httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From daniel.goul...@and.co.uk
Subject RE: [users@httpd] Apache/2.2.8 authenticate LDAP AD SSL or TLS - ubuntu(debian)
Date Mon, 23 Nov 2009 10:13:03 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type 
format="flowed" plain; text Content-Type: 7bit Content-Transfer-Encoding:>
<META name=GENERATOR content="MSHTML 8.00.6001.18852"></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial>Hi Simon</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial>I know exactly what you are referring to as I have attempted 
to configure the same authentication (I seem to remember it was with Apache 
2.2.6).</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial>Unfortunately, when I tried it, LDAPS authentication with 
Apache resulted in segfaults.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial>If you have managed to get things working over plain LDAP 
(port 389) then you are nearly there...</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial>All you have to do is change the protocol and port and Apache 
should do the rest</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial>Of course you need to configure AD for the SSL/TLS 
encryption...</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial><A 
href="http://lmgtfy.com/?q=active+directory+ldaps">http://lmgtfy.com/?q=active+directory+ldaps</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial></FONT></SPAN>&nbsp;</DIV>
<DIV dir=ltr align=left><SPAN class=704340610-23112009><FONT color=#0000ff

size=2 face=Arial></FONT></SPAN>&nbsp;</DIV><BR>
<DIV dir=ltr lang=en-us class=OutlookMessageHeader align=left>
<HR tabIndex=-1>
<FONT size=2 face=Tahoma><B>From:</B> Simon Walter 
&lt;simon.walter@hokkaidotracks.com&gt; [mailto:Simon Walter 
&lt;simon.walter@hokkaidotracks.com&gt;] <BR><B>Sent:</B> 19 November
2009 
08:16<BR><B>To:</B> users@httpd.apache.org<BR><B>Subject:</B>
[users@httpd] 
Apache/2.2.8 authenticate LDAP AD SSL or TLS - 
ubuntu(debian)<BR></FONT><BR></DIV>
<DIV></DIV>Hi all, <BR><BR>This is my first message to the list. Greetings.

<BR><BR>First off I'll start by saying that I've scoured the search engines and

<BR>searched this list and found only bits and pieces. I'm not going to 
<BR>report any problems right away. <BR><BR>My questions is: Does anyone
know of 
a document that describes what I <BR>need to make Apache authenticate via LDAP 
over SSL or TLS connecting to <BR>a MS AD server? <BR><BR>I've able to do
this 
successfully with plaintext (no SSL or TLS). <BR>However I get warnings on my AD 
server saying that it is a security risk. <BR><BR>I'm don't know much about 
Windows, and I could have a problem with the <BR>AD server and would like to 
know how I can test that. I've tried to <BR>connect to the AD server with 
JXplorer and LDAPExplorertool2 and have <BR>failed with SSL and TLS. I also 
tried using ldapsearch and got an error: <BR>"ldap_sasl_interactive_bind_s: 
Unknown authentication method" Then I <BR>installed the package for gssapi 
"libsasl2-modules-gssapi-heimdal". Now <BR>I get a different error: 
<BR>"SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local 
<BR>error (-2)" <BR><BR>I'm not sure what types of connections MS AD supports:

SSL, TLS, SASL... <BR>??? How can I know for sure that the server side is fine? 
<BR><BR>Anyway, If someone can show me a working apache config and or a document

<BR>which describes what I need to do to get this setup working, I'd be very 
<BR>grateful. <BR><BR>I'll reply once I've tried all your suggestions. 
<BR><BR>Thanks for your help. <BR><BR>Simon 
<BR><BR><BR>---------------------------------------------------------------------

<BR>The official User-To-User support forum of the Apache HTTP Server Project. 
<BR>See &lt; URL:<A 
href="http://httpd.apache.org/userslist.html">http://httpd.apache.org/userslist.html</A>&gt;

for more info. <BR>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
<BR>" from the digest: users-digest-unsubscribe@httpd.apache.org <BR>For 
additional commands, e-mail: users-help@httpd.apache.org 
<BR><BR><BR>______________________________________________________________________

<BR>This email has been scanned by the MessageLabs Email Security System. 
<BR>For more information please visit <A 
href="http://www.messagelabs.com/email">http://www.messagelabs.com/email</A> 
<BR>______________________________________________________________________ 
<BR><BR>
______________________________________________________________________<BR>
This e-mail and any attached files are intended for the named addressee only. It contains
information, which may be confidential and legally privileged and also protected by copyright.
Unless you are the named addressee (or authorised to receive for the addressee) you may not
copy or use it, or disclose it to anyone else. If you received it in error please notify the
sender immediately and then delete it from your system. Please be advised that the views and
opinions expressed in this e-mail may not reflect the views and opinions of Associated Newspapers
Limited or any of its subsidiary companies. We make every effort to keep our network free
from viruses. However, you do need to check this e-mail and any attachments to it for viruses
as we can take no responsibility for any computer virus which may be transferred by way of
this e-mail. Use of this or any other e-mail facility signifies consent to any interception
we might lawfully carry out to prevent abuse of these faciliti
 es.<BR>
Associated Newspapers Ltd. Registered Office: Northcliffe House, 2 Derry St, Kensington, London,
W8 5TT. Registered No 84121 England.<BR>
</BODY></HTML>

Mime
View raw message