Please disregard this. yum update decided to pull one of these on me: drwx------ 2 root root 4096 May 19 16:27 ssl.crt after enough greping through strace logs on apache children procs, I was able to determine that a stupid permissions issue was the root of my problems. Cheers, - sf Steve Finkelstein wrote: > Hi all, > > I'm running Apache 2.0.52 with mod_auth_ldap on a CentOS 4.5 box. PAM is > properly configured to authenticate against LDAP and I can successfully > query the LDAP server. > > Now when I'm trying to authenticate against LDAP with mod_auth_ldap I > receive the following in my error_log: > > [Wed May 23 23:47:26 2007] [debug] mod_auth_ldap.c(308): [client > 10.8.20.2] [21819] auth_ldap authenticate: using URL > ldaps://bar.foo.com/ou=staff,dc=foo,dc=com?uid > [Wed May 23 23:47:26 2007] [warn] [client 10.8.20.2] [21819] auth_ldap > authenticate: user sf authentication failed; URI /proto/trunk [LDAP: > ldap_simple_bind_s() failed][Can't contact LDAP server] > > Here's the relevant excerpt in my configs. First, since my LDAP server > is using SSL, I have the following mod_ldap directives in httpd.conf: > > LDAPTrustedCA /etc/httpd/conf/ssl.crt/ca.pem > LDAPTrustedCAType BASE64_FILE > > .. and just to verify the ca file: > > -r--r--r-- 1 nobody root 1354 Apr 16 17:50 /etc/httpd/conf/ssl.crt/ca.pem > > my virtualhost.conf has the following excerpt: > > <VirtualHost *:80> > ServerName svn.foo.com > LogLevel debug > <Location /> > DAV svn > SVNParentPath /opt/svn/ > AuthLDAPEnabled on > AuthType Basic > AuthName "Authorized Users ONLY!" > AuthLDAPAuthoritative on > AuthLDAPURL "ldaps://bar.foo.com/ou=staff,dc=foo,dc=com?uid" > require valid-user > Order mutual-failure > Allow from 10.8.12.14/32 > Satisfy any > </Location> > CustomLog logs/svn-access_log common > </VirtualHost> > > Thank you kindly for any insight anyone might be able to offer me. > > - sf > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > !DSPAM:1020,4655136625191342210631! > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|