httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darren Spruell <>
Subject Re: [users@httpd] Failure authing against LDAPS, web server tearing down connections
Date Wed, 10 Aug 2011 01:57:53 GMT
On Fri, Aug 5, 2011 at 7:28 PM, Eric Covener <> wrote:
>> The below packet logs show that when the Apache server attempts to
>> bind to LDAPS, it successfully establishes the TCP connection to port
>> 636 (syn, syn-ack, ack) and then immediately tears down the connection
>> (fin-ack, ack, fin-ack, ack). This cycle repeats 7 times in extremely
>> quick succession (0.01 s) with no higher-layer payload being
>> transferred; the Apache server does not even move into SSL/TLS
>> negotiation. The 7 connect => teardown actions seem to correspond to
>> the 7 log events. The final log message "Can't contact LDAP server" is
>> ironic given that the Apache server itself does not go to SSL and
>> initiates the connection teardown instead.
> There's a tiny module that lets you turn on LDAP_OPT_DEBUG which might
> reveal why the LDAP library is returning an error before seemingly
> even handshaking on the connection

Beautiful. Love the module. :)

Sure enough,

ldap_new_connection 1 1 0
ldap_connect_to_host: TCP [redacted]:636
ldap_new_socket: 22
ldap_prepare_socket: 22
ldap_connect_to_host: Trying
ldap_connect_timeout: fd: 22 tm: 10 async: 0
ldap_ndelay_on: 22
ldap_is_sock_ready: 22
ldap_ndelay_off: 22
TLS: could not load verify locations

A look at ldap.conf on the host reveals a configuration that's...
iffy. Reverting ldap.conf to defaults results in success.

Thanks for the recommendation!

Darren Spruell

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message