RE: Apache/2.2.8 authenticate LDAP AD SSL or TLS - ubuntu(debian)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Simon
 
I know exactly what you are referring to as I have attempted to
configure the same authentication (I seem to remember it was with Apache
2.2.6).
 
Unfortunately, when I tried it, LDAPS authentication with Apache
resulted in segfaults.
 
If you have managed to get things working over plain LDAP (port 389)
then you are nearly there...
 
All you have to do is change the protocol and port and Apache should do
the rest
 
Of course you need to configure AD for the SSL/TLS encryption...
 
http://lmgtfy.com/?q=active+directory+ldaps
 
 

________________________________

From: Simon Walter <simon.walter@xxxxxxxxxxxxxxxxxx> [mailto:Simon
Walter <simon.walter@xxxxxxxxxxxxxxxxxx>] 
Sent: 19 November 2009 08:16
To: users@xxxxxxxxxxxxxxxx
Subject:  Apache/2.2.8 authenticate LDAP AD SSL or TLS -
ubuntu(debian)


Hi all, 

This is my first message to the list. Greetings. 

First off I'll start by saying that I've scoured the search engines and 
searched this list and found only bits and pieces. I'm not going to 
report any problems right away. 

My questions is: Does anyone know of a document that describes what I 
need to make Apache authenticate via LDAP over SSL or TLS connecting to 
a MS AD server? 

I've able to do this successfully with plaintext (no SSL or TLS). 
However I get warnings on my AD server saying that it is a security
risk. 

I'm don't know much about Windows, and I could have a problem with the 
AD server and would like to know how I can test that. I've tried to 
connect to the AD server with JXplorer and LDAPExplorertool2 and have 
failed with SSL and TLS. I also tried using ldapsearch and got an error:
"ldap_sasl_interactive_bind_s: Unknown authentication method" Then I 
installed the package for gssapi "libsasl2-modules-gssapi-heimdal". Now 
I get a different error: 
"SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local 
error (-2)" 

I'm not sure what types of connections MS AD supports: SSL, TLS, SASL...
??? How can I know for sure that the server side is fine? 

Anyway, If someone can show me a working apache config and or a document
which describes what I need to do to get this setup working, I'd be very
grateful. 

I'll reply once I've tried all your suggestions. 

Thanks for your help. 

Simon 


--------------------------------------------------------------------- 
The official User-To-User support forum of the Apache HTTP Server
Project. 
See < URL:http://httpd.apache.org/userslist.html> for more info. 
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx 
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx 
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx 


______________________________________________________________________ 
This email has been scanned by the MessageLabs Email Security System. 
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________ 


______________________________________________________________________
This e-mail and any attached files are intended for the named addressee only. It contains information, which may be confidential and legally privileged and also protected by copyright. Unless you are the named addressee (or authorised to receive for the addressee) you may not copy or use it, or disclose it to anyone else. If you received it in error please notify the sender immediately and then delete it from your system. Please be advised that the views and opinions expressed in this e-mail may not reflect the views and opinions of Associated Newspapers Limited or any of its subsidiary companies. We make every effort to keep our network free from viruses. However, you do need to check this e-mail and any attachments to it for viruses as we can take no responsibility for any computer virus which may be transferred by way of this e-mail. Use of this or any other e-mail facility signifies consent to any interception we might lawfully carry out to prevent abuse of these faciliti
 es.
Associated Newspapers Ltd. Registered Office: Northcliffe House, 2 Derry St, Kensington, London, W8 5TT. Registered No 84121 England.

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux