Re: Regarding OpenLDAP Access From Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

In continuation to my below mails :

I snooped the packets and found that in case of "ldap" url, apache is sending bind request towards my ldap server whereas in case of "ldaps" url, no such bind request towards ldap server is seen.

Regards
Asimananda

On Mon, Sep 21, 2009 at 12:52 PM, Asimananda Mohanty <asimananda.mohanty@xxxxxxxxx> wrote:
Hi Eric,

I have changed the permission level of the certificate presented to apache but still I have got no success.

Here are the logs from my apache.

During Startup :
----------------------------------------

[Mon Sep 21 13:31:22 2009] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Mon Sep 21 13:31:22 2009] [notice] LDAP: SSL support available

----------------------------------------

During Access :
-----------------------------------------

[Mon Sep 21 13:32:30 2009] [warn] [client 172.xx.xxx.xx] [10738] auth_ldap authenticate: user asimananda authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

----------------------------------------

Here are the snapshots of my httpd.conf :

-----------------------------------------------------------

LoadModule  galad_ldap_module modules/galad.so

-- -- -- -- --

LDAPTrustedCAType BASE64_FILE
LDAPTrustedCA /certs/ca-cert.pem

-----------------------------------------------------------

Here is the permission of ca-cert.pem (given 777 to make sure that there is no permission issue)

#ls -lrt /certs/ca-cert.pem
-rwxrwxrwx   1 root     root        1387 Sep 21 13:26 /certs/ca-cert.pem


Can this be an issue of certificate or something else?

Regards
Asimananda

On Mon, Sep 21, 2009 at 9:51 AM, Asimananda Mohanty <asimananda.mohanty@xxxxxxxxx> wrote:
Hi Eric,

Thanks for the reply.
In my case, the apache is built with openldap lib. I hope, in this case, it shouldn't have shown any issues, please correct me if I am wrong.

Regards
Asimananda


On Fri, Sep 18, 2009 at 4:43 PM, Eric Covener <covener@xxxxxxxxx> wrote:
On Fri, Sep 18, 2009 at 1:55 AM, Asimananda Mohanty
<asimananda.mohanty@xxxxxxxxx> wrote:
> Hi All,
> I am a new member in this group. I am facing an issue regarding openLDAP
> access from apache http server and here are the details.
> 1. I have configured a openLDAP server configured with gnutls as can be seen
> below :
> ========================================
> ldd slapd
>         linux-gate.so.1 =>  (0xb7f6d000)
>         libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0xb7f19000)
>         liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb7f0b000)
>         libdb-4.7.so => /usr/lib/libdb-4.7.so (0xb7db6000)
>         libodbc.so.1 => /usr/lib/libodbc.so.1 (0xb7d4f000)
>         libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7d36000)
>         libslp.so.1 => /usr/lib/libslp.so.1 (0xb7d26000)
>         libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7d0d000)
>         libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cf5000)
>         libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7c57000)
>         libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0xb7c45000)
>         libz.so.1 => /lib/libz.so.1 (0xb7c2f000)
>         libgcrypt.so.11 => /lib/libgcrypt.so.11 (0xb7bc6000)
>         libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7b94000)
>         libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7b7d000)
>         libltdl.so.7 => /usr/lib/libltdl.so.7 (0xb7b74000)
>         libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7b70000)
>         libwrap.so.0 => /lib/libwrap.so.0 (0xb7b67000)
>         libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7a04000)
>         /lib/ld-linux.so.2 (0xb7f6e000)
>         libgpg-error.so.0 => /lib/libgpg-error.so.0 (0xb7a00000)
> ========================================
> 2. I have my apache http server sitting on a solaris 10 x86 machine. The
> httpd.conf details are below (related to LDAP).
> ========================================
>                 <Location />
>                     SSLRequireSSL
>                     AuthType Basic
>                     AuthLDAPEnabled on
>                     AuthLDAPUrl
> ldap://xxx.xxx.xxx.xxx:389/dc=ldapcompany,dc=com?uid,AppAttr?sub?(AppAttr=*)
>                     AuthLDAPBindDN cn=admin,dc=ldapcompany,dc=com
>                     AuthLDAPBindPassword 12345678
>                     AuthName realm1
>                     Require valid-user
>                 </Location>
> ========================================
> 3. I need to access the application GUI through apache and the user
> authentication happens through LDAP. AppAttr is an user defined attribute
> that controls the kind of controls the user can see on the GUI, e.g. admin
> user can see all the controls and so on.
> 4. With the above settings in httpd.conf, the GUI access happens without any
> issues.
> 5. The time I change the "ldap" to "ldaps" in AuthLDAPUrl, GUI access
> doesn't happen.

Apache needs to be configured to trust the certificate presented by
the LDAP server.  See the cert-related directives in the manual.


--
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux