httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Finkelstein ...@stevefink.net>
Subject [users@httpd] Apache 2.0.52 - mod_auth_ldap (ldap_simple_bind_s() failed)
Date Thu, 24 May 2007 04:23:00 GMT
Hi all,

I'm running Apache 2.0.52 with mod_auth_ldap on a CentOS 4.5 box. PAM is
properly configured to authenticate against LDAP and I can successfully
query the LDAP server.

Now when I'm trying to authenticate against LDAP with mod_auth_ldap I
receive the following in my error_log:

[Wed May 23 23:47:26 2007] [debug] mod_auth_ldap.c(308): [client
10.8.20.2] [21819] auth_ldap authenticate: using URL
ldaps://bar.foo.com/ou=staff,dc=foo,dc=com?uid
[Wed May 23 23:47:26 2007] [warn] [client 10.8.20.2] [21819] auth_ldap
authenticate: user sf authentication failed; URI /proto/trunk [LDAP:
ldap_simple_bind_s() failed][Can't contact LDAP server]

Here's the relevant excerpt in my configs. First, since my LDAP server
is using SSL, I have the following mod_ldap directives in httpd.conf:

LDAPTrustedCA /etc/httpd/conf/ssl.crt/ca.pem
LDAPTrustedCAType BASE64_FILE

.. and just to verify the ca file:

-r--r--r--  1 nobody root 1354 Apr 16 17:50 /etc/httpd/conf/ssl.crt/ca.pem

my virtualhost.conf has the following excerpt:

<VirtualHost *:80>
   ServerName svn.foo.com
   LogLevel debug
   <Location />
    DAV svn
    SVNParentPath /opt/svn/
    AuthLDAPEnabled on
    AuthType Basic
    AuthName "Authorized Users ONLY!"
    AuthLDAPAuthoritative on
    AuthLDAPURL "ldaps://bar.foo.com/ou=staff,dc=foo,dc=com?uid"
    require valid-user
    Order mutual-failure
    Allow from 10.8.12.14/32
    Satisfy any
   </Location>
CustomLog logs/svn-access_log common
</VirtualHost>

Thank you kindly for any insight anyone might be able to offer me.

- sf

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message