You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by John Adamski <ad...@graceland.edu> on 2012/09/07 15:43:46 UTC
[users@httpd] can't get apache 2.2.22 and mod_ldap to work

HPUX 11.v3 OS running on HP BL870c Integrity server

I'm trying to get apache ldap to play nice together and not having much luck.  I compiled apache with these options:

    --with-ldap-include=/opt/openldap/include/"
    --with-ldap-lib=/opt/openldap/lib/libldap_r.so"

    --enable-ldap=static"
    --enable-authnz-ldap=static"
    --with-ldap=ldap"

when upgrading from 2.2.15 to 2.2.22 on our dr/test epr server.  I can get apache to start and serve up pages except those that require ldap authentication. I get this message in the sslerror_log

[Tue Sep 04 12:58:51 2012] [error] LDAP: Could not set the connection timeout 

And the browser gets this message:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webadmin@graceland.edu and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.


--------------------------------------------------------------------------------

Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1b mod_perl/2.0.5 Perl/v5.14.2 Server at newt.graceland.edu Port 443

 
>From our config files we have these sections:



<IfModule mod_status.c>
    #
    # ExtendedStatus controls whether Apache will generate "full" status
    # information (ExtendedStatus On) or just basic information (ExtendedStatus
    # Off) when the "server-status" handler is called. The default is Off.
    #
    ExtendedStatus On

    #
    # Allow server status reports generated by mod_status,
    # with the URL of http://servername/server-status
    # Change the ".example.com" to match your domain to enable.
    #
    <Location /server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
        Allow from .graceland.edu
    </Location>
</IfModule>

<IfModule mod_info.c>
    #
    # Allow remote server configuration reports, with the URL of
    #  http://servername/server-info (requires that mod_info.c be loaded).
    # Change the ".example.com" to match your domain to enable.
    #
    <Location /server-info>
        SetHandler server-info
        Order deny,allow
        Deny from all
        Allow from .graceland.edu
    </Location>
</IfModule>


<Directory /opt/apache2/carsi-live/share/cgi-bin/hr>
  AllowOverride None
  Options None
  AuthType Basic
  AuthBasicProvider ldap
  AuthName "GU Employee Access"
  AuthLDAPBindDN "cn=ldapuser,cn=users,dc=graceland,dc=edu"
  AuthLDAPBindPassword grace1
  AuthLDAPURL ldap://dc02.graceland.edu:389/dc=graceland,dc=edu?SAMAccountName?sub?(objectclass=user)
  require ldap-group cn=users,cn=builtin,dc=graceland,dc=edu
</Directory>


I can do a ldapsearch with roughly the same settings and get information:

ldapsearch -b dc=graceland,dc=edu -h xxxx.graceland.edu -D "cn=xxxxxx,cn=users,dc=graceland,dc=edu" -w xxxxxx -s sub '(&(objectClass=user)(SAMAccountName=adamski))'
# extended LDIF
#
# LDAPv3
# base <dc=graceland,dc=edu> with scope subtree
# filter: (&(objectClass=user)(SAMAccountName=adamski))
# requesting: ALL
#

# John Adamski, ITS, graceland.edu
dn: CN=John Adamski,OU=ITS,DC=graceland,DC=edu
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: John Adamski
sn: Adamski
description: 
userCertificate:: MIIFkDCCBHigAwIBAgIKHHdx6wAAAAAQzDANBgkqhkiG9w0BAQUFADBBMRMw
--{cut to shorten}--
givenName: John
distinguishedName: CN=John Adamski,OU=ITS,DC=graceland,DC=edu
instanceType: 4
whenCreated: 20010606135700.0Z
whenChanged: 20120907063705.0Z
displayName: John Adamski
uSNCreated: 145075
--{cut to shorten}--
memberOf: CN=Employees,OU=Groups,DC=graceland,DC=edu
memberOf: CN=Domain Users,OU=Groups,DC=graceland,DC=edu
memberOf: CN=ITS2,OU=Groups,DC=graceland,DC=edu
memberOf: CN=ITS,OU=Groups,DC=graceland,DC=edu
memberOf: CN=Users,CN=Builtin,DC=graceland,DC=edu
uSNChanged: 24370300
department: ITS
homeMTA: CN=Microsoft MTA,CN=OWLERY,CN=Servers,CN=Exchange Administrative Grou
 p (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Graceland University,CN=Micro
 soft Exchange,CN=Services,CN=Configuration,DC=graceland,DC=edu
proxyAddresses: x400:C=US;A= ;P=Graceland Univ;O=GRACELAND;S=Adamski;G=John;
--{cut to shorten}--
proxyAddresses: SMTP:adamski@graceland.edu
homeMDB: CN=EVA_EMP0,CN=EVA_EMP0,CN=InformationStore,CN=OWLERY,CN=Servers,CN=E
 xchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Gr
 aceland University,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=grac
 eland,DC=edu
publicDelegatesBL: --{cut to shorten}--
mDBUseDefaults: TRUE
mailNickname: adamski
protocolSettings:: SFRUUMKnMcKnMcKnwqfCp8KnwqfCpw==
protocolSettings:: T1dBwqcx
name: John Adamski
objectGUID:: kHbYg7KajEmR9dRHerQW0Q==
userAccountControl: 544
badPwdCount: 0
codePage: 0
countryCode: 0
homeDirectory: \\graceland.edu\GU\ITS\adamski
homeDrive: H:
badPasswordTime: 129914084615030294
lastLogon: 129914878351286795
scriptPath: main.bat
logonHours:: ////////////////////////////
pwdLastSet: 128183492254918750
primaryGroupID: 44955
userParameters:: bSAgICAgICAgICAgICAgICAgICAgIGQJICAgICAgICAgICAgICAgICAgICAgI
 CAgUAA=
objectSid:: AQUAAAAAAAUVAAAASWoeCRIDABfsKyRc7DAAAA==
adminCount: 1
accountExpires: 0
logonCount: 29825
sAMAccountName: adamski
sAMAccountType: 805306368
showInAddressBook: CN=Office List,CN=All Address Lists,CN=Address Lists Contai
 ner,CN=Graceland University,CN=Microsoft Exchange,CN=Services,CN=Configuratio
 n,DC=graceland,DC=edu
showInAddressBook: CN=Information Technology Services,CN=Office List,CN=All Ad
 dress Lists,CN=Address Lists Container,CN=Graceland University,CN=Microsoft E
 xchange,CN=Services,CN=Configuration,DC=graceland,DC=edu
showInAddressBook: CN=All Users,CN=All Address Lists,CN=Address Lists Containe
 r,CN=Graceland University,CN=Microsoft Exchange,CN=Services,CN=Configuration,
 DC=graceland,DC=edu
showInAddressBook: CN=Default Global Address List,CN=All Global Address Lists,
 CN=Address Lists Container,CN=Graceland University,CN=Microsoft Exchange,CN=S
 ervices,CN=Configuration,DC=graceland,DC=edu
legacyExchangeDN: /o=GRACELAND COLLEGE/ou=GRACELAND/cn=RECIPIENTS/cn=ADAMSKI
userPrincipalName: adamski@graceland.edu
lockoutTime: 0
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=graceland,DC=edu
msNPAllowDialin: TRUE
dSCorePropagationData: 20111027152723.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 129914734259926191
uid: adamski
textEncodedORAddress: c=US;a= ;p=GRACELAND;o=Exchange;s=Adamski;g=John;
mail: adamski@graceland.edu
manager: CN=Jim McKinney,OU=ITS,DC=graceland,DC=edu
msSFU30Name: adamski
msSFU30NisDomain: graceland
uidNumber: 548
gidNumber: 120
unixHomeDirectory: /home/carsids/adamski
loginShell: /bin/csh
msExchHomeServerName: /o=GRACELAND COLLEGE/ou=Exchange Administrative Group (F
 YDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=OWLERY
msExchALObjectVersion: 426
msExchMailboxSecurityDescriptor:: AQAUjBQAAAAwAAAATAAAAHwAAAABBQAAAAAABRUAAABJ
 ah4JEgMAF+wrJFycBAAAAQUAAAAAAAUVAAAASWoeCRIDABfsKyRcnAQAAAIAMAACAAAAAtAUAAMAD
--{cut to shorten}--
 eCRIDABfsKyRc9AEAAAASJAABAA8AAQUAAAAAAAUVAAAASWoeCRIDABfsKyRcBwIAAA==
msExchUserAccountControl: 0
msExchIMACL:: AAAAAgAAAAZwADNwAAAAAGh0dHA6Ly9pbS5ncmFjZWxhbmQuZWR1L2luc3Rtc2cv
 YWxpYXNlcy9hZGFtc2tp
msExchIMACL:: AAAAAQAAAAcQAAEwAAAAAA==
msExchIMMetaPhysicalURL: http://im.graceland.edu/instmsg/aliases/adamski
msExchIMPhysicalURL: http://prospero/instmsg/local/im.graceland.edu/instmsg/al
 iases/adamski
msExchIMVirtualServer: CN=1\0ADEL:12b885bd-ff27-4866-8203-f41d47df347e,CN=Dele
 ted Objects,CN=Configuration,DC=graceland,DC=edu
msExchIMAddress: adamski@graceland.edu
msExchMailboxGuid:: qncADbVPBUyAnYzsTc0lSw==
msExchPoliciesIncluded: {7EE1CD7B-31D1-4D14-96B2-F079DEBBF6F8},{26491CFC-9E50-
 4857-861B-0CB8DF22B5D7}
msExchRecipientDisplayType: 1073741824
msExchUserCulture: en-US
msExchVersion: 4535486012416
msExchRecipientTypeDetails: 1
msExchMobileMailboxFlags: 1
ciscoatUserProfile: CN=adamski-profile-{78919040907072005},OU=profiles,OU=CCN,
 OU=CiscoCCM,DC=graceland,DC=edu
ciscoatUserProfileString: cn=adamski-profile-{78919040907072005},ou=profiles,
 ou=CCN,ou=CiscoCCM, dc=graceland,dc=edu
ciscoatGUID: -{78919040907072005}

# search reference
ref: ldap://ForestDnsZones.graceland.edu/DC=ForestDnsZones,DC=graceland,DC=edu

# search reference
ref: ldap://DomainDnsZones.graceland.edu/DC=DomainDnsZones,DC=graceland,DC=edu

# search reference
ref: ldap://graceland.edu/CN=Configuration,DC=graceland,DC=edu

# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 1
# numReferences: 3



What do I have configured wrong.  I need to get this working any help would be appreciated.

John

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org