Hi all,
I'm running Apache 2.0.52 with mod_auth_ldap on a CentOS 4.5 box. PAM is
properly configured to authenticate against LDAP and I can successfully
query the LDAP server.
Now when I'm trying to authenticate against LDAP with mod_auth_ldap I
receive the following in my error_log:
[Wed May 23 23:47:26 2007] [debug] mod_auth_ldap.c(308): [client
10.8.20.2] [21819] auth_ldap authenticate: using URL
ldaps://bar.foo.com/ou=staff,dc=foo,dc=com?uid
[Wed May 23 23:47:26 2007] [warn] [client 10.8.20.2] [21819] auth_ldap
authenticate: user sf authentication failed; URI /proto/trunk [LDAP:
ldap_simple_bind_s() failed][Can't contact LDAP server]
Here's the relevant excerpt in my configs. First, since my LDAP server
is using SSL, I have the following mod_ldap directives in httpd.conf:
LDAPTrustedCA /etc/httpd/conf/ssl.crt/ca.pem
LDAPTrustedCAType BASE64_FILE
.. and just to verify the ca file:
-r--r--r-- 1 nobody root 1354 Apr 16 17:50 /etc/httpd/conf/ssl.crt/ca.pem
my virtualhost.conf has the following excerpt:
<VirtualHost *:80>
ServerName svn.foo.com
LogLevel debug
<Location />
DAV svn
SVNParentPath /opt/svn/
AuthLDAPEnabled on
AuthType Basic
AuthName "Authorized Users ONLY!"
AuthLDAPAuthoritative on
AuthLDAPURL "ldaps://bar.foo.com/ou=staff,dc=foo,dc=com?uid"
require valid-user
Order mutual-failure
Allow from 10.8.12.14/32
Satisfy any
</Location>
CustomLog logs/svn-access_log common
</VirtualHost>
Thank you kindly for any insight anyone might be able to offer me.
- sf
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|