Another observation: I changed the AuthLDAPURL to '"ldap:..." STARTTLS', gathering from the wording in the manual that mod_authnz_ldap might only do LDAPS through the Netscape SDK while I'm using OpenLDAP:
Support for LDAP over SSL (requires the Netscape SDK) or TLS
(requires the OpenLDAP 2.x SDK or Novell LDAP SDK).
Now the LDAP layer actually speaks. httpd sends a START_TLS extended
request, and ADS responds positively. Then, without any attempt to
bind, let alone query, httpd sends an LDAP unbind and begins tearing
down the TCP connection.
No. Time Source Destination Protocol Info
1 0.000000 134.68.190.58 134.68.220.153 TCP 45637
> ldap [SYN] Seq=0 Len=0 MSS=1460 TSV=96846395 TSER=0 WS=7
2 0.000268 134.68.220.153 134.68.190.58 TCP ldap >
45637 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
3 0.000331 134.68.190.58 134.68.220.153 TCP 45637
> ldap [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=96846395 TSER=0
4 0.001346 134.68.190.58 134.68.220.153 LDAP
5 0.001961 134.68.220.153 134.68.190.58 LDAP
extendedResp(1)
6 0.002016 134.68.190.58 134.68.220.153 TCP 45637
> ldap [ACK] Seq=32 Ack=47 Win=5888 Len=0 TSV=96846395 TSER=484044
7 0.003463 134.68.190.58 134.68.220.153 LDAP
unbindRequest(2)
8 0.003552 134.68.190.58 134.68.220.153 TCP 45637
> ldap [FIN, ACK] Seq=39 Ack=47 Win=5888 Len=0 TSV=96846396 TSER=484044
9 0.003784 134.68.220.153 134.68.190.58 TCP ldap >
45637 [ACK] Seq=47 Ack=40 Win=65497 Len=0 TSV=484044 TSER=96846396
10 0.003962 134.68.220.153 134.68.190.58 TCP ldap >
45637 [FIN, ACK] Seq=47 Ack=40 Win=65497 Len=0 TSV=484044 TSER=96846396
11 0.004009 134.68.190.58 134.68.220.153 TCP 45637
> ldap [ACK] Seq=40 Ack=48 Win=5888 Len=0 TSV=96846396 TSER=484044
It's as though the LDAP auth code gets all set to bind, then discovers
some error which goes totally unreported, and drops the connection as failed.
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.
pgpaZJkeDg3FF.pgp
Description: PGP signature
