Scheible, Paul wrote:
I have a couple of apache web server installations that have been unable to connect to an Active Directory server after its certificate was renewed. The two installations I attempted to use were versions 2.0.59 and 2.2.8 both installed on Windows (Win2003 Server and WinXPSP2,respectively). [...] I also know that both the server certificate and the root certificate had to be renewed.
On a /default/ windows build, such as shipped by the ASF, the ldap auth uses the WLDAP32 API from Microsoft itself. It sounds like MS's LDAP was throwing away the invalid connection because it did not recognize the root cert or it's CA chain as authoritative. Note; there are several bug fixes on apr trunk/1.2.x and httpd trunk/2.2.x proposed for backport to the next release related to MS LDAP.
The owners of the AD server finally reissued the root certificate and the original Apache configurations worked without a problem. At this point, we have something working but we would very much like to know what happened and why. Can anyone shed some light on this?
Well; it's also possible it was invalid, and the other LDAP servers were simply more permissive. Bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|