RE: mod_ldap rejecting apparently valid server certificate for secure ldap against active directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I guess I should probably have mentioned that I did use ldp.exe to check
the connection without any issues.  The Windows Crypto Shell Extensions
also reported that the certificate was valid.

Thanks,
Paul Scheible

-----Original Message-----
From: Eric Covener [mailto:covener@xxxxxxxxx] 
Sent: Friday, March 14, 2008 8:46 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  mod_ldap rejecting apparently valid server
certificate for secure ldap against active directory

On Thu, Mar 13, 2008 at 12:02 PM, Scheible, Paul <scheible@xxxxxxxxxxx>
wrote:
>  Finally, WebSphere Application Server
>  running on an iSeries machine and a WinXP machine was able to use the
>  new certificate to establish a secure connection.  (Hence, the
comment
>  that the certificate was apparently valid.)

Ideally, you'd want to test with something that hooks into the same
ldap/ssl libs picked up by apache. Perhaps ldp.exe on the affected
system.

Very peculiar that the different failing version of apache seem to
have the tcp connection closed from opposite directions -- for me
that's the only real thing that doesn't mesh.

Vista+ has a mechanism for doing LDAP tracing, but I don't know if
there's a less flexible trace available in earlier versions:
http://msdn2.microsoft.com/en-us/library/aa366152.aspx


-- 
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux