httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Fortin <ali...@it.net.au>
Subject [users@httpd] mod_authnz_ldap and SSL
Date Wed, 17 Oct 2007 10:11:57 GMT
Hi guys.
I'm trying to enable SSL for LDAP authentication on a Debian Etch, 
Apache version 2.2.3

The authentication/authorization without SSL directives is working 
properly, but as soon as I try to enable the secure layer, I get this error:

[debug] mod_authnz_ldap.c(373): [18646] auth_ldap authenticate: using 
URL ldaps://ldap.mydomain.com/ou=People,dc=mydomain,dc=com?uid
[warn] [30270] auth_ldap authenticate: user testuser authentication 
failed; URI /account-management/secure/ [LDAP: ldap_simple_bind_s() 
failed][Can't contact LDAP server]

I'm pretty sure it's not a firewall issue because I can telnet to port 
636 on LDAP server(s).

These are the directives I've set up:

<IfModule util_ldap.c>
         LDAPTrustedGlobalCert CA_BASE64 /etc/ssl/certs/cacert.pem
         LDAPTrustedMode SSL
         LDAPVerifyServerCert off
</IfModule>

<Directory /var/www/it/account-management/secure>
AuthType Basic
AuthName "LDAP authentication for IT"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldaps://ldap.mydomain.com/ou=People,dc=it,dc=net,dc=au?uid"
require valid-user
</Directory>

Any suggestion? Thanks!

-- 
Alexander Fortin
IT Consultant
Informed Technology
E-mail: alieno@it.net.au
Ph: 08 9460 4888  Fax: 08 9460 4877

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message