Re: Regarding OpenLDAP Access From Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Eric,

I have changed the permission level of the certificate presented to apache but still I have got no success.

Here are the logs from my apache.

During Startup :
----------------------------------------

[Mon Sep 21 13:31:22 2009] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Mon Sep 21 13:31:22 2009] [notice] LDAP: SSL support available

----------------------------------------

During Access :
-----------------------------------------

[Mon Sep 21 13:32:30 2009] [warn] [client 172.xx.xxx.xx] [10738] auth_ldap authenticate: user asimananda authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

----------------------------------------

Here are the snapshots of my httpd.conf :

-----------------------------------------------------------

LoadModule  galad_ldap_module modules/galad.so

-- -- -- -- --

LDAPTrustedCAType BASE64_FILE
LDAPTrustedCA /certs/ca-cert.pem

-----------------------------------------------------------

Here is the permission of ca-cert.pem (given 777 to make sure that there is no permission issue)

#ls -lrt /certs/ca-cert.pem
-rwxrwxrwx   1 root     root        1387 Sep 21 13:26 /certs/ca-cert.pem


Can this be an issue of certificate or something else?

Regards
Asimananda

On Mon, Sep 21, 2009 at 9:51 AM, Asimananda Mohanty <asimananda.mohanty@xxxxxxxxx> wrote:
Hi Eric,

Thanks for the reply.
In my case, the apache is built with openldap lib. I hope, in this case, it shouldn't have shown any issues, please correct me if I am wrong.

Regards
Asimananda


On Fri, Sep 18, 2009 at 4:43 PM, Eric Covener <covener@xxxxxxxxx> wrote:
On Fri, Sep 18, 2009 at 1:55 AM, Asimananda Mohanty
<asimananda.mohanty@xxxxxxxxx> wrote:
> Hi All,
> I am a new member in this group. I am facing an issue regarding openLDAP
> access from apache http server and here are the details.
> 1. I have configured a openLDAP server configured with gnutls as can be seen
> below :
> ========================================
> ldd slapd
>         linux-gate.so.1 =>  (0xb7f6d000)
>         libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0xb7f19000)
>         liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb7f0b000)
>         libdb-4.7.so => /usr/lib/libdb-4.7.so (0xb7db6000)
>         libodbc.so.1 => /usr/lib/libodbc.so.1 (0xb7d4f000)
>         libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7d36000)
>         libslp.so.1 => /usr/lib/libslp.so.1 (0xb7d26000)
>         libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7d0d000)
>         libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cf5000)
>         libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7c57000)
>         libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0xb7c45000)
>         libz.so.1 => /lib/libz.so.1 (0xb7c2f000)
>         libgcrypt.so.11 => /lib/libgcrypt.so.11 (0xb7bc6000)
>         libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7b94000)
>         libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7b7d000)
>         libltdl.so.7 => /usr/lib/libltdl.so.7 (0xb7b74000)
>         libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7b70000)
>         libwrap.so.0 => /lib/libwrap.so.0 (0xb7b67000)
>         libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7a04000)
>         /lib/ld-linux.so.2 (0xb7f6e000)
>         libgpg-error.so.0 => /lib/libgpg-error.so.0 (0xb7a00000)
> ========================================
> 2. I have my apache http server sitting on a solaris 10 x86 machine. The
> httpd.conf details are below (related to LDAP).
> ========================================
>                 <Location />
>                     SSLRequireSSL
>                     AuthType Basic
>                     AuthLDAPEnabled on
>                     AuthLDAPUrl
> ldap://xxx.xxx.xxx.xxx:389/dc=ldapcompany,dc=com?uid,AppAttr?sub?(AppAttr=*)
>                     AuthLDAPBindDN cn=admin,dc=ldapcompany,dc=com
>                     AuthLDAPBindPassword 12345678
>                     AuthName realm1
>                     Require valid-user
>                 </Location>
> ========================================
> 3. I need to access the application GUI through apache and the user
> authentication happens through LDAP. AppAttr is an user defined attribute
> that controls the kind of controls the user can see on the GUI, e.g. admin
> user can see all the controls and so on.
> 4. With the above settings in httpd.conf, the GUI access happens without any
> issues.
> 5. The time I change the "ldap" to "ldaps" in AuthLDAPUrl, GUI access
> doesn't happen.

Apache needs to be configured to trust the certificate presented by
the LDAP server.  See the cert-related directives in the manual.


--
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux