Re: auth_ldap fails after upgrading to 2.4.9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Still striking out. Any chance you can force it to use non-ssl ldap
and capture the traffic with wireshark to see how the queries differ?

I mistook the one long log line as the lookup, but it's just the configured URL.

On Wed, Apr 16, 2014 at 8:51 AM, Marshall Httpd
<httpd.questions@xxxxxxxxx> wrote:
> Ahh, sure thing.
>
> ===== httpd.exe 2.4.6 =====
>
> [Wed Apr 16 07:54:05.108585 2014] [ssl:info] [pid 1216:tid 972] [client
> 100.200.300.401:60878] AH01964: Connection to child 63 established (server
> xxxdev.xxx.example.edu:443)
> [Wed Apr 16 07:54:05.109585 2014] [ssl:debug] [pid 1216:tid 972]
> ssl_engine_kernel.c(1956): [client 100.200.300.401:60878] AH02043: SSL
> virtual host for servername xxxdev.xxx.example.edu found
> [Wed Apr 16 07:54:05.252599 2014] [ssl:debug] [pid 1216:tid 972]
> ssl_engine_kernel.c(1886): [client 100.200.300.401:60878] AH02041: Protocol:
> TLSv1.2, Cipher: RC4-SHA (128/128 bits)
> [Wed Apr 16 07:54:05.254599 2014] [ssl:debug] [pid 1216:tid 972]
> ssl_engine_kernel.c(215): [client 100.200.300.401:60878] AH02034: Initial
> (No.1) HTTPS request received for child 63 (server
> xxxdev.xxx.example.edu:443)
> [Wed Apr 16 07:54:05.254599 2014] [authz_core:debug] [pid 1216:tid 972]
> mod_authz_core.c(799): [client 100.200.300.401:60878] AH01626: authorization
> result of Require valid-user : denied (no authenticated user yet)
> [Wed Apr 16 07:54:05.254599 2014] [authz_core:debug] [pid 1216:tid 972]
> mod_authz_core.c(799): [client 100.200.300.401:60878] AH01626: authorization
> result of <RequireAny>: denied (no authenticated user yet)
> [Wed Apr 16 07:54:05.256599 2014] [ssl:debug] [pid 1216:tid 972]
> ssl_engine_kernel.c(215): [client 100.200.300.401:60878] AH02034: Subsequent
> (No.2) HTTPS request received for child 63 (server
> xxxdev.xxx.example.edu:443)
> [Wed Apr 16 07:54:05.256599 2014] [authz_core:debug] [pid 1216:tid 972]
> mod_authz_core.c(799): [client 100.200.300.401:60878] AH01626: authorization
> result of Require valid-user : denied (no authenticated user yet)
> [Wed Apr 16 07:54:05.257599 2014] [authz_core:debug] [pid 1216:tid 972]
> mod_authz_core.c(799): [client 100.200.300.401:60878] AH01626: authorization
> result of <RequireAny>: denied (no authenticated user yet)
> [Wed Apr 16 07:54:05.257599 2014] [authnz_ldap:debug] [pid 1216:tid 972]
> mod_authnz_ldap.c(500): [client 100.200.300.401:60878] AH01691: auth_ldap
> authenticate: using URL
> ldaps://ad.example.edu:636/DC=ad,DC=example,DC=edu?samAccountName?sub?(&(objectCategory=person)(|(CN=xxxtech)(memberOf=CN=dev_Admins,OU=AdminGroups,OU=Groups,OU=dev,OU=EDUCATION,OU=DOMAINS,DC=domain,DC=ad,DC=example,DC=edu)(memberOf=CN=dev_admins,OU=Groups,OU=dev,OU=EDUCATION,OU=DOMAINS,DC=ad,DC=example,DC=edu)(memberOf=CN=dev_Operators,OU=AdminGroups,OU=Groups,OU=dev,OU=EDUCATION,OU=DOMAINS,DC=domain,DC=ad,DC=example,DC=edu)))
> [Wed Apr 16 07:54:05.301604 2014] [authnz_ldap:debug] [pid 1216:tid 972]
> mod_authnz_ldap.c(592): [client 100.200.300.401:60878] AH01697: auth_ldap
> authenticate: accepting dev.frank
> [Wed Apr 16 07:54:05.301604 2014] [authz_svn:debug] [pid 1216:tid 972]
> mod_authz_svn.c(387): [client 100.200.300.401:60878] Path to authz file is
> C:/Program Files/subversionEdge/data/conf/svn_access_file
> [Wed Apr 16 07:54:05.302604 2014] [authz_svn:info] [pid 1216:tid 972]
> [client 100.200.300.401:60878] Access granted: 'dev.frank' OPTIONS
> databaseProject:/
>
>
>
> ===== httpd.exe 2.4.9 =====
>
> [Tue Apr 15 09:11:43.430420 2014] [ssl:info] [pid 4844:tid 1040] [client
> 100.200.300.401:55888] AH01964: Connection to child 52 established (server
> xxxdev.xxx.example.edu:443)
> [Tue Apr 15 09:11:43.431420 2014] [ssl:debug] [pid 4844:tid 1040]
> ssl_engine_kernel.c(1920): [client 100.200.300.401:55888] AH02043: SSL
> virtual host for servername xxxdev.xxx.example.edu found
> [Tue Apr 15 09:11:43.575435 2014] [ssl:debug] [pid 4844:tid 1040]
> ssl_engine_kernel.c(1850): [client 100.200.300.401:55888] AH02041: Protocol:
> TLSv1.2, Cipher: RC4-SHA (128/128 bits)
> [Tue Apr 15 09:11:43.577435 2014] [ssl:debug] [pid 4844:tid 1040]
> ssl_engine_kernel.c(226): [client 100.200.300.401:55888] AH02034: Initial
> (No.1) HTTPS request received for child 52 (server
> xxxdev.xxx.example.edu:443)
> [Tue Apr 15 09:11:43.577435 2014] [authz_core:debug] [pid 4844:tid 1040]
> mod_authz_core.c(799): [client 100.200.300.401:55888] AH01626: authorization
> result of Require valid-user : denied (no authenticated user yet)
> [Tue Apr 15 09:11:43.577435 2014] [authz_core:debug] [pid 4844:tid 1040]
> mod_authz_core.c(799): [client 100.200.300.401:55888] AH01626: authorization
> result of <RequireAny>: denied (no authenticated user yet)
> [Tue Apr 15 09:11:43.579435 2014] [ssl:debug] [pid 4844:tid 1040]
> ssl_engine_kernel.c(226): [client 100.200.300.401:55888] AH02034: Subsequent
> (No.2) HTTPS request received for child 52 (server
> xxxdev.xxx.example.edu:443)
> [Tue Apr 15 09:11:43.579435 2014] [authz_core:debug] [pid 4844:tid 1040]
> mod_authz_core.c(799): [client 100.200.300.401:55888] AH01626: authorization
> result of Require valid-user : denied (no authenticated user yet)
> [Tue Apr 15 09:11:43.579435 2014] [authz_core:debug] [pid 4844:tid 1040]
> mod_authz_core.c(799): [client 100.200.300.401:55888] AH01626: authorization
> result of <RequireAny>: denied (no authenticated user yet)
> [Tue Apr 15 09:11:43.579435 2014] [authnz_ldap:debug] [pid 4844:tid 1040]
> mod_authnz_ldap.c(500): [client 100.200.300.401:55888] AH01691: auth_ldap
> authenticate: using URL
> ldaps://ad.example.edu:636/DC=ad,DC=example,DC=edu?samAccountName?sub?(&(objectCategory=person)(|(CN=xxxtech)(memberOf=CN=dev_Admins,OU=AdminGroups,OU=Groups,OU=dev,OU=EDUCATION,OU=DOMAINS,DC=domain,DC=ad,DC=example,DC=edu)(memberOf=CN=dev_admins,OU=Groups,OU=dev,OU=EDUCATION,OU=DOMAINS,DC=ad,DC=example,DC=edu)(memberOf=CN=dev_Operators,OU=AdminGroups,OU=Groups,OU=dev,OU=EDUCATION,OU=DOMAINS,DC=domain,DC=ad,DC=example,DC=edu)))
>
> [Tue Apr 15 09:11:43.585436 2014] [authnz_ldap:info] [pid 4844:tid 1040]
> [client 100.200.300.401:55888] AH01695: auth_ldap authenticate: user
> dev.frank authentication failed; URI /svn/databaseProject [User not
> found][No Such Object]
>
>
> On Tue, Apr 15, 2014 at 6:22 PM, Eric Covener <covener@xxxxxxxxx> wrote:
>>
>> On Tue, Apr 15, 2014 at 5:36 PM, Marshall Httpd
>> <httpd.questions@xxxxxxxxx> wrote:
>> > Logging differences, sure thing...
>>
>>
>> I meant between 2.4.6 and 2.4.9 for the user that fails under 2.4.9.
>>
>> --
>> Eric Covener
>> covener@xxxxxxxxx
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>



-- 
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux