https://bz.apache.org/bugzilla/show_bug.cgi?id=42001
Hans Christian Holm <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |MOVED CC| |[email protected] Status|NEW |RESOLVED --- Comment #6 from Hans Christian Holm <[email protected]> --- (In reply to Venkat S from comment #0) > I am using built in apr-util with ldap support and using built in linked lib > for ldap. I get this error when i use ldaps:// however the ldap:// is fine, > pl > help us how can i resolve this issue > > ldap_set_option failed. Could not set LDAP_OPT_X_TLS to LDAP_OPT_X_TLS_HARD] > [Can't contact LDA > P server] > > I used following biniries to config http for ldap with ssl enable > > (a) apr-1.2.8.tar > (b)apr-util-1.2.8.tar > (c)openldap-2.3.34.tar > (d)openssl-0.9.8e.tar > (e)openldap-2.3.34.tar > (f) httpd-2.2.4.tar (In reply to Daniel A. from comment #1) > I can confirm this bug, using FreeBSD, openldap24, and otherwise similar > circumstances. (In reply to Eric Covener from comment #2) > can you confirm which SSL toolkit your ldap binaries are linked with via e.g > ldd? (In reply to Daniel A. from comment #3) > (In reply to comment #2) > > can you confirm which SSL toolkit your ldap binaries are linked with via e.g > > ldd? > > As the original submitter also said, everything here works perfectly as long > as i remove the "s" from "ldaps://". > There is no timeout, the failures are immediate. > SSL HTTP connections initiated TO the web server are fine too. > > I'm gonna try and see if it'll work with a newer openssl from ports, but > here's what I've been using so far: > > openldap-client-2.4.21 Open s > It's linked to the local libs, > /usr/local/libexec/apache22/mod_ldap.so: > libldap-2.4.so.7 => /usr/local/lib/libldap-2.4.so.7 (0x800b0c000) > libssl.so.5 => /usr/lib/libssl.so.5 (0x800c4a000) > libcrypto.so.5 => /lib/libcrypto.so.5 (0x800d94000) > liblber-2.4.so.7 => /usr/local/lib/liblber-2.4.so.7 (0x801026000) > libc.so.7 => /lib/libc.so.7 (0x800633000) > > 7.0-RELEASE-p3 FreeBSD... > # httpd -v > Server version: Apache/2.2.14 (FreeBSD) > Server built: Feb 1 2010 15:06:58 > # pkg_info|grep ldap > openldap-client-2.4.21 Open source LDAP client implementation > # openssl version > OpenSSL 0.9.8e 23 Feb 2007 > > > relevant snips from httpd.conf: > #Load LDAP certificate > LDAPTrustedGlobalCert CA_BASE64 /usr/local/etc/apache22/ldap_cert/<AD > Hostname>.CA.pem > > AuthName "Nagios Access" > AuthType Basic > AuthBasicProvider ldap > AuthzLDAPAuthoritative on > > AuthLDAPURL "ldap://<hostname>:3268 > <hostname>:3268/?sAMAccountName?sub?(objectClass=*)" > #AuthLDAPURL "ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*)" > #AuthLDAPURL "ldaps://<hostname>:3269/?sAMAccountName?sub?(objectClass=*)" > > AuthLDAPBindDN "CN=<cn>,OU=<ou>,OU=<ou>,OU=<ou>,DC=<dc>,DC=<dc>" > AuthLDAPBindPassword <pass> > Require valid-user > > [Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client > 192.168.64.101] [64980] auth_ldap authenticate: using URL > ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer: > https://nix01/side.html > [Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client > 192.168.64.101] [64980] auth_ldap authenticate: using URL > ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer: > https://nix01/side.html > [Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client > 192.168.64.101] [64980] auth_ldap authenticate: using URL > ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer: > https://nix01/side.html > [Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client > 192.168.64.101] [64980] auth_ldap authenticate: using URL > ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer: > https://nix01/side.html > [Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client > 192.168.64.101] [64980] auth_ldap authenticate: using URL > ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer: > https://nix01/side.html > [Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client > 192.168.64.101] [64980] auth_ldap authenticate: using URL > ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer: > https://nix01/side.html > [Thu Feb 04 10:31:05 2010] [debug] mod_authnz_ldap.c(377): [client > 192.168.64.101] [64980] auth_ldap authenticate: using URL > ldaps://<hostname>/?sAMAccountName?sub?(objectClass=*), referer: > https://nix01/side.html > [Thu Feb 04 10:31:05 2010] [warn] [client 192.168.89.101] [64980] auth_ldap > authenticate: user dak authentication failed; URI /nagios/cgi-bin/status.cgi > [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server], referer: > https://nix01/side.html (In reply to Daniel A. from comment #4) > Ok, now i've tried with OpenSSL 0.9.8e and it's still broken, exactly the > same way as before. (In reply to Daniel A. from comment #5) > Oops, sorry, I meant to say OpenSSL 0.9.8l -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
