httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Asimananda Mohanty <asimananda.moha...@gmail.com>
Subject [users@httpd] Regarding OpenLDAP Access From Apache
Date Fri, 18 Sep 2009 05:55:11 GMT
Hi All,
I am a new member in this group. I am facing an issue regarding openLDAP
access from apache http server and here are the details.

1. I have configured a openLDAP server configured with gnutls as can be seen
below :

========================================

ldd slapd
        linux-gate.so.1 =>  (0xb7f6d000)
        libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0xb7f19000)
        liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb7f0b000)
        libdb-4.7.so => /usr/lib/libdb-4.7.so (0xb7db6000)
        libodbc.so.1 => /usr/lib/libodbc.so.1 (0xb7d4f000)
        libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7d36000)
        libslp.so.1 => /usr/lib/libslp.so.1 (0xb7d26000)
        libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7d0d000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cf5000)
        libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7c57000)
        libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0xb7c45000)
        libz.so.1 => /lib/libz.so.1 (0xb7c2f000)
        libgcrypt.so.11 => /lib/libgcrypt.so.11 (0xb7bc6000)
        libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7b94000)
        libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7b7d000)
        libltdl.so.7 => /usr/lib/libltdl.so.7 (0xb7b74000)
        libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7b70000)
        libwrap.so.0 => /lib/libwrap.so.0 (0xb7b67000)
        libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7a04000)
        /lib/ld-linux.so.2 (0xb7f6e000)
        libgpg-error.so.0 => /lib/libgpg-error.so.0 (0xb7a00000)

========================================

2. I have my apache http server sitting on a solaris 10 x86 machine. The
httpd.conf details are below (related to LDAP).

========================================

                <Location />
                    SSLRequireSSL
                    AuthType Basic
                    AuthLDAPEnabled on
                    *AuthLDAPUrl
ldap://xxx.xxx.xxx.xxx:389/dc=ldapcompany,dc=com?uid,AppAttr?sub?(AppAttr=*)
*
                    AuthLDAPBindDN cn=admin,dc=ldapcompany,dc=com
                    AuthLDAPBindPassword 12345678
                    AuthName realm1
                    Require valid-user
                </Location>

========================================

3. I need to access the application GUI through apache and the user
authentication happens through LDAP. AppAttr is an user defined attribute
that controls the kind of controls the user can see on the GUI, e.g. admin
user can see all the controls and so on.

4. With the above settings in httpd.conf, the GUI access happens without any
issues.

5. The time I change the "ldap" to "ldaps" in AuthLDAPUrl, GUI access
doesn't happen.

6. At first look, it may give an impression that SSL/TLS is not enabled on
my openLDAP server. But this is not the case.

7. Here is the command that gives perfect result and that can happen only if
SSL/TLS is enabled on the same.

========================================

ldapsearch -d8 -H ldaps://ldapcompany.com -b dc=ldapcompany,dc=com
uid=asimananda

OR

ldapsearch -d8 -ZZ -H ldap://ldapcompany.com -b dc=ldapcompany,dc=com
uid=asimananda

========================================

Both commands ask for a password and after the password is given, it shows
the result without fail.

Either of the commands can be used i.e. with ldaps url OR ldap url with -ZZ
option that forces TLS.

8. My issue is, if SSL/TLS is enabled on the openLDAP, why "ldaps" url
doesn't work from apache?

Please help me resolving the issue.

Regards
Asimananda

Mime
View raw message