Regarding OpenLDAP Access From Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi All,

I am a new member in this group. I am facing an issue regarding openLDAP access from apache http server and here are the details.

1. I have configured a openLDAP server configured with gnutls as can be seen below :

========================================

ldd slapd
        linux-gate.so.1 =>  (0xb7f6d000)
        libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0xb7f19000)
        liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb7f0b000)
        libdb-4.7.so => /usr/lib/libdb-4.7.so (0xb7db6000)
        libodbc.so.1 => /usr/lib/libodbc.so.1 (0xb7d4f000)
        libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7d36000)
        libslp.so.1 => /usr/lib/libslp.so.1 (0xb7d26000)
        libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7d0d000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cf5000)
        libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7c57000)
        libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0xb7c45000)
        libz.so.1 => /lib/libz.so.1 (0xb7c2f000)
        libgcrypt.so.11 => /lib/libgcrypt.so.11 (0xb7bc6000)
        libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7b94000)
        libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7b7d000)
        libltdl.so.7 => /usr/lib/libltdl.so.7 (0xb7b74000)
        libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7b70000)
        libwrap.so.0 => /lib/libwrap.so.0 (0xb7b67000)
        libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7a04000)
        /lib/ld-linux.so.2 (0xb7f6e000)
        libgpg-error.so.0 => /lib/libgpg-error.so.0 (0xb7a00000)

========================================

2. I have my apache http server sitting on a solaris 10 x86 machine. The httpd.conf details are below (related to LDAP).

========================================

                <Location />
                    SSLRequireSSL
                    AuthType Basic
                    AuthLDAPEnabled on
                    AuthLDAPUrl ldap://xxx.xxx.xxx.xxx:389/dc=ldapcompany,dc=com?uid,AppAttr?sub?(AppAttr=*)
                    AuthLDAPBindDN cn=admin,dc=ldapcompany,dc=com
                    AuthLDAPBindPassword 12345678
                    AuthName realm1
                    Require valid-user
                </Location>

========================================

3. I need to access the application GUI through apache and the user authentication happens through LDAP. AppAttr is an user defined attribute that controls the kind of controls the user can see on the GUI, e.g. admin user can see all the controls and so on.

4. With the above settings in httpd.conf, the GUI access happens without any issues.

5. The time I change the "ldap" to "ldaps" in AuthLDAPUrl, GUI access doesn't happen.

6. At first look, it may give an impression that SSL/TLS is not enabled on my openLDAP server. But this is not the case.

7. Here is the command that gives perfect result and that can happen only if SSL/TLS is enabled on the same.

========================================

ldapsearch -d8 -H ldaps://ldapcompany.com -b dc=ldapcompany,dc=com uid=asimananda

OR

ldapsearch -d8 -ZZ -H ldap://ldapcompany.com -b dc=ldapcompany,dc=com uid=asimananda

========================================

Both commands ask for a password and after the password is given, it shows the result without fail.

Either of the commands can be used i.e. with ldaps url OR ldap url with -ZZ option that forces TLS.

8. My issue is, if SSL/TLS is enabled on the openLDAP, why "ldaps" url doesn't work from apache?

Please help me resolving the issue.

Regards
Asimananda
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux