I am running apache2-2.0.54 under Debian sarge on a PIII, with the following modules enabled: auth_ldap.load, cgid.load, ssl.load. All works fine for both http:// and https:// access.
Cleartext LDAP (ldap://) authentication works fine, too, httpd.conf:LDAPSharedCacheFile /tmp/mod_ldap_cache.tmp sites-enabled/000-default: AuthLDAPBindDN "cn=ugradgrant,ou=pwcheck,dc=northwestern,dc=edu" sites-enabled/000-default: AuthLDAPBindPassword "############" sites-enabled/000-default: AuthName "LDAP-Authenticated URGC Reviews" sites-enabled/000-default: AuthLDAPURL "ldap://ldap2.itcs.northwestern.edu/dc=northwestern,dc=edu?nuIdTag?sub?"; sites-enabled/000-default: AuthLDAPBindDN "cn=ugradgrant,ou=pwcheck,dc=northwestern,dc=edu" with success recorded in the Apache2 log as follows: [debug] /home/adconrad/build/apache2/security/sarge/apache2-2.0.54/build-tree/apache2/modules/experimental/mod_auth_ldap.c(337): [client 172.171.211.47] [4521] auth_ldap authenticate: using URL ldap://ldap2.itcs.northwestern.edu/dc=northwestern,dc=edu?nuIdTag?sub? [debug] /home/adconrad/build/apache2/security/sarge/apache2-2.0.54/build-tree/apache2/modules/experimental/mod_auth_ldap.c(411): [client 172.171.211.47] [4521] auth_ldap authenticate: accepting crb177 However, LDAP authentication via SSL (ldaps://) fails in a strange way, httpd.conf:LDAPTrustedCA /usr/lib/apache2/Cert/verisign-bundleca.crt httpd.conf:LDAPTrustedCAType BASE64_FILE sites-enabled/000-default: AuthLDAPURL "ldaps://ldap2.itcs.northwestern.edu/dc=northwestern,dc=edu?nuIdTag?sub?" with failure recorded in the Apache2 log as follows: [debug] /home/adconrad/build/apache2/security/sarge/apache2-2.0.54/build-tree/apache2/modules/experimental/mod_auth_ldap.c(337): [client 172.171.211.47] [4524] auth_ldap authenticate: using URL ldaps://ldap2.itcs.northwestern.edu/dc=northwestern,dc=edu?nuIdTag?sub? [warn] [client 172.171.211.47] [4524] auth_ldap authenticate: user crb177 authentication failed; URI /ldaps/ [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] while the LDAPS server log records a momentary connection: [14/Oct/2005:11:57:59 -0500] conn=356483 op=-1 msgId=-1 - fd=76 slot=76 LDAPS connection from 129.105.129.105 to 129.105.117.27 [14/Oct/2005:11:57:59 -0500] conn=356483 op=-1 msgId=-1 - SSL 128-bit RC4 [14/Oct/2005:11:57:59 -0500] conn=356483 op=-1 msgId=-1 - closing - B1 [14/Oct/2005:11:57:59 -0500] conn=356483 op=-1 msgId=-1 - closed. without apparent binding. Any suggestions as to why ldaps:// authentication alone is failing? Craig --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
