- php was *not* compiled with ldap options - php was loaded *before* mod_ldap and modp_authnz_ldapA simple solution was to import mod_{authnz,}_ldap before php. The right solution though is to add
--with-ldap-sasl --with-ldapconfigure options to php. After that, in any order the above modules are imported, apache and LDAP can communicate and authenticate users.
Thanks, Sandro Sandro Tosi wrote:
Hello,we are enabling LDAP auth on our apache stack. Starting from apache/2.2.9+php/5.2.8 we are upgrading to apache/2.2.14+php/5.2.11 .The configure line we used for apache is:$ ./configure --prefix=/usr/local/apache --mandir=/path/to/man --with-ssl=/path/to/openssl-0.9.8g-16052008 --enable-mods-shared=all --enable-ssl --enable-so --with-ldap --enable-authnz-ldap --enable-ldapand the one for php is:./configure --prefix=/usr/local/php --mandir=/usr/local/php/man --with-mysql=/path/to/mysql --with-apxs2=/usr/local/apache/bin/apxs --with-oci8=/shared/oracle/OraHome1 --with-curl --with-mhash --with-imap=/path/to/imap-2007b --with-openssl --with-gd --with-zlib --with-ttf --with-t1lib --with-mcrypt=/path/to/libmcrypt --enable-shared=max --enable-mbstring --enable-inline-optimization --enable-magic-quotes --enable-sigchild --enable-soap --enable-gd-native-ttf --with-jpeg-dir=/usr/lib --with-xpm-dir=/usr/lib --with-png-dir=/usr/lib --with-freetype-dir=/usr/libBuild and install went fine.We also installed openldap-client-2.3.27 and set "TLS_REQCERT never" into /etc/openldap/ldap.conf .And now starts the problem :( We configured httpd.conf to contain LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so ... LDAPVerifyServerCert Off Then we set a dir with .htaccess similar to this: AuthType Basic AuthName "<name>" AuthBasicProvider ldap AuthzLDAPAuthoritative Off AuthLDAPBindDN uid=<uid>,ou=<ou>,ou=<ou>,dc=<dc>,dc=<dc> AuthLDAPBindPassword <pwd> AuthLDAPURL ldaps://<address>/dc=<dc>,dc=<dc>?uid?sub?(objectClass=*) require valid-userIf I then try to access a page under that .htaccess, then I'm prompted for username and password, but then I'm redirected to a 500 page and in error.log I can read[Mon Nov 02 10:59:38 2009] [warn] [client 127.0.0.1] [10522] auth_ldap authenticate: user stosi authentication failed; URI /index.html [LDAP: ldap_set_option failed. Could not set LDAP_OPT_X_TLS to LDAP_OPT_X_TLS_HARD][Operations error]We are stuck in this situation since days :( we searched the internet for the above error message, but except for a couple of posts on issues.apache.org (that don't help) there is nothing else but complains about how obscure that error is.I think there's something related to SSL and how recent apache (it seems from 2.2.12?) handle it: in fact, we had to move SSLCertificateFile into httpd.conf and set explicitly "SSLEngine On" where needed (while before it was a bit implicitly).I appreciate any help, cause we are out of any idea on how to move on. Regards, Sandro --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|