I solved the problem with mod_auth_ldap not working. I had set up everything in a SuSE Vserver, and all I got was:[Wed Feb 02 15:02:43 2005] [warn] [client eee.fff.ggg.hhh] [13851] auth_ldap authenticate: user thisuser authentication failed; URI /private [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
I had it set up on a 2.0.46 Apache that came with the old SuSE version
I used and also tried a spanking new 2.0.52, built from scratch.
One of our students got it running.
Here is what he tweaked to get it working:
- you need to set LDAPTrustedCA and LDAPTrustedCAType
- former needs to point to a BSE64 encoded certificate of the server
to be contacted
- latter needs to be 'BASE64_FILE'
- you can see that this is correctly set up by the startup message
in error_log stating
[Wed Apr 27 11:46:18 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Wed Apr 27 11:46:18 2005] [notice] LDAP: SSL support available
if this still doesn't let you authenticate, try editing
- /etc/openldap/ldap.conf
- TLS_REQCERT never
This is what made my day after months of argling about not being able
to get clear debugging: Neither strace nor turning up Apache's loglevel
wielded any reasonable output.
I hope this can help someone out there not get as frustrated about this
as me.
Kind regards,
Mike Fischer
--
Fraunhofer Gesellschaft e.V.
IPSI.ITI
Dolivostr. 15
64293 Darmstadt
Telefon: 06151 / 869 - 845
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|