httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Finkelstein ...@stevefink.net>
Subject Re: [users@httpd] Apache 2.0.52 - mod_auth_ldap (ldap_simple_bind_s() failed)
Date Thu, 24 May 2007 04:45:23 GMT
Please disregard this. yum update decided to pull one of these on me:

drwx------  2 root root 4096 May 19 16:27 ssl.crt

after enough greping through strace logs on apache children procs, I was
able to determine that a stupid permissions issue was the root of my
problems.

Cheers,

- sf

Steve Finkelstein wrote:
> Hi all,
> 
> I'm running Apache 2.0.52 with mod_auth_ldap on a CentOS 4.5 box. PAM is
> properly configured to authenticate against LDAP and I can successfully
> query the LDAP server.
> 
> Now when I'm trying to authenticate against LDAP with mod_auth_ldap I
> receive the following in my error_log:
> 
> [Wed May 23 23:47:26 2007] [debug] mod_auth_ldap.c(308): [client
> 10.8.20.2] [21819] auth_ldap authenticate: using URL
> ldaps://bar.foo.com/ou=staff,dc=foo,dc=com?uid
> [Wed May 23 23:47:26 2007] [warn] [client 10.8.20.2] [21819] auth_ldap
> authenticate: user sf authentication failed; URI /proto/trunk [LDAP:
> ldap_simple_bind_s() failed][Can't contact LDAP server]
> 
> Here's the relevant excerpt in my configs. First, since my LDAP server
> is using SSL, I have the following mod_ldap directives in httpd.conf:
> 
> LDAPTrustedCA /etc/httpd/conf/ssl.crt/ca.pem
> LDAPTrustedCAType BASE64_FILE
> 
> .. and just to verify the ca file:
> 
> -r--r--r--  1 nobody root 1354 Apr 16 17:50 /etc/httpd/conf/ssl.crt/ca.pem
> 
> my virtualhost.conf has the following excerpt:
> 
> <VirtualHost *:80>
>    ServerName svn.foo.com
>    LogLevel debug
>    <Location />
>     DAV svn
>     SVNParentPath /opt/svn/
>     AuthLDAPEnabled on
>     AuthType Basic
>     AuthName "Authorized Users ONLY!"
>     AuthLDAPAuthoritative on
>     AuthLDAPURL "ldaps://bar.foo.com/ou=staff,dc=foo,dc=com?uid"
>     require valid-user
>     Order mutual-failure
>     Allow from 10.8.12.14/32
>     Satisfy any
>    </Location>
> CustomLog logs/svn-access_log common
> </VirtualHost>
> 
> Thank you kindly for any insight anyone might be able to offer me.
> 
> - sf
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> !DSPAM:1020,4655136625191342210631!
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message