You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Declerck Michael-W30479 <W3...@motorola.com> on 2006/08/03 18:25:56 UTC
[users@httpd] LDAP auth: Internal Server Error
I want to allow only certain users to authenticate themselves against an
LDAP server.
This authentication is only for a folder on my document root.
I am using Apache2.2.2.
I get a authentication pop-up box from the LDAP server.
After I authenticate, however, I get an Internal Server Error on the
page and these two errors in my error log:
[Thu Aug 03 11:00:20 2006] [error] Internal error: pcfg_openfile()
called with NULL filename
[Thu Aug 03 11:00:20 2006] [error] [client 10.22.62.15] (9)Bad file
descriptor: Could not open password file: (null)
Does anyone know what pcfg_openfile() is? Does that have something to do
with .htpasswd?
Here is my LDAP configuration:
# Enable the LDAP connection pool and shared memore cache
LDAPsharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
# Enable the LDAP cache status handler.
<Location /ldap-status>
SetHandler ldap-status
Order deny,allow
Deny from all
Allow from all
AuthType Basic
AuthName "Applications Directory Authentication"
AuthLDAPURL
ldap://ids.mot.com/ou=people,ou=intranet,dc=mot,dc=com?uid
AuthzLDAPAuthoritative on
require user w30479
</Location>
# Enable LDAP authentication on "auth" directory
<Directory "/usr/local/apache2/cgi-bin//auth">
Order allow,deny
Options FollowSymLinks
AllowOverride None
Allow from all
AuthType Basic
AuthName "Enter Your Applications Directory Password"
AuthLDAPURL
ldap://ids.mot.com:389/ou=people,ou=intranet,dc=mot,dc=com?motguid
require ldap-user rlvh30 wlkw03 w16993
</Directory>
What I really want to do is authenticate over SSL, which I have
activated on the "default" virtual host.
I have tried the secure ldap server (ldaps://) but I have the same
error.
Any advice is appreaciated,
Michael DeClerck
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] LDAP auth: Internal Server Error
Posted by Paul Ortman <po...@goshen.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mika Borner wrote:
>> I downloaded ans installed OpenLDAP v2.3.24 from source. I'm not sure
> if
>> that came with an SDK...
>> I don't see any SDK's on the OpenLDAP download website.
>> Where could I get an SDK?
>
> I haven't touched OpenLDAP lately, but I guess it is somewhere in the
> source tree of the tar-ball.
>
> For our novell-sdk i used following apache options:
>
> "--with-ldap" \
> "--with-ldap-dir=/u00/appl/novell-cldap" \
> "--enable-ldap" \
> "--with-ldap-lib=/u00/appl/novell-cldap/lib" \
> "--with-ldap-include=/u00/appl/novell-cldap/include"
>
> Just set the path to your openldap source tree. If it is correct it
> should find the sdk. Of course it is possible that your apache instance
> is already compiled with the openldap sdk. Depends on your operating
> system. You can check this e.g. in the error log.
I've had problems with this sort of thing as well, but on win32.
According to http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
mod_authnz_ldap is "Known to support the OpenLDAP SDK (both 1.x and
2.x), Novell LDAP SDK and the iPlanet (Netscape) SDK."
So I've downloaded the prebuilt win32 binary (both 2.2.3 and 2.0.59)
from apache.org, but cannot get them to play nice with my Openldap 2.2.*
machines. So has anyone else gotten this to work?
One thing I've noticed is the vague statement in the download README
(http://apache.osuosl.org/httpd/binaries/win32/) that reads "This binary
release was created with Visual Studio 6.0, using a more recent Platform
SDK for the ldap api." So, how to I tell exactly what this build
actually supports?
- --
Paul Ortman
PGP Key: 55602C81
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE02Xlfw8KGlVgLIERAhNgAJ4sRH0HliQVa9I3nCbZsa6xAZDmbACdHcKc
eY2p3/UNIycHMaFNkBDwrpc=
=L/12
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] LDAP auth: Internal Server Error
Posted by Declerck Michael-W30479 <W3...@motorola.com>.
In my previous message, I included the errors that I have been
experiencing:
[Thu Aug 03 11:00:20 2006] [error] Internal error: pcfg_openfile()
called with NULL filename
[Thu Aug 03 11:00:20 2006] [error] [client 10.22.62.15] (9)Bad file
descriptor: Could not open password file: (null)
These errors do not seem to point to an SDK issue.
But my inexperience with Apache preceeds me.
-----Original Message-----
From: Mika Borner [mailto:Mika.Borner@clariden.com]
Sent: Friday, August 04, 2006 9:11 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] LDAP auth: Internal Server Error
>I downloaded ans installed OpenLDAP v2.3.24 from source. I'm not sure
if
>that came with an SDK...
>I don't see any SDK's on the OpenLDAP download website.
>Where could I get an SDK?
I haven't touched OpenLDAP lately, but I guess it is somewhere in the
source tree of the tar-ball.
For our novell-sdk i used following apache options:
"--with-ldap" \
"--with-ldap-dir=/u00/appl/novell-cldap" \ "--enable-ldap" \
"--with-ldap-lib=/u00/appl/novell-cldap/lib" \
"--with-ldap-include=/u00/appl/novell-cldap/include"
Just set the path to your openldap source tree. If it is correct it
should find the sdk. Of course it is possible that your apache instance
is already compiled with the openldap sdk. Depends on your operating
system. You can check this e.g. in the error log.
------------------------------------------------------------------------
-
This message is intended for the addressee only and may contain
confidential or privileged information. If you are not the intended
receiver, any disclosure, copying to any person or any action taken or
omitted to be taken in reliance on this e-mail, is prohibited and may be
un- lawful. You must therefore delete this e-mail.
Internet communications may not be secure or error-free and may contain
viruses. They may be subject to possible data corruption, accidental or
on purpose. This e-mail is not and should not be construed as an offer
or the solicitation of an offer to purchase or subscribe or sell or
redeem any investments.
------------------------------------------------------------------------
-
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] LDAP auth: Internal Server Error
Posted by Declerck Michael-W30479 <W3...@motorola.com>.
I think I've got something:
http://httpd.apache.org/docs/2.2/mod/mod_ldap.html under OpenLDAP SDK
states that I need to have the directive
LDAPTrustedGlobalCert to be specified in order for it to work.
..After trying this with my SSL certifiacte I still have the same
problem.
Is there a special LDAP sertifiacte that I need for this to work?
-----Original Message-----
From: Mika Borner [mailto:Mika.Borner@clariden.com]
Sent: Friday, August 04, 2006 9:11 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] LDAP auth: Internal Server Error
>I downloaded ans installed OpenLDAP v2.3.24 from source. I'm not sure
if
>that came with an SDK...
>I don't see any SDK's on the OpenLDAP download website.
>Where could I get an SDK?
I haven't touched OpenLDAP lately, but I guess it is somewhere in the
source tree of the tar-ball.
For our novell-sdk i used following apache options:
"--with-ldap" \
"--with-ldap-dir=/u00/appl/novell-cldap" \ "--enable-ldap" \
"--with-ldap-lib=/u00/appl/novell-cldap/lib" \
"--with-ldap-include=/u00/appl/novell-cldap/include"
Just set the path to your openldap source tree. If it is correct it
should find the sdk. Of course it is possible that your apache instance
is already compiled with the openldap sdk. Depends on your operating
system. You can check this e.g. in the error log.
------------------------------------------------------------------------
-
This message is intended for the addressee only and may contain
confidential or privileged information. If you are not the intended
receiver, any disclosure, copying to any person or any action taken or
omitted to be taken in reliance on this e-mail, is prohibited and may be
un- lawful. You must therefore delete this e-mail.
Internet communications may not be secure or error-free and may contain
viruses. They may be subject to possible data corruption, accidental or
on purpose. This e-mail is not and should not be construed as an offer
or the solicitation of an offer to purchase or subscribe or sell or
redeem any investments.
------------------------------------------------------------------------
-
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] LDAP auth: Internal Server Error
Posted by Mika Borner <Mi...@clariden.com>.
>I downloaded ans installed OpenLDAP v2.3.24 from source. I'm not sure
if
>that came with an SDK...
>I don't see any SDK's on the OpenLDAP download website.
>Where could I get an SDK?
I haven't touched OpenLDAP lately, but I guess it is somewhere in the
source tree of the tar-ball.
For our novell-sdk i used following apache options:
"--with-ldap" \
"--with-ldap-dir=/u00/appl/novell-cldap" \
"--enable-ldap" \
"--with-ldap-lib=/u00/appl/novell-cldap/lib" \
"--with-ldap-include=/u00/appl/novell-cldap/include"
Just set the path to your openldap source tree. If it is correct it
should find the sdk. Of course it is possible that your apache instance
is already compiled with the openldap sdk. Depends on your operating
system. You can check this e.g. in the error log.
-------------------------------------------------------------------------
This message is intended for the addressee only and may
contain confidential or privileged information. If you
are not the intended receiver, any disclosure, copying
to any person or any action taken or omitted to be taken
in reliance on this e-mail, is prohibited and may be un-
lawful. You must therefore delete this e-mail.
Internet communications may not be secure or error-free
and may contain viruses. They may be subject to possible
data corruption, accidental or on purpose. This e-mail is
not and should not be construed as an offer or the
solicitation of an offer to purchase or subscribe or sell
or redeem any investments.
-------------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] LDAP auth: Internal Server Error
Posted by Declerck Michael-W30479 <W3...@motorola.com>.
I downloaded ans installed OpenLDAP v2.3.24 from source. I'm not sure if
that came with an SDK...
I don't see any SDK's on the OpenLDAP download website.
Where could I get an SDK?
-----Original Message-----
From: Mika Borner [mailto:Mika.Borner@clariden.com]
Sent: Friday, August 04, 2006 12:29 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] LDAP auth: Internal Server Error
Hi.
>I get a authentication pop-up box from the LDAP server.
>After I authenticate, however, I get an Internal Server Error on the
>page and these two errors in my error log:
I found that several internal server errors come from using a wrong LDAP
SDK. Are you sure your apache instance's included LDAP SDK matches your
LDAP Directory Server Brand?
Sorry, can't help any further...
------------------------------------------------------------------------
-
This message is intended for the addressee only and may contain
confidential or privileged information. If you are not the intended
receiver, any disclosure, copying to any person or any action taken or
omitted to be taken in reliance on this e-mail, is prohibited and may be
un- lawful. You must therefore delete this e-mail.
Internet communications may not be secure or error-free and may contain
viruses. They may be subject to possible data corruption, accidental or
on purpose. This e-mail is not and should not be construed as an offer
or the solicitation of an offer to purchase or subscribe or sell or
redeem any investments.
------------------------------------------------------------------------
-
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] LDAP auth: Internal Server Error
Posted by Mika Borner <Mi...@clariden.com>.
Hi.
>I get a authentication pop-up box from the LDAP server.
>After I authenticate, however, I get an Internal Server Error on the
>page and these two errors in my error log:
I found that several internal server errors come from using a wrong
LDAP SDK. Are you sure your apache instance's included LDAP SDK matches
your LDAP Directory Server Brand?
Sorry, can't help any further...
-------------------------------------------------------------------------
This message is intended for the addressee only and may
contain confidential or privileged information. If you
are not the intended receiver, any disclosure, copying
to any person or any action taken or omitted to be taken
in reliance on this e-mail, is prohibited and may be un-
lawful. You must therefore delete this e-mail.
Internet communications may not be secure or error-free
and may contain viruses. They may be subject to possible
data corruption, accidental or on purpose. This e-mail is
not and should not be construed as an offer or the
solicitation of an offer to purchase or subscribe or sell
or redeem any investments.
-------------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org