Re: apache 2.2 - mod_authnz_ldap with SSL/TLS in chrootdir

[Luca Toscano <toscano.luca@xxxxxxxxx>]

Hi Andy,

2016-11-02 16:24 GMT+01:00 Speagle, Andy <andy.speagle@xxxxxxxxxxx>:

Hi Folks,

 

I’m having some issues getting SSL or TLS working with mod_authnz_ldap in my chroot’ed Apache 2.2 server on RHEL 6.8 … it works without SSL just fine.  I’m using the built-in “ChrootDir” directive with Apache.  I seem to have all of the libraries, binaries and things in the chroot jail that Apache uses… but, I can’t seem to get it to work… and I kinda need to know how best to troubleshoot this to figure out where the problem lies.

 

Inside and outside the chroot jail I can use ldapsearch with SSL just fine… so, I know the system can connect… I’m just getting tripped up on why Apache can’t connect.  I get this very generic error in the logs:

 

[LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

 

I have the global loglevel set to debug… but, this really isn’t giving me much insight into the mod_authnz_ldap internals.  Can that be turned up?

 

Any help would be appreciated.

 

(just to have more info) have you followed https://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#usingssl setting all the required directives? 

What I'd try: 

1) Same config without the ChrootDir to see if anything changes.

2) A recent 2.4 version and Loglevel set to trace8.

3) GDB might help (https://httpd.apache.org/dev/debugging.html#gdb) but it requires digging into the source code.

If you want more people to help you could also send us the whole httpd configuration plus what you see in the error logs (not only the line reported above).

Hope that helps!

Luca