httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Walter <simon.wal...@hokkaidotracks.com>
Subject [users@httpd] Apache/2.2.8 authenticate LDAP AD SSL or TLS - ubuntu(debian)
Date Thu, 19 Nov 2009 08:16:00 GMT
Hi all,

This is my first message to the list. Greetings.

First off I'll start by saying that I've scoured the search engines and 
searched this list and found only bits and pieces. I'm not going to 
report any problems right away.

My questions is: Does anyone know of a document that describes what I 
need to make Apache authenticate via LDAP over SSL or TLS connecting to 
a MS AD server?

I've able to do this successfully with plaintext (no SSL or TLS). 
However I get warnings on my AD server saying that it is a security risk.

I'm don't know much about Windows, and I could have a problem with the 
AD server and would like to know how I can test that. I've tried to 
connect to the AD server with JXplorer and LDAPExplorertool2 and have 
failed with SSL and TLS. I also tried using ldapsearch and got an error: 
"ldap_sasl_interactive_bind_s: Unknown authentication method" Then I 
installed the package for gssapi "libsasl2-modules-gssapi-heimdal". Now 
I get a different error:
"SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local 
error (-2)"

I'm not sure what types of connections MS AD supports: SSL, TLS, SASL... 
??? How can I know for sure that the server side is fine?

Anyway, If someone can show me a working apache config and or a document 
which describes what I need to do to get this setup working, I'd be very 
grateful.

I'll reply once I've tried all your suggestions.

Thanks for your help.

Simon


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message