Hi All, I am a new member in this group. I am facing an issue regarding openLDAP access from apache http server and here are the details.
1. I have configured a openLDAP server configured with gnutls as can be seen below : ======================================== ldd slapd linux-gate.so.1 => (0xb7f6d000) libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0xb7f19000) liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb7f0b000) libdb-4.7.so => /usr/lib/libdb-4.7.so (0xb7db6000) libodbc.so.1 => /usr/lib/libodbc.so.1 (0xb7d4f000) libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7d36000) libslp.so.1 => /usr/lib/libslp.so.1 (0xb7d26000) libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7d0d000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cf5000) libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7c57000) libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0xb7c45000) libz.so.1 => /lib/libz.so.1 (0xb7c2f000) libgcrypt.so.11 => /lib/libgcrypt.so.11 (0xb7bc6000) libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7b94000) libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7b7d000) libltdl.so.7 => /usr/lib/libltdl.so.7 (0xb7b74000) libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7b70000) libwrap.so.0 => /lib/libwrap.so.0 (0xb7b67000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7a04000) /lib/ld-linux.so.2 (0xb7f6e000) libgpg-error.so.0 => /lib/libgpg-error.so.0 (0xb7a00000) ======================================== 2. I have my apache http server sitting on a solaris 10 x86 machine. The httpd.conf details are below (related to LDAP). ======================================== <Location /> SSLRequireSSL AuthType Basic AuthLDAPEnabled on *AuthLDAPUrl ldap://xxx.xxx.xxx.xxx:389/dc=ldapcompany,dc=com?uid,AppAttr?sub?(AppAttr=*) * AuthLDAPBindDN cn=admin,dc=ldapcompany,dc=com AuthLDAPBindPassword 12345678 AuthName realm1 Require valid-user </Location> ======================================== 3. I need to access the application GUI through apache and the user authentication happens through LDAP. AppAttr is an user defined attribute that controls the kind of controls the user can see on the GUI, e.g. admin user can see all the controls and so on. 4. With the above settings in httpd.conf, the GUI access happens without any issues. 5. The time I change the "ldap" to "ldaps" in AuthLDAPUrl, GUI access doesn't happen. 6. At first look, it may give an impression that SSL/TLS is not enabled on my openLDAP server. But this is not the case. 7. Here is the command that gives perfect result and that can happen only if SSL/TLS is enabled on the same. ======================================== ldapsearch -d8 -H ldaps://ldapcompany.com -b dc=ldapcompany,dc=com uid=asimananda OR ldapsearch -d8 -ZZ -H ldap://ldapcompany.com -b dc=ldapcompany,dc=com uid=asimananda ======================================== Both commands ask for a password and after the password is given, it shows the result without fail. Either of the commands can be used i.e. with ldaps url OR ldap url with -ZZ option that forces TLS. 8. My issue is, if SSL/TLS is enabled on the openLDAP, why "ldaps" url doesn't work from apache? Please help me resolving the issue. Regards Asimananda