You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mathias Alt <al...@gmx.de> on 2003/05/20 13:51:10 UTC
[users@httpd] strange behavior of mod_auth_ldap
Hello all,
I want to control the access of browsing users via authorization against a
LDAP-Server on Novell NetWare6 using the Apache 2.0.45 binary release on a
Windows 2000 machine.
It is only possible that the very first user can acces the site. All the
next don't get access.
And if the first user types a wrong name or password, nobody will be able to
get on the site.
When I restart the server I can get access as a different user, but then the
same story.
Is this a bug in the module or has anybody a idea what i do wrong?
Thanks in advance.
Mathias Alt
Worms, Germany
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] compiling apache 2.0.4x on ms w2k
Posted by Mathias Alt <al...@gmx.de>.
Hello,
I want to compile the module mod_auth_ldap.
When I compile the whole server, the experimental modules were not compiled.
Maybe it is enough to compile only the changed module, but I can't find any
help to do it. I opened the mod_auth_ldap.dsp but compilation failed with the
error "can not open apr_ldap.h: No such file or directory"
There is a file apr_ldap.hw in srclib\apr-util\include but I don't know what
to do
Any tip?
Thanks in advance
Mathias
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] strange behavior of mod_auth_ldap
Posted by Laurent Blume <la...@infores.com>.
Mathias Alt wrote:
> Did you compile on linux or windows?
HP-UX, actually.
> I have some problems while compiling. When I compile the whole server, the
> experimental modules were not recompiled and I don't know how to compile a
> single module. I want to do it under MS VC++ 6.0 opening the
> mod_auth_ldap.dsp but it failed with a lot of errors.
> maybe you can tell me the steps I have to do
I remember that I had to add some specific options to configure to
compile mod_ldap, as it is, as you say, labeled experimental.
I don't have the information close at hand, I will tomorrow.
Not sure if it would apply to compiling on Windows, though, I never
tried that.
I'll have a look at my notes tomorrow in any case.
Laurent
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] strange behavior of mod_auth_ldap
Posted by Laurent Blume <la...@infores.com>.
Here is a detail of the ./configure options I used on HP-UX, concerning
modules:
./configure --enable-module=most \
--enable-mods-shared=most \
--with-ldap \
--enable-ldap=shared \
--enable-auth-ldap=shared
This was using OpenLDAP's client libs.
As I said, before, I have no idea if this is relevant on Windows, though
I'm sure there must be at least a similar way to choose modules.
HTH,
Laurent
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] strange behavior of mod_auth_ldap
Posted by Mathias Alt <al...@gmx.de>.
> Mathias Alt wrote:
> > Thank you very much for your quick fix.
> >
> > Do I have to rebuild the whole server or is it enough to do it with
> > mod_auth_ldap.c ?
>
> Oh, I think mod_auth_ldap will be enough, there isn't much in that fix.
> I was always recompiling everything (for other reasons), but I don't see
> why it would not work.
>
> And don't forget to vote for the bug to help have an official fix soon ;-)
>
> Best regards,
>
> Laurent
Did you compile on linux or windows?
I have some problems while compiling. When I compile the whole server, the
experimental modules were not recompiled and I don't know how to compile a
single module. I want to do it under MS VC++ 6.0 opening the
mod_auth_ldap.dsp but it failed with a lot of errors.
maybe you can tell me the steps I have to do
Thank you very much
Mathias
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] New to SSL
Posted by Dan Carl <da...@bspmail.com>.
I was recently in the same predicament.
Instead of missing around with recompiling apache, I chose to upgrade to
Apache2 and install ssl support.
1.grab Apache2 source from a mirror
2. unpack it where ever you desire.
3. read INSTALL file for instructions
4. build apache with:
./configure --prefix=/usr/local/apache2 --enable-ssl --enable-module=so
5.when configure completes, run make.
6.when make completes, run make install.
7.You should now have an Apache2 instance in /usr/local/apache2
8 Edit the http.conf ( I just copied my virtual hosts from my apache 1.3.27
conf)
9. Edit the ssl.conf comment out the <IfDefine> and </IfDefine> lines
and setup a secure virtualhost. ( don't forget to update DNS)
10. grab openssl an install it.
11. generate a server.key and server.crt and copy them to
/usr/local/apache2/conf/ssl.key/ and
usr/local/apache2/conf/ssl.crt/ respectively.
12. test your configuration /usr/local/apache2/bin/apachectl -t
It should return Syntax OK
13. check your virtual host setup /usr/local/apache2/bin/apachectl -S
Now it's time to find out if it worked.
Stop your currently running apache 1.3.27
/etc/init.d/httpd stop
Start your new instance of Apache2
/usr/local/apache2/bin/
Apache2 should start serving your current webpages without any interruptions
to browsers.
Now you can always go back to Apache 1.3 if you want.
I am no Guru, use this howto at your own risk but it worked for me :-)
Here's a couple sites that helped me
http://www.raibledesigns.com/tomcat/ssl-howto.html
http://httpd.apache.org/docs-2.0/ssl/
----- Original Message -----
Subject: [users@httpd] New to SSL
> I'm running Apache 1.3.27 on Redhat 7.3. It's a live and busy web server
so
> it can't go down (not for long anyway). I need to add SSL and I need to
get
> it right first time.
>
> I'm new to SSL, I've got hold of OpenSSL, read through some of the Mod_SSL
> and Apache-SSL documentation and looking for recommendations and advice,
can
> anyone point me to a good resource?
>
> Is it possible to install a second copy of Apache to do the SSL stuff and
> therefore leave my working HTTP server alone? Is this a good idea?
I pretty sure you could setup Apache2 on a different port and run both
Apache versions.
I have not tried this though.
>
> Thanks
> Nigel
>
> MIS Web Design
> http://www.miswebdesign.com/
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] New to SSL
Posted by Nigel Peck - MIS Web Design <ni...@miswebdesign.com>.
I'm running Apache 1.3.27 on Redhat 7.3. It's a live and busy web server so
it can't go down (not for long anyway). I need to add SSL and I need to get
it right first time.
I'm new to SSL, I've got hold of OpenSSL, read through some of the Mod_SSL
and Apache-SSL documentation and looking for recommendations and advice, can
anyone point me to a good resource?
Is it possible to install a second copy of Apache to do the SSL stuff and
therefore leave my working HTTP server alone? Is this a good idea?
Thanks
Nigel
MIS Web Design
http://www.miswebdesign.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] strange behavior of mod_auth_ldap
Posted by Laurent Blume <la...@infores.com>.
Mathias Alt wrote:
> Thank you very much for your quick fix.
>
> Do I have to rebuild the whole server or is it enough to do it with
> mod_auth_ldap.c ?
Oh, I think mod_auth_ldap will be enough, there isn't much in that fix.
I was always recompiling everything (for other reasons), but I don't see
why it would not work.
And don't forget to vote for the bug to help have an official fix soon ;-)
Best regards,
Laurent
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] strange behavior of mod_auth_ldap
Posted by Mathias Alt <al...@gmx.de>.
> Mathias Alt wrote:
> > I want to control the access of browsing users via authorization
> > against a LDAP-Server on Novell NetWare6 using the Apache 2.0.45
> > binary release on a Windows 2000 machine.
> >
> > It is only possible that the very first user can acces the site. All
> > the next don't get access. And if the first user types a wrong name
> > or password, nobody will be able to get on the site.
> >
> > When I restart the server I can get access as a different user, but
> > then the same story.
>
> This looks like the bug I reported a while ago, though in my case it was
> against an MS Active Directory server: authentication works if the
> credentials are correct, but if they are wrong, all subsequent tries
> fail, whether correct or not.
> From what I understand, the LDAP module is buggy, and caches failed
> connections against LDAP servers which do not allow anonymous bind.
>
> Complete details, and a quick-and-dirty workaround (needs rebuild) there:
>
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17274
>
> Hope this helps,
>
> Laurent
>
Thank you very much for your quick fix.
Do I have to rebuild the whole server or is it enough to do it with
mod_auth_ldap.c ?
Greetings,
Mathias
--
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] strange behavior of mod_auth_ldap
Posted by Laurent Blume <la...@infores.com>.
Mathias Alt wrote:
> I want to control the access of browsing users via authorization
> against a LDAP-Server on Novell NetWare6 using the Apache 2.0.45
> binary release on a Windows 2000 machine.
>
> It is only possible that the very first user can acces the site. All
> the next don't get access. And if the first user types a wrong name
> or password, nobody will be able to get on the site.
>
> When I restart the server I can get access as a different user, but
> then the same story.
This looks like the bug I reported a while ago, though in my case it was
against an MS Active Directory server: authentication works if the
credentials are correct, but if they are wrong, all subsequent tries
fail, whether correct or not.
From what I understand, the LDAP module is buggy, and caches failed
connections against LDAP servers which do not allow anonymous bind.
Complete details, and a quick-and-dirty workaround (needs rebuild) there:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17274
Hope this helps,
Laurent
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org