httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Bailleul <Emmanuel.Baill...@telindus.fr>
Subject RE: [users@httpd] LDAP: ldap_set_option failed. Could not set LDAP_OPT_X_TLS to LDAP_OPT_X_TLS_HARD
Date Mon, 02 Nov 2009 11:09:53 GMT


> -----Message d'origine-----
> De : Sandro Tosi [mailto:sandro.tosi@register.it]
> Envoyé : lundi 2 novembre 2009 12:01
> À : users@httpd.apache.org
> Objet : Re: [users@httpd] LDAP: ldap_set_option failed. Could not set
> LDAP_OPT_X_TLS to LDAP_OPT_X_TLS_HARD
> 
> Emmanuel Bailleul wrote:
> > Hi,
> >
> > Did you try your LDAPS connection with ldapsearch first ? (sth like
> ldapsearch -H <ldaps url> -x ...).
> >
> Sorry I didn't mentioned: yes, I have tested, and with ldapsearch it
> works fine (using the name address and not the IP address)
> > An important thing : when calling your ldap server, do use the
> resolved name rather than the IP. You can even add it in your hosts
> file if needed.
> >
> I use the name address and not the IP address. Do you think that's the
> problem? I think it doesn't even try to connect to the ldap server.
> Anyhow, I gave it a try, and same error come.
> > Two other things :
> > - what king of ldap server are u using ?
> >
> it's "OpenLDAP server (slapd) version 2.4.11-1" (Debian Lenny).
> > - when building, are you sure you did not have several ssl
> toolkits/versions installed ? Can you confirm httpd has been built with
> the correct one (I just remember having made this mistake once and
> having to build with an option like "--with-ssl=<path-to-the-right-
> openssl-dir") ?
> I actually used "--with-ssl=/path/to/openssl-0.9.8g-16052008". But,
> hey,
> now that I look at it, in the error.log I see:
> 
> [Mon Nov 02 11:26:54 2009] [info] mod_ssl/2.2.14 compiled against
> Server: Apache/2.2.14, Library: OpenSSL/0.9.7e
> 
> WTH?! why is using 0.9.7e while I told him to link against 0.9.8g?
> 
> Infact
> 
> # strings modules/mod_ssl.so | grep '0.9.7' | wc -l
> 33
> 
> Could that be the problem? Any suggestion how to fix that? Other to
> look?
> 
> Thanks a lot,
> Sandro
> 

I don't think that how mod_ssl was built has anything to do with your ldaps problems, but
as you could see in https://issues.apache.org/bugzilla/show_bug.cgi?id=41041 , the error you
mentioned could clearly be due to different libs used at compile time and at run time. Maybe
you could try to follow the suggestions described in this thread in order to recompile mod_authnz_ldap
with the original openssl toolkit ?

Emmanuel

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message