Hi Eric, I have changed the permission level of the certificate presented to apache but still I have got no success.
Here are the logs from my apache. During Startup : ---------------------------------------- [Mon Sep 21 13:31:22 2009] [notice] LDAP: Built with OpenLDAP LDAP SDK [Mon Sep 21 13:31:22 2009] [notice] LDAP: SSL support available ---------------------------------------- During Access : ----------------------------------------- [Mon Sep 21 13:32:30 2009] [warn] [client 172.xx.xxx.xx] [10738] auth_ldap authenticate: user asimananda authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] ---------------------------------------- Here are the snapshots of my httpd.conf : ----------------------------------------------------------- LoadModule galad_ldap_module modules/galad.so -- -- -- -- -- LDAPTrustedCAType BASE64_FILE LDAPTrustedCA /certs/ca-cert.pem ----------------------------------------------------------- Here is the permission of ca-cert.pem (given 777 to make sure that there is no permission issue) #ls -lrt /certs/ca-cert.pem -rwxrwxrwx 1 root root 1387 Sep 21 13:26 /certs/ca-cert.pem Can this be an issue of certificate or something else? Regards Asimananda On Mon, Sep 21, 2009 at 9:51 AM, Asimananda Mohanty < asimananda.moha...@gmail.com> wrote: > Hi Eric, > Thanks for the reply. > In my case, the apache is built with openldap lib. I hope, in this case, it > shouldn't have shown any issues, please correct me if I am wrong. > > Regards > Asimananda > > > On Fri, Sep 18, 2009 at 4:43 PM, Eric Covener <cove...@gmail.com> wrote: > >> On Fri, Sep 18, 2009 at 1:55 AM, Asimananda Mohanty >> <asimananda.moha...@gmail.com> wrote: >> > Hi All, >> > I am a new member in this group. I am facing an issue regarding openLDAP >> > access from apache http server and here are the details. >> > 1. I have configured a openLDAP server configured with gnutls as can be >> seen >> > below : >> > ======================================== >> > ldd slapd >> > linux-gate.so.1 => (0xb7f6d000) >> > libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0xb7f19000) >> > liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb7f0b000) >> > libdb-4.7.so => /usr/lib/libdb-4.7.so (0xb7db6000) >> > libodbc.so.1 => /usr/lib/libodbc.so.1 (0xb7d4f000) >> > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 >> (0xb7d36000) >> > libslp.so.1 => /usr/lib/libslp.so.1 (0xb7d26000) >> > libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7d0d000) >> > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cf5000) >> > libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7c57000) >> > libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0xb7c45000) >> > libz.so.1 => /lib/libz.so.1 (0xb7c2f000) >> > libgcrypt.so.11 => /lib/libgcrypt.so.11 (0xb7bc6000) >> > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7b94000) >> > libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7b7d000) >> > libltdl.so.7 => /usr/lib/libltdl.so.7 (0xb7b74000) >> > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7b70000) >> > libwrap.so.0 => /lib/libwrap.so.0 (0xb7b67000) >> > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7a04000) >> > /lib/ld-linux.so.2 (0xb7f6e000) >> > libgpg-error.so.0 => /lib/libgpg-error.so.0 (0xb7a00000) >> > ======================================== >> > 2. I have my apache http server sitting on a solaris 10 x86 machine. The >> > httpd.conf details are below (related to LDAP). >> > ======================================== >> > <Location /> >> > SSLRequireSSL >> > AuthType Basic >> > AuthLDAPEnabled on >> > AuthLDAPUrl >> > >> ldap://xxx.xxx.xxx.xxx:389/dc=ldapcompany,dc=com?uid,AppAttr?sub?(AppAttr=*) >> > AuthLDAPBindDN cn=admin,dc=ldapcompany,dc=com >> > AuthLDAPBindPassword 12345678 >> > AuthName realm1 >> > Require valid-user >> > </Location> >> > ======================================== >> > 3. I need to access the application GUI through apache and the user >> > authentication happens through LDAP. AppAttr is an user defined >> attribute >> > that controls the kind of controls the user can see on the GUI, e.g. >> admin >> > user can see all the controls and so on. >> > 4. With the above settings in httpd.conf, the GUI access happens without >> any >> > issues. >> > 5. The time I change the "ldap" to "ldaps" in AuthLDAPUrl, GUI access >> > doesn't happen. >> >> Apache needs to be configured to trust the certificate presented by >> the LDAP server. See the cert-related directives in the manual. >> >> >> -- >> Eric Covener >> cove...@gmail.com >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> >
