Re: SSL LDAP Connections on Win32

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: SSL LDAP Connections on Win32
From: "Harry Holt" <harryholt@xxxxxxxxx>
Date: Wed, 27 Feb 2008 21:52:44 -0500
In-reply-to: <7c8072a00802261012n33555d08ydead0d60f94e53a1@xxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

I have tried this same configuration on Windows Server 2003, as well as Windows XP workstation. The results are essentially the same, but the error is different:

[warn] [client 127.0.0.1] [3312] auth_ldap authenticate: user lizard authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Server Down]

... which actually seems less accurate, as the server isn't down - it just won't start an SSL connection. When trying to connect through to an openLDAP server, it only give a

TLS accept failure error=-1

I assume this means that it tried to establish a connection over TLS/SSL, but the client (Apache ldap_mod) refused to cooperate. Looks like I'm stuck.

Thx... HH

On Tue, Feb 26, 2008 at 1:12 PM, Harry Holt <harryholt@xxxxxxxxx> wrote:

On Tue, Feb 26, 2008 at 12:41 PM, Udo Rader <udo.rader@xxxxxxxxxxxxxxx> wrote:

On Tue, 2008-02-26 at 12:35 -0500, Harry Holt wrote:
> Okay, apparently, with the binary distribution of Apache 2.2 for
> Win32, it is not possible to initialize an SSL connection to an LDAP
> server using mod_ldap and mod_authnz_ldap.
>
> During startup I get:
>
> [info] LDAP: SSL support unavailable: LDAP: CA certificates cannot be
> set using this method, as they are stored in the registry instead.
>
> And if I try to initiate an SSL connection with an LDAP server I get:
>
> [warn] [client 127.0.0.1] [8048] auth_ldap authenticate: user vec02
> authentication failed; URI /svn [LDAP: an attempt to set LDAP_OPT_SSL
> on failed.][Parameter Error]
>
> So, my questions:
>
> Am I crazy or is LDAP over SSL just not supported for this
> distribution? and
>
> If I'm not crazy, is there a binary distribution of aprutil-1.dll that
> will support this (that anyone knows of) or will I have to figure out
> how to compile it myself?
>
> I appreciate any info and pointers.

... maybe you should start by posting some configuration excerpts?

--
Udo Rader

bestsolution.at EDV Systemhaus GmbH
http://www.bestsolution.at

>

--
Harry Holt, PMP

Follow-Ups:
- Re: SSL LDAP Connections on Win32
  - From: Eric Covener

References:
- SSL LDAP Connections on Win32
  - From: Harry Holt
- Re: SSL LDAP Connections on Win32
  - From: Udo Rader
- Re: SSL LDAP Connections on Win32
  - From: Harry Holt

Prev by Date: Re: mod_rewrite question - How to avoid Apache's 301 redirect to add trailing slash?
Next by Date: Re: mod_rewrite question - How to avoid Apache's 301 redirect to add trailing slash?
Previous by thread: Re: SSL LDAP Connections on Win32
Next by thread: Re: SSL LDAP Connections on Win32
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]

Powered by Linux