Re: apache2.0.55 w/ mod_ldap & tls

Hi again,

To follow up on my own question, in case others upgrade from 2.0.54 and
run into this problem, 2.0.55 requires these two directives before SSL
is enabled in mod_ldap:

LDAPTrustedCA /etc/ssl/CA/cacert.pem
LDAPTrustedCAType BASE64_FILE

The debug logs now produce:

[Fri Jan 13 18:34:17 2006] [notice] LDAP: SSL support available

Cheers,
Brent


On Thu, Jan 12, 2006 at 07:56:14PM -0700, Brent Kearney wrote:
> Hello,
>
> I'm having some trouble getting apache's ldap module to connect to my openldap server
> using TLS. The reason it won't initiate an SSL connection is evident in the logs:
>
> [Thu Jan 12 20:45:49 2006] [debug] util_ldap.c(1341): LDAP: SSL trusted certificate authority file type - BASE64_FILE
> [Thu Jan 12 20:45:49 2006] [notice] SIGHUP received. Attempting to restart
> [Thu Jan 12 20:45:50 2006] [debug] util_ldap.c(1341): LDAP: SSL trusted certificate authority file type - BASE64_FILE
> [Thu Jan 12 20:45:51 2006] [notice] Digest: generating secret for digest authentication ...
> [Thu Jan 12 20:45:51 2006] [notice] Digest: done
> [Thu Jan 12 20:45:51 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
> [Thu Jan 12 20:45:51 2006] [notice] LDAP: SSL support unavailable
> [Thu Jan 12 20:45:51 2006] [notice] Apache/2.0.55 (FreeBSD) mod_ssl/2.0.55 OpenSSL/0.9.7e DAV/2 PHP/5.1.1 configured -- resuming normal operations
>
>
> I found this bug report, which details what looks like the same problem:
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86416
>
> However, it also mentions that the bug was supposed to be fixed in Apache 2.0.55,
> which I'm running. As in that bug report, I am also using FreeBSD 5.4. I added
> "LDAPTrustedCAType BASE64_FILE" to my httpd.conf file as suggested, but it makes
> no difference.
>
> Ironically, it was working before I upgraded from apache 2.0.54.
>
> Any suggestions are welcome.
>
> Thanks,
>
> Brent
>
>
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Strange colors in gnome menus after Xorg upgrade
    ... I just decided to upgrade my old XFree86 server to Xorg, since apparently that's what we're supposed to do and I thought it would solve some video card problems (it didn't -- but rendering is faster ... Pressing PrtSc will take a full screenshot of the screen, so it will depict any visual oddities. ... Filing a bug report would be a good idea. ... That's under Classification: Desktop, Application: gnome-themes, Component: theme-smokeyblue. ...
    (GNOME)
  • Win2003 Upgrade Broke SSL?
    ... I recently upgraded my Exchange 2000 server/Windows 2000. ... Exchange 2003 and then upgraded to Windows 2003 server. ... In doing so, it broke SSL. ... I do remember specifically it wasn't the upgrade to Exchange ...
    (microsoft.public.inetserver.iis)
  • Re: OWA and Exchange 5.5
    ... Any links to documentation on implementing SSL? ... Patch the heck out of the server and use SSL for access. ... Please don't go on about how I need to upgrade to 2003. ... have to replace the hardware regardless of whether we upgrade Exchange or ...
    (microsoft.public.exchange.setup)
  • Re: Bizzare freaking post variable problem
    ... >> for form posts over SSL. ... >> right through ssl slipperier than snot on a doorknob. ... > and get the bug couple times/day. ... I think you should upgrade anyways... ...
    (comp.lang.php)
  • Re: [opensuse] Kernel Updates Put Bad Device Names In "/boot/grub/menu.lst"
    ... On Thursday 08 November 2007 21:54:06 Jeff Mahoney wrote: ... Did I mention that the upgrade process bombed when it came time to ... Can you file a bug report for this? ... the other against the kernel component. ...
    (SuSE)