory>, of
> >> course):
> >>
> >> LDAPTrustedCA /etc/httpd/conf/cacerts/dc1.cer
> >> LDAPTrustedCAType BASE64_FILE
> >>
> >> and then change ldap to ldaps in the AuthLDAPUrl line
> >>
> >> and it stops working.
> >>
> >> I have used this cert successfully in pam_ldap and ldapsearch.  
> >>
> >> Any suggestions for what I could be doing wrong?  
> >>
> >> The details:
> >>
> >> RHEL ES 4
> >> httpd-2.0.52-22.ent
> >>
> >> Thanks for any suggestions,
> >>
> >> Grant
> >> -----------------
> >>
> >>
> >>
> >>
> >> Pardon this rubbish:
> >>
> >>

This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is intended 
to be for the use of the individual or entity named above. If you are not the 
intended recipient, please be aware that any disclosure, copying, distribution 
or use of the contents of this information is prohibited. Please notify the
sender  of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message