You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2022/02/09 07:57:02 UTC
[Bug 65875] New: ldap_simple_bind fail for LDAPS authentication with Microsoft SDK
https://bz.apache.org/bugzilla/show_bug.cgi?id=65875
Bug ID: 65875
Summary: ldap_simple_bind fail for LDAPS authentication with
Microsoft SDK
Product: Apache httpd-2
Version: 2.4.41
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: mod_ldap
Assignee: bugs@httpd.apache.org
Reporter: edouard.bouault@safrangroup.com
Target Milestone: ---
Hello,
I have been trying to implement LDAPS authentication between an Apache server
using the Microsoft SDK, and an Ubuntu based OpenLDAP server.
According to the mod_ldap documentation, SSL with this LDAP SDK is supported
and the trusted certificate is configured at a system level.
My configuration is pretty basic. Here is the apache configuration relative to
LDAPS authentication :
AuthName "Active Directory authentication"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPURL "ldaps://openldap.test.com/dc=example,dc=com?uid?sub?"
The OpenLDAP server allows anonymous binds and ldaps connections.
My OpenLDAP server's certificate was added to the local machine certificate
store.
Using this configuration, LDAP authentication without SSL works correctly, but
when i change the "ldap" in my URL to "ldaps", my web site goes to "Error 500"
after prompting for username/password.
In my Apache error log, i find the following :
[Thu Jan 27 16:45:53.556671 2022] [authz_core:debug] [pid 3848:tid 1536]
mod_authz_core.c(817): [client 127.0.0.1:50198] AH01626: authorization result
of Require ldap-group cn=apache,ou=Groups,dc=example,dc=com: denied (no
authenticated user yet)
[Thu Jan 27 16:45:53.556671 2022] [authz_core:debug] [pid 3848:tid 1536]
mod_authz_core.c(817): [client 127.0.0.1:50198] AH01626: authorization result
of <RequireAny>: denied (no authenticated user yet)
[Thu Jan 27 16:45:53.556671 2022] [authnz_ldap:debug] [pid 3848:tid 1536]
mod_authnz_ldap.c(522): [client 127.0.0.1:50198] AH01691: auth_ldap
authenticate: using URL ldaps://openldap.test.com/dc=example,dc=com?uid?sub?
[Thu Jan 27 16:45:53.619179 2022] [authnz_ldap:info] [pid 3848:tid 1536]
[client 127.0.0.1:50198] AH01695: auth_ldap authenticate: user ldapuser
authentication failed; URI / [LDAP: ldap_simple_bind() failed][]
In my OpenLDAP error log, i find the following :
[07-02-2022 13:11:44] slapd debug conn=1004 fd=14 ACCEPT from
IP=XXX.XXX.XXX.XXX:50139 (IP=0.0.0.0:636)
[07-02-2022 13:11:44] slapd debug conn=1004 fd=14 closed (TLS negotiation
failure)
These errors happen whether my LDAP server certificate is in the certificate
store or not, which means the web server doesn't seem to use the certificate
configured at Windows level.
Thank you in advance for taking a look at this.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org