You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Andrew Musselman <An...@cwu.EDU> on 2005/08/23 17:39:44 UTC
[users@httpd] [SPAM] RE: [users@httpd] mod_auth_ldap
Hi Pamela,
I finally got things working. My co-worker helped me find the problem:
in apache log we found these messages while restarting apache:
[Mon Aug 22 12:31:43 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Mon Aug 22 12:31:43 2005] [crit] LDAP: Invalid LDAPTrustedCAType
directive - BASE64_FILE type required
[Mon Aug 22 12:31:43 2005] [warn] LDAP: SSL initialization failed
[Mon Aug 22 12:31:43 2005] [notice] LDAP: SSL support unavailable
I was using the wrong type of CA file, and when I put in the right one
everything worked.
The FreeBSD stuff probably won't help you get things going on Windows.
When you say:
"So I've tried to install the option in the config file like this:
ldap_auth_module modules/mod_auth_ldap.so
And I've tried it like this:
ldap_auth_module D:/apache_files/mod_auth_ldap.so"
Have you opened your httpd.conf file and had a look? Here's a link:
http://httpd.apache.org/docs/1.3/windows.html#use
If you find a bunch of lines that start with "LoadModule", that's where
you might want to try putting in the line (or uncommenting it if it's
there):
LoadModule ldap_auth_module libexec/apache2/mod_auth_ldap.so
Then don't forget to restart apache..
Have fun!
Andrew
Andrew Musselman
andrew@cwu.edu
>>> pamela.kalle@kahosl.be 8/23/2005 1:45 AM >>>
Hi Andrew,
Is it possible that your problem has something to do with the port
number?
Normally when you use a not-SSL connection you use port 389 and for a
SSL connection you use 636.
I don't know very good what you mean with:
I got mine working on FreeBSD by using the ports tree, after renaming
and removing httpd.conf, by going into the apache2 directory and
doing:
make clean
make WITH_PROXY_MODULES=yes WITH_LDAP_MODULES=yes WITH_SSL_MODULES=yes
I've tried to do this via de cmd on the directory Apache2 and on the
directory Apache/BIN but it didn't work (make is not a recognised
command)but maybe this is because I'm working with Windows...
Thank you for the answer
Greetings
Pamela
-----Oorspronkelijk bericht-----
Van: Andrew Musselman [mailto:Andrew@cwu.EDU]
Verzonden: maandag 22 augustus 2005 17:54
Aan: users@httpd.apache.org
Onderwerp: Re: [users@httpd] mod_auth_ldap
Hi Pamela,
On this page:
http://httpd.apache.org/docs/1.3/windows.html
The directions say you can load a module by adding a line to your
httpd.conf:
LoadModule ldap_auth_module libexec/apache2/mod_auth_ldap.so
I got mine working on FreeBSD by using the ports tree, after renaming
and removing httpd.conf, by going into the apache2 directory and
doing:
make clean
make WITH_PROXY_MODULES=yes WITH_LDAP_MODULES=yes WITH_SSL_MODULES=yes
Then checking which lines the new install put in and copying them into
my old httpd.conf.
That may not help your situation, I don't know.
In my case, I'm getting these two errors in my log file when I try to
access a protected directory. Here are the lines in the .htaccess
file
protecting the directory:
AuthLDAPEnabled on
AuthType Basic
AuthLDAPURL ldap://my.ldap.server:636/o=CWU?uid
require valid-user
Here is the error I get using ldap:// "[LDAP: ldap_simple_bind_s()
failed][Can't contact LDAP server]"
Here is the error I get using ldaps:// "[LDAP: ssl connections not
supported][Can't contact LDAP server]"
Has anyone encountered these errors and know how to solve them?
Thank you,
Andrew
Andrew Musselman
andrew@cwu.edu
>>> pamela.kalle@kahosl.be 8/22/2005 12:38 AM >>>
Hi
I'm also trying to use the mod_auth_ldap, but I'm having troubles as
well.
Maybe my experience can help you as well, and maybe someone else can
help us both.
I'm working on a Windows 2000 server. I installed the apache version
2.0.54.
In this version I find a mod_auth_ldap.so in the modules map
(C:/Program
Files/apache group/apache/modules).
So indeed it lookes like "it comes out of the box".
Still manuals for apache
(http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap_apach
e2.html)
describe to install a .dll (not a .so) for Windows Users.
The manual that I'm reffering to also suggest an extra installation of
some dll's you should find at a sun-site.
I've tried this but I found many dll's so I don't know which they
want.
So I've tried to install the option in the config file like this:
ldap_auth_module modules/mod_auth_ldap.so
And I've tried it like this:
ldap_auth_module D:/apache_files/mod_auth_ldap.so
Both times my apache server crashed. (didn't want to restart).
My log files give me something like this:
The I/O operation has been aborted because of either a thread exit or
an
application request. : winnt_accept: Asynchronous AcceptEx failed.
Thanks
Pamela
-----Oorspronkelijk bericht-----
Van: Andrew Musselman [mailto:Andrew@cwu.EDU]
Verzonden: vrijdag 19 augustus 2005 19:50
Aan: users@httpd.apache.org
Onderwerp: [users@httpd] mod_auth_ldap
I have read that mod_auth_ldap comes "out of the box" in Apache 2.0
and
up, but I'm not sure how to enable it.
Is it as simple as adding something like this to httpd.conf:
LoadModule ldap_auth_module libexec/apache2/mod_auth_ldap.so
Or are there other steps? I don't see it in the FreeBSD ports tree.
Thanks,
Andrew
Andrew Musselman
andrew@cwu.edu
>>> sanguis@xs4all.nl 8/19/2005 10:20:08 AM >>>
> I have apache running on my Windows 2000 Machine with SSL. Runs OK,
> but in order to start apache with SSL I must start it up in a dos
> window.
Remove all 'IfDefine SSL' things in your httpd.conf, and the thing
should use SSL automagically.
If you don't want this, and have Apache as service, you can give extra
parameters (like -DSSL) in the service properties.
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org