On 1/22/07, Darren Spruell <phatbuckett@xxxxxxxxx> wrote:
On 1/17/07, Darren Spruell <phatbuckett@xxxxxxxxx> wrote: > When trying to authenticate clients via a remote LDAP directory (using > mod_authz_ldap), we fail and the following is logged: > > [Wed Jan 17 14:57:14 2007] [warn] [client a.b.c.d] [32492] auth_ldap > authenticate: user xxxxxxxx authentication failed; URI /ldap/ > [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] > > The authentication attempt succeeds when standard LDAP is attempted, > but for security we require LDAPS. There are no connectivity issues > between Apache and the remote LDAPS service as we can successfully > test our operations using 'openssl s_client' and ldapsearch(1) without > issue. On this note, what would it take to get some more debugging enabled in mod_ldap around the certificate validation procedures?
Nevermind - I realized that I had been enabling debug under the wrong LogLevel directive - I see now that the ldap-related debugging is quite informative. Sorry for the noise... DS --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|