> -----Message d'origine----- > De : Sandro Tosi [mailto:sandro.tosi@xxxxxxxxxxx] > Envoyé : lundi 2 novembre 2009 12:01 > À : users@xxxxxxxxxxxxxxxx > Objet : Re: LDAP: ldap_set_option failed. Could not set > LDAP_OPT_X_TLS to LDAP_OPT_X_TLS_HARD > > Emmanuel Bailleul wrote: > > Hi, > > > > Did you try your LDAPS connection with ldapsearch first ? (sth like > ldapsearch -H <ldaps url> -x ...). > > > Sorry I didn't mentioned: yes, I have tested, and with ldapsearch it > works fine (using the name address and not the IP address) > > An important thing : when calling your ldap server, do use the > resolved name rather than the IP. You can even add it in your hosts > file if needed. > > > I use the name address and not the IP address. Do you think that's the > problem? I think it doesn't even try to connect to the ldap server. > Anyhow, I gave it a try, and same error come. > > Two other things : > > - what king of ldap server are u using ? > > > it's "OpenLDAP server (slapd) version 2.4.11-1" (Debian Lenny). > > - when building, are you sure you did not have several ssl > toolkits/versions installed ? Can you confirm httpd has been built with > the correct one (I just remember having made this mistake once and > having to build with an option like "--with-ssl=<path-to-the-right- > openssl-dir") ? > I actually used "--with-ssl=/path/to/openssl-0.9.8g-16052008". But, > hey, > now that I look at it, in the error.log I see: > > [Mon Nov 02 11:26:54 2009] [info] mod_ssl/2.2.14 compiled against > Server: Apache/2.2.14, Library: OpenSSL/0.9.7e > > WTH?! why is using 0.9.7e while I told him to link against 0.9.8g? > > Infact > > # strings modules/mod_ssl.so | grep '0.9.7' | wc -l > 33 > > Could that be the problem? Any suggestion how to fix that? Other to > look? > > Thanks a lot, > Sandro > I don't think that how mod_ssl was built has anything to do with your ldaps problems, but as you could see in https://issues.apache.org/bugzilla/show_bug.cgi?id=41041 , the error you mentioned could clearly be due to different libs used at compile time and at run time. Maybe you could try to follow the suggestions described in this thread in order to recompile mod_authnz_ldap with the original openssl toolkit ? Emmanuel --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|