Hi, In continuation to my below mails : I snooped the packets and found that in case of "ldap" url, apache is sending bind request towards my ldap server whereas in case of "ldaps" url, no such bind request towards ldap server is seen.
Regards Asimananda On Mon, Sep 21, 2009 at 12:52 PM, Asimananda Mohanty < asimananda.moha...@gmail.com> wrote: > Hi Eric, > I have changed the permission level of the certificate presented to apache > but still I have got no success. > > Here are the logs from my apache. > > During Startup : > ---------------------------------------- > > [Mon Sep 21 13:31:22 2009] [notice] LDAP: Built with OpenLDAP LDAP SDK > [Mon Sep 21 13:31:22 2009] [notice] LDAP: SSL support available > > ---------------------------------------- > > During Access : > ----------------------------------------- > > [Mon Sep 21 13:32:30 2009] [warn] [client 172.xx.xxx.xx] [10738] auth_ldap > authenticate: user asimananda authentication failed; URI / [LDAP: > ldap_simple_bind_s() failed][Can't contact LDAP server] > > ---------------------------------------- > > Here are the snapshots of my httpd.conf : > > ----------------------------------------------------------- > > LoadModule galad_ldap_module modules/galad.so > > -- -- -- -- -- > > LDAPTrustedCAType BASE64_FILE > LDAPTrustedCA /certs/ca-cert.pem > > ----------------------------------------------------------- > > Here is the permission of ca-cert.pem (given 777 to make sure that there is > no permission issue) > > #ls -lrt /certs/ca-cert.pem > -rwxrwxrwx 1 root root 1387 Sep 21 13:26 /certs/ca-cert.pem > > > Can this be an issue of certificate or something else? > > Regards > Asimananda > > On Mon, Sep 21, 2009 at 9:51 AM, Asimananda Mohanty < > asimananda.moha...@gmail.com> wrote: > >> Hi Eric, >> Thanks for the reply. >> In my case, the apache is built with openldap lib. I hope, in this case, >> it shouldn't have shown any issues, please correct me if I am wrong. >> >> Regards >> Asimananda >> >> >> On Fri, Sep 18, 2009 at 4:43 PM, Eric Covener <cove...@gmail.com> wrote: >> >>> On Fri, Sep 18, 2009 at 1:55 AM, Asimananda Mohanty >>> <asimananda.moha...@gmail.com> wrote: >>> > Hi All, >>> > I am a new member in this group. I am facing an issue regarding >>> openLDAP >>> > access from apache http server and here are the details. >>> > 1. I have configured a openLDAP server configured with gnutls as can be >>> seen >>> > below : >>> > ======================================== >>> > ldd slapd >>> > linux-gate.so.1 => (0xb7f6d000) >>> > libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0xb7f19000) >>> > liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb7f0b000) >>> > libdb-4.7.so => /usr/lib/libdb-4.7.so (0xb7db6000) >>> > libodbc.so.1 => /usr/lib/libodbc.so.1 (0xb7d4f000) >>> > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 >>> (0xb7d36000) >>> > libslp.so.1 => /usr/lib/libslp.so.1 (0xb7d26000) >>> > libnsl.so.1 => /lib/tls/i686/cmov/libnsl.so.1 (0xb7d0d000) >>> > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cf5000) >>> > libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0xb7c57000) >>> > libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0xb7c45000) >>> > libz.so.1 => /lib/libz.so.1 (0xb7c2f000) >>> > libgcrypt.so.11 => /lib/libgcrypt.so.11 (0xb7bc6000) >>> > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7b94000) >>> > libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 >>> (0xb7b7d000) >>> > libltdl.so.7 => /usr/lib/libltdl.so.7 (0xb7b74000) >>> > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7b70000) >>> > libwrap.so.0 => /lib/libwrap.so.0 (0xb7b67000) >>> > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7a04000) >>> > /lib/ld-linux.so.2 (0xb7f6e000) >>> > libgpg-error.so.0 => /lib/libgpg-error.so.0 (0xb7a00000) >>> > ======================================== >>> > 2. I have my apache http server sitting on a solaris 10 x86 machine. >>> The >>> > httpd.conf details are below (related to LDAP). >>> > ======================================== >>> > <Location /> >>> > SSLRequireSSL >>> > AuthType Basic >>> > AuthLDAPEnabled on >>> > AuthLDAPUrl >>> > >>> ldap://xxx.xxx.xxx.xxx:389/dc=ldapcompany,dc=com?uid,AppAttr?sub?(AppAttr=*) >>> > AuthLDAPBindDN cn=admin,dc=ldapcompany,dc=com >>> > AuthLDAPBindPassword 12345678 >>> > AuthName realm1 >>> > Require valid-user >>> > </Location> >>> > ======================================== >>> > 3. I need to access the application GUI through apache and the user >>> > authentication happens through LDAP. AppAttr is an user defined >>> attribute >>> > that controls the kind of controls the user can see on the GUI, e.g. >>> admin >>> > user can see all the controls and so on. >>> > 4. With the above settings in httpd.conf, the GUI access happens >>> without any >>> > issues. >>> > 5. The time I change the "ldap" to "ldaps" in AuthLDAPUrl, GUI access >>> > doesn't happen. >>> >>> Apache needs to be configured to trust the certificate presented by >>> the LDAP server. See the cert-related directives in the manual. >>> >>> >>> -- >>> Eric Covener >>> cove...@gmail.com >>> >>> --------------------------------------------------------------------- >>> The official User-To-User support forum of the Apache HTTP Server >>> Project. >>> See <URL:http://httpd.apache.org/userslist.html> for more info. >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> " from the digest: users-digest-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: users-h...@httpd.apache.org >>> >>> >> >
