httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] mod_ldap rejecting apparently valid server certificate for secure ldap against active directory
Date Thu, 13 Mar 2008 19:52:32 GMT
Scheible, Paul wrote:
> I have a couple of apache web server installations that have been unable
> to connect to an Active Directory server after its certificate was
> renewed.  The two installations I attempted to use were versions 2.0.59
> and 2.2.8 both installed on Windows (Win2003 Server and WinXPSP2,
> respectively). [...] I also know that both the server certificate and 
> the root certificate had to be renewed.

On a /default/ windows build, such as shipped by the ASF, the ldap auth
uses the WLDAP32 API from Microsoft itself.  It sounds like MS's LDAP was
throwing away the invalid connection because it did not recognize the root
cert or it's CA chain as authoritative.

Note; there are several bug fixes on apr trunk/1.2.x and httpd trunk/2.2.x
proposed for backport to the next release related to MS LDAP.

> The owners of the AD server finally
> reissued the root certificate and the original Apache configurations
> worked without a problem.  At this point, we have something working but
> we would very much like to know what happened and why.  Can anyone shed
> some light on this?

Well; it's also possible it was invalid, and the other LDAP servers were
simply more permissive.

Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message