Here is my conf.d/dir_access.conf

LDAPTrustedCA /etc/httpd/conf/ssl.crt/server.crt
LDAPTrustedCAType BASE64_FILE

<Location /mypath>
AuthLDAPAuthoritative On
AuthLDAPEnabled On
AuthType Basic
AuthName "LDAP Login"
AuthLDAPURL
"ldaps://ldap.example.com:636/ou=users,dc=example,dc=com?uid ?sub"
require valid-user
</Location>

And my /etc/openldap/ldap.conf to disable all certificate validation
checks

TLS_REQCERT never

My error messages looks as follows :

[Tue Dec 05 23:30:11 2006] [notice] Apache/2.0.52 (Red Hat) configured
-- resuming normal operations
[Tue Dec 05 23:30:18 2006] [warn] [client xxx.xxx.xxx.xxx] [28729]
auth_ldap authenticate: user astokes authentication failed; URI
/mypath/ [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

Is this still an issue with TLS? I am able to manually bind over ssl as
my user using ldapsearch setting both TLS_REQCERT allow/never, but
apache is failing and I am at a loss why :(

Any suggestions?

One more thing, I've tested this over non-ssl and it works like a
champ.

On Dec 5, 11:47 pm, "Adam Stokes" <adam.sto... [at] gmail.com> wrote:
> Here is my conf.d/dir_access.conf
>
> LDAPTrustedCA /etc/httpd/conf/ssl.crt/server.crt
> LDAPTrustedCAType BASE64_FILE
>
> <Location /mypath>
> AuthLDAPAuthoritative On
> AuthLDAPEnabled On
> AuthType Basic
> AuthName "LDAP Login"
> AuthLDAPURL
> "ldaps://ldap.example.com:636/ou=users,dc=example,dc=com?uid ?sub"
> require valid-user
> </Location>
>
> And my /etc/openldap/ldap.conf to disable all certificate validation
> checks
>
> TLS_REQCERT never
>
> My error messages looks as follows :
>
> [Tue Dec 05 23:30:11 2006] [notice] Apache/2.0.52 (Red Hat) configured
> -- resuming normal operations
> [Tue Dec 05 23:30:18 2006] [warn] [client xxx.xxx.xxx.xxx] [28729]
> auth_ldap authenticate: user astokes authentication failed; URI
> /mypath/ [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
>
> Is this still an issue with TLS? I am able to manually bind over ssl as
> my user using ldapsearch setting both TLS_REQCERT allow/never, but
> apache is failing and I am at a loss why :(
>
> Any suggestions?

Post removed (X-No-Archive: yes)

On Dec 6, 2:58 am, Davide Bianchi <davideyeahs... [at] onlyforfun.net>
wrote:
> On 2006-12-06, Adam Stokes <adam.sto... [at] gmail.com> wrote:
>
> > Any suggestions?Which ldap_auth module are you using? There are many and most of them
> aren't supported by the Apache group, so I'd suggest you to ask the
> mantainer/programmer of that module.
>
Hey Davide,

Thanks for your reply this was the mod_auth_ldap which is provided in a
default install of apache 2.0 on RHEL.

However, I did figure out the problem though, unfortunately, I couldn't
get apache to succeed if a checkpeer failed so I had to actually get
the ca cert from the authority in order to do the lookups over SSL.

Thanks again
Adam