Hi All,
I am a new member in this group. I am facing an issue regarding openLDAP
access from apache http server and here are the details.
1. I have configured a openLDAP server configured with gnutls as can be seen
below :
========================================
ldd slapd
linux-gate.so.1 => (0xb7f6d000)
libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0xb7f19000)
liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb7f0b000)
libdb-4.7.so => /usr/lib/libdb-4.7.so (0xb7db6000)
libodbc.so.1 => /usr/lib/libodbc.so.1 (0xb7d4f000)
libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7d36000)
libslp.so.1 => /usr/lib/libslp.so.1 (0xb7d26000)
libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7d0d000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cf5000)
libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7c57000)
libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0xb7c45000)
libz.so.1 => /lib/libz.so.1 (0xb7c2f000)
libgcrypt.so.11 => /lib/libgcrypt.so.11 (0xb7bc6000)
libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7b94000)
libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7b7d000)
libltdl.so.7 => /usr/lib/libltdl.so.7 (0xb7b74000)
libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7b70000)
libwrap.so.0 => /lib/libwrap.so.0 (0xb7b67000)
libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7a04000)
/lib/ld-linux.so.2 (0xb7f6e000)
libgpg-error.so.0 => /lib/libgpg-error.so.0 (0xb7a00000)
========================================
2. I have my apache http server sitting on a solaris 10 x86 machine. The
httpd.conf details are below (related to LDAP).
========================================
<Location />
SSLRequireSSL
AuthType Basic
AuthLDAPEnabled on
*AuthLDAPUrl
ldap://xxx.xxx.xxx.xxx:389/dc=ldapcompany,dc=com?uid,AppAttr?sub?(AppAttr=*)
*
AuthLDAPBindDN cn=admin,dc=ldapcompany,dc=com
AuthLDAPBindPassword 12345678
AuthName realm1
Require valid-user
</Location>
========================================
3. I need to access the application GUI through apache and the user
authentication happens through LDAP. AppAttr is an user defined attribute
that controls the kind of controls the user can see on the GUI, e.g. admin
user can see all the controls and so on.
4. With the above settings in httpd.conf, the GUI access happens without any
issues.
5. The time I change the "ldap" to "ldaps" in AuthLDAPUrl, GUI access
doesn't happen.
6. At first look, it may give an impression that SSL/TLS is not enabled on
my openLDAP server. But this is not the case.
7. Here is the command that gives perfect result and that can happen only if
SSL/TLS is enabled on the same.
========================================
ldapsearch -d8 -H ldaps://ldapcompany.com -b dc=ldapcompany,dc=com
uid=asimananda
OR
ldapsearch -d8 -ZZ -H ldap://ldapcompany.com -b dc=ldapcompany,dc=com
uid=asimananda
========================================
Both commands ask for a password and after the password is given, it shows
the result without fail.
Either of the commands can be used i.e. with ldaps url OR ldap url with -ZZ
option that forces TLS.
8. My issue is, if SSL/TLS is enabled on the openLDAP, why "ldaps" url
doesn't work from apache?
Please help me resolving the issue.
Regards
Asimananda
