[users@httpd] LDAPS authentication failure in Apache2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am running apache2-2.0.54 under Debian sarge on a PIII,
with the following modules enabled: auth_ldap.load, cgid.load,
ssl.load.  All works fine for both http:// and https:// access.

Cleartext LDAP (ldap://) authentication works fine, too,

  httpd.conf:LDAPSharedCacheFile /tmp/mod_ldap_cache.tmp
  sites-enabled/000-default:      AuthLDAPBindDN "cn=ugradgrant,ou=pwcheck,dc=northwestern,dc=edu"
  sites-enabled/000-default:      AuthLDAPBindPassword "############"
  sites-enabled/000-default:      AuthName "LDAP-Authenticated URGC Reviews"
  sites-enabled/000-default:      AuthLDAPURL "ldap://ldap2.itcs.northwestern.edu/dc=northwestern,dc=edu?nuIdTag?sub?";
  sites-enabled/000-default:      AuthLDAPBindDN "cn=ugradgrant,ou=pwcheck,dc=northwestern,dc=edu"

with success recorded in the Apache2 log as follows:

  [debug] /home/adconrad/build/apache2/security/sarge/apache2-2.0.54/build-tree/apache2/modules/experimental/mod_auth_ldap.c(337): [client 172.171.211.47] [4521] auth_ldap authenticate: using URL ldap://ldap2.itcs.northwestern.edu/dc=northwestern,dc=edu?nuIdTag?sub? 
  [debug] /home/adconrad/build/apache2/security/sarge/apache2-2.0.54/build-tree/apache2/modules/experimental/mod_auth_ldap.c(411): [client 172.171.211.47] [4521] auth_ldap authenticate: accepting crb177

However, LDAP authentication via SSL (ldaps://) fails in a strange way,
  
  httpd.conf:LDAPTrustedCA /usr/lib/apache2/Cert/verisign-bundleca.crt
  httpd.conf:LDAPTrustedCAType   BASE64_FILE
  sites-enabled/000-default:      AuthLDAPURL "ldaps://ldap2.itcs.northwestern.edu/dc=northwestern,dc=edu?nuIdTag?sub?"

with failure recorded in the Apache2 log as follows:

  [debug] /home/adconrad/build/apache2/security/sarge/apache2-2.0.54/build-tree/apache2/modules/experimental/mod_auth_ldap.c(337): [client 172.171.211.47] [4524] auth_ldap authenticate: using URL ldaps://ldap2.itcs.northwestern.edu/dc=northwestern,dc=edu?nuIdTag?sub?
  [warn] [client 172.171.211.47] [4524] auth_ldap authenticate: user crb177 authentication failed; URI /ldaps/ [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

while the LDAPS server log records a momentary connection:

  [14/Oct/2005:11:57:59 -0500] conn=356483 op=-1 msgId=-1 - fd=76 slot=76 
  LDAPS connection from 129.105.129.105 to 129.105.117.27
  [14/Oct/2005:11:57:59 -0500] conn=356483 op=-1 msgId=-1 - SSL 128-bit RC4
  [14/Oct/2005:11:57:59 -0500] conn=356483 op=-1 msgId=-1 - closing - B1
  [14/Oct/2005:11:57:59 -0500] conn=356483 op=-1 msgId=-1 - closed.

without apparent binding.

Any suggestions as to why ldaps:// authentication alone is failing?

Craig

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux