RE: DO NOT REPLY [Bug 50823] Provide alternate failure modes for http on https

TARDUCCI, NICOLAS (AG-Contractor/5000) Mon, 16 Apr 2012 09:54:20 -0700

Hi,

All of you, this should work, right? But it is not working for me. The 
AuthLDAPUrl is correct?



<AuthnProviderAlias ldap north_america>
            AuthLDAPUrl 
"ldap://na.ds.monsanto.com:389/DC=ds,DC=monsanto,DC=com?sAMAccountName?sub?(memberOf=CN=NA-1000-TPS-DEVELOPERS-G,OU=Groups,OU=1000,OU=Locations,DC=na,DC=ds,DC=monsanto,DC=com)"
 
  AuthLDAPBindDN "CN=NA1000APP-EC,OU=Non-User 
Accounts,OU=1000,OU=Locations,DC=na,DC=ds,DC=monsanto,DC=com"
  AuthLDAPBindPassword xxxxxx
</AuthnProviderAlias>


2.      AuthnProviderAlias definition for south_america:

<AuthnProviderAlias ldap south_america>
            AuthLDAPUrl 
"ldap://la.ds.monsanto.com:389/DC=ds,DC=monsanto,DC=com?sAMAccountName?sub?(memberOf=CN=LA-0000-USCCIADM-G,OU=Regional
 Groups,DC=la,DC=ds,DC=monsanto,DC=com)"
  AuthLDAPBindDN "CN=NA1000APP-EC,OU=Non-User 
Accounts,OU=1000,OU=Locations,DC=na,DC=ds,DC=monsanto,DC=com"
  AuthLDAPBindPassword xxxxxx
</AuthnProviderAlias>

3.      Enterprise repository:

<Location /enterprise>
  AuthType Basic
  AuthName "Enterprise Repository"
  AuthBasicProvider north_america south_america
  #AuthLDAPUrl 
"ldap://na.ds.monsanto.com:3268/DC=ds,DC=monsanto,DC=com?sAMAccountName?sub";
  #AuthLDAPBindDN "CN=NA1000APP-EC,OU=Non-User 
Accounts,OU=1000,OU=Locations,DC=na,DC=ds,DC=monsanto,DC=com"
  #AuthLDAPBindPassword xxxxxx
  AuthzLDAPAuthoritative OFF
  Require valid-user
  #Require ldap-group 
CN=NA-1000-INTERNAL_VCS_ACCESS_TEST-U,OU=Groups,OU=1000,OU=Locations,DC=na,DC=ds,DC=monsanto,DC=com
  DAV svn
  SVNPath /svndata/repos/enterprise
</Location>



Lic. Nicolás Alejandro Tarducci
Monsanto Argentina Development Team
EAS - Java Services Team
Phone: +54 11 4316-2723
Maipú 1210 10th Floor.

-----Original Message-----
From: [email protected] [mailto:[email protected]] 
Sent: Monday, April 16, 2012 1:51 PM
To: [email protected]
Subject: DO NOT REPLY [Bug 50823] Provide alternate failure modes for http on 
https

https://issues.apache.org/bugzilla/show_bug.cgi?id=50823

--- Comment #5 from otheus <[email protected]> 2012-04-16 16:51:19 
UTC ---
Configuration stripped down -- only so, prefork, core, http_core, vhost and
log_config are enabled.

The access logs show only a request via HTTP/0.9...
 GET   HTTP/0.9 VIRTUAL-HOST       /  10.2.11.81   443   400    10.2.10.17 -

Error logs show:

[Mon Apr 16 18:44:47 2012] [info] [client 10.2.10.17] Connection to child 2
established (server HOST:443)
[Mon Apr 16 18:44:47 2012] [info] Seeding PRNG with 144 bytes of entropy
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_kernel.c(1761): OpenSSL:
Handshake: start
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_kernel.c(1769): OpenSSL: Loop:
before/accept initialization
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_io.c(1795): OpenSSL: read 11/11
bytes from BIO#2b5e9dd6c6f0 [mem: 2b5e9dd73dc0] (BIO dump follows)
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_io.c(1742):
+-------------------------------------------------------------------------+
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_io.c(1767): | 0000: 47 45 54 20
2f 20 48 54-54 50 2f                 GET / HTTP/      |
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_io.c(1773):
+-------------------------------------------------------------------------+
[Mon Apr 16 18:44:47 2012] [debug] ssl_engine_kernel.c(1798): OpenSSL: Exit:
error in SSLv2/v3 read client hello A
[Mon Apr 16 18:44:47 2012] [info] [client 10.2.10.17] SSL handshake failed:
HTTP spoken on HTTPS port; trying to send HTML error page
[Mon Apr 16 18:44:47 2012] [info] SSL Library Error: 336027804
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP
to HTTPS port!?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

This e-mail message may contain privileged and/or confidential information, and 
is intended to be received only by persons entitled
to receive such information. If you have received this e-mail in error, please 
notify the sender immediately. Please delete it and
all attachments from any servers, hard drives or any other media. Other use of 
this e-mail by you is strictly prohibited.

All e-mails and attachments sent and received are subject to monitoring, 
reading and archival by Monsanto, including its
subsidiaries. The recipient of this e-mail is solely responsible for checking 
for the presence of "Viruses" or other "Malware".
Monsanto, along with its subsidiaries, accepts no liability for any damage 
caused by any such code transmitted by or accompanying
this e-mail or any attachment.


The information contained in this email may be subject to the export control 
laws and regulations of the United States, potentially
including but not limited to the Export Administration Regulations (EAR) and 
sanctions regulations issued by the U.S. Department of
Treasury, Office of Foreign Asset Controls (OFAC).  As a recipient of this 
information you are obligated to comply with all
applicable U.S. export laws and regulations.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

RE: DO NOT REPLY [Bug 50823] Provide alternate failure modes for http on https

Reply via email to