httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Holt" <harryh...@gmail.com>
Subject Re: [users@httpd] SSL LDAP Connections on Win32
Date Thu, 28 Feb 2008 02:52:44 GMT
I have tried this same configuration on Windows Server 2003, as well as
Windows XP workstation.  The results are essentially the same, but the error
is different:

[warn] [client 127.0.0.1] [3312] auth_ldap authenticate: user lizard
authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Server
Down]

... which actually seems less accurate, as the server isn't down - it just
won't start an SSL connection.  When trying to connect through to an
openLDAP server, it only give a

 TLS accept failure error=-1

I assume this means that it tried to establish a connection over TLS/SSL,
but the client (Apache ldap_mod) refused to cooperate.  Looks like I'm
stuck.

Thx... HH


On Tue, Feb 26, 2008 at 1:12 PM, Harry Holt <harryholt@gmail.com> wrote:

>
> On Tue, Feb 26, 2008 at 12:41 PM, Udo Rader <udo.rader@bestsolution.at>
> wrote:
>
> >
> > On Tue, 2008-02-26 at 12:35 -0500, Harry Holt wrote:
> > > Okay, apparently, with the binary distribution of Apache 2.2 for
> > > Win32, it is not possible to initialize an SSL connection to an LDAP
> > > server using mod_ldap and mod_authnz_ldap.
> > >
> > > During startup I get:
> > >
> > > [info] LDAP: SSL support unavailable: LDAP: CA certificates cannot be
> > > set using this method, as they are stored in the registry instead.
> > >
> > > And if I try to initiate an SSL connection with an LDAP server I get:
> > >
> > > [warn] [client 127.0.0.1] [8048] auth_ldap authenticate: user vec02
> > > authentication failed; URI /svn [LDAP: an attempt to set LDAP_OPT_SSL
> > > on failed.][Parameter Error]
> > >
> > > So, my questions:
> > >
> > > Am I crazy or is LDAP over SSL just not supported for this
> > > distribution?  and
> > >
> > > If I'm not crazy, is there a binary distribution of aprutil-1.dll that
> > > will support this (that anyone knows of) or will I have to figure out
> > > how to compile it myself?
> > >
> > > I appreciate any info and pointers.
> >
> > ... maybe you should start by posting some configuration excerpts?
> >
> > --
> > ´╗┐Udo Rader
> >
> > bestsolution.at EDV Systemhaus GmbH
> > http://www.bestsolution.at
> >
> >
> > >
> >
>
> --
Harry Holt, PMP
Mime
View raw message