httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vr <apache-u...@iotk.net>
Subject [users@httpd] SSL between Apache and ldap
Date Mon, 22 Feb 2010 17:40:30 GMT
I'm trying to enable SSL encryption between apache2 and ldap of
Microsoft's Active Directory 2008 so password authentication is not sent in
clear text during the 2nd hop of https connections.

I've installed apache2 on a Debian Lenny i386 system using Debian's
prebuilt apache2, ldap and ssl-cert packages.
I've enabled the distributions included apache2 modules ldap and
authnz_ldap.
I've read Microsoft docs which states ldaps is enabled by default.
I've confirmed the active directory server port 636 is open via netstat.
I've confirmed using nmap that the active directory server shows port 636
open, un-firewalled.

In my apache2 config, if I use:
"ldap://adserver.domain.tld:389/DC=domain,DC=tld?sAMAccountname?sub?(objectClass=*)"
NONE
I can successfully make connections to https://myserver.domain.tld using
an active directory account. The account is authenticated but my
understanding is that communication from apache2 to ldap will be sent in
plain text.

In my apache2 config, if I try to use:
"ldaps://adserver.domain.tld:636/DC=domain,DC=tld?sAMAccountname?sub?(objectClass=*)"
SSL
the authentication fails, per my error.log with:
"authentication failed; URi / [LDAP: ldap_simple_bind_s() failed]Can't
contact LDAP server]".

Are there additional pieces needed for this to work?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message