Dear Apache users, I am trying to debug an error in an Apache LDAPS connection, against Windows Active Directory:
[authnz_ldap:info] [pid 14680270:tid 515] [client 172.24.12.217:52072] AH01695: auth_ldap authenticate: user pdonaghy authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind() failed][Can't contact LDAP server] Many entries for this error point to a problem with the certificate chain. But as far as I can see, the certificate chain is valid - I have checked it using openssl s_client. I have also disabled the Apache certification validation: LDAPVerifyServerCert off I have setup detailed logging in Apache: LDAPLibraryDebug 7 and LogLevel debug but I am still not getting the detailed cause of the error. For example: ** ld 3048d718 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 3048d718 request count 1 (abandoned 0) ** ld 3048d718 Response Queue: Empty ld 3048d718 response count 0 ldap_chkResponseList ld 3048d718 msgid 1 all 0 ldap_chkResponseList returns ld 3048d718 NULL ldap_int_select read1msg: ld 3048d718 msgid 1 all 0 ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ldap_free_request (origid 1, msgid 1) ldap_free_connection 1 1 ldap_free_connection: actually freed ldap_create [Tue Jan 21 12:57:46.650655 2014] [ldap:debug] [pid 15335652:tid 772] util_ldap.c(370): AH01278: LDAP: Setting referrals to Off. ldap_err2string [Tue Jan 21 12:57:46.650687 2014] [authnz_ldap:info] [pid 15335652:tid 772] [client 172.24.13.177:64607] AH01695: auth_ldap authenticate: user dgfd authentication failed; URI /favicon.ico [LDAP: ldap_simple_bind() failed][Can't contact LDAP server] Does anyone know of a way to get further debug information about the certificate chain processing within Apache? The OS is Aix 7.1, and the opensource components are as follows: apr-1.4.8-1 apr-devel-1.4.8-1 apr-util-1.5.2-1 apr-util-db4-1.5.2-1 apr-util-freetds-1.5.2-1 apr-util-gdbm-1.5.2-1 apr-util-ldap-1.5.2-1 apr-util-odbc-1.5.2-1 apr-util-sqlite-1.5.2-1 httpd-2.4.7-1 mod_ssl-2.4.7-1 openssl-1.0.1e-2 openssl-devel-1.0.1e-2 openssl-doc-1.0.1e-2 openldap-2.4.23-0.3 openldap-clients-2.4.23-0.3 Thank you for any help. Peter Donaghy. -- ********************************************************************** This email is confidential and may contain copyright material of the John Lewis Partnership. If you are not the intended recipient, please notify us immediately and delete all copies of this message. (Please note that it is your responsibility to scan this message for viruses). Email to and from the John Lewis Partnership is automatically monitored for operational and lawful business reasons. ********************************************************************** John Lewis plc Registered in England 233462 Registered office 171 Victoria Street London SW1E 5NN Websites: http://www.johnlewis.com http://www.waitrose.com http://www.johnlewis.com/insurance http://www.johnlewispartnership.co.uk **********************************************************************