Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 92861 invoked from network); 20 Jan 2006 17:18:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 20 Jan 2006 17:18:22 -0000 Received: (qmail 15005 invoked by uid 500); 20 Jan 2006 17:18:09 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 14993 invoked by uid 500); 20 Jan 2006 17:18:09 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 14978 invoked by uid 99); 20 Jan 2006 17:18:09 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jan 2006 09:18:09 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [65.114.206.101] (HELO smtp1.arraybiopharma.com) (65.114.206.101) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jan 2006 09:18:07 -0800 Received: from ims01bldr.arraybp.com (mail.arraybiopharma.com [10.10.10.37]) by smtp1.arraybiopharma.com (8.12.11/8.12.11) with ESMTP id k0KHHgBG013166 for ; Fri, 20 Jan 2006 10:17:45 -0700 Importance: normal Priority: normal Received: from mail01bldr.arraybp.com ([10.10.10.214]) by ims01bldr.arraybp.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 20 Jan 2006 10:17:42 -0700 Date: Fri, 20 Jan 2006 10:17:42 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message-ID: <7209E76DACFED9469D4F5169F9880C7A1F65@mail01bldr.arraybp.com> Content-Class: urn:content-classes:message X-MS-Has-Attach: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-MS-TNEF-Correlator: Thread-Topic: [users@httpd] ldaps authentication thread-index: AcYd4m6LNW5Qu3x0RTKXVMg9RF53TwAAq7mA From: "Sturgis, Grant" To: X-OriginalArrivalTime: 20 Jan 2006 17:17:42.0887 (UTC) FILETIME=[6C551770:01C61DE5] X-Virus-Checked: Checked by ClamAV on apache.org Subject: RE: [users@httpd] ldaps authentication X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N > From: Ricardo Stella [mailto:stella@rider.edu]=20 > What do logs show ? The error_log shows this: [Fri Jan 20 10:08:47 2006] [warn] [client 10.10.233.101] [2056] auth_ldap authenticate: user jgood authentication failed; URI /servers/smtp0/smtp0.htm [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server], referer: http://mrtg/mail_servers.htm >=20 > Also, do you know if you are establishing a connection ? Yes, it appears that apache is trying to set up an ldaps session, but failing. Perhaps something analogous to the 'tls_checkpeer no' in ldap.conf? >=20 > And, also, any permissions issue with the server reading the=20 > certificate ? The cert file is owned by apache with a mode of 400. All of the parent directories are 755. >=20 > Sturgis, Grant wrote: > > No luck on this thread. Let me ask a different question: > > > > Is anyone using ldaps authentication - or ldap for that matter? =20 > > > > Anyone using ldaps to AD? > > > > Thanks, > > > > Grant > > ---------------=20 > > > > =20 > >> -----Original Message----- > >> From: Sturgis, Grant=20 > >> Sent: Wednesday, January 18, 2006 2:12 PM > >> To: users@httpd.apache.org > >> Subject: [users@httpd] ldaps authentication > >> > >> Greetings List, > >> > >> I have seen this question posted several times, but have not seen a > >> resolution. If it is in the archives, I apologize for not=20 > seeing it > >> there. > >> > >> I have ldap authentication working using mod_auth_ldap,=20 > but I want to > >> enable ldaps to avoid transmitting passwords in clear text. =20 > >> This is the > >> configuration so far: > >> > >> > >> AuthType basic > >> AuthName "ldap test" > >> AuthLDAPUrl > >> ldap://dc1.domain.com/dc=3Ddomain,dc=3Dcom?sAMAccountName?sub?(obj > >> ectClass=3Du > >> ser) > >> AuthLDAPBindDN cn=3Dnobody,ou=3DUsers-IT,dc=3Ddomain,dc=3Dcom > >> AuthLDAPBindPassword password > >> AuthLDAPGroupAttribute member > >> require group = cn=3Dldap_test_group,ou=3DUsers-IT,dc=3Ddomain,dc=3Dcom > >> > >> > >> however, to enable ldaps, I add these lines (outside the=20 > >> , of > >> course): > >> > >> LDAPTrustedCA /etc/httpd/conf/cacerts/dc1.cer > >> LDAPTrustedCAType BASE64_FILE > >> > >> and then change ldap to ldaps in the AuthLDAPUrl line > >> > >> and it stops working. > >> > >> I have used this cert successfully in pam_ldap and ldapsearch. =20 > >> > >> Any suggestions for what I could be doing wrong? =20 > >> > >> The details: > >> > >> RHEL ES 4 > >> httpd-2.0.52-22.ent > >> > >> Thanks for any suggestions, > >> > >> Grant > >> ----------------- > >> > >> > >> > >> > >> Pardon this rubbish: > >> > >> This electronic message transmission is a PRIVATE communication which = contains information which may be confidential or privileged. The information is = intended=20 to be for the use of the individual or entity named above. If you are = not the=20 intended recipient, please be aware that any disclosure, copying, = distribution=20 or use of the contents of this information is prohibited. Please notify = the sender of the delivery error by replying to this message, or notify us = by telephone (877-633-2436, ext. 0), and then delete it from your system. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org