Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

Use of assignment to $[ is deprecated at /usr/local/sbin/apxs line 86. , wwwxxx vim, mysql closing table and opening table, 800c5000, setgid operation not permitted, pciehp: acpi_pciehprm on IBM, WWWXXX.DBF, 078274121, info0a ip, should prodicers of software_based services be held liable or not liable for economic injuries

Links

XODOX
Impressum

#1: LDAP within a virtual host

Posted on 2008-04-08 11:37:14 by Adrian Marsh

Hi All,

I'm trying to teach myself ldap and virutal hosting. If I setup a
standard httpd.conf filewith just the below in it, then the ldaps lookup
is successful:

<Location "/wiki">
AuthBasicProvider ldap
#DAV svn
#SVNParentPath /home/SVN
#SVNIndexXSLT "/svnindex.xsl"
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "Subversion"
#AuthUserFile /etc/svn-auth-file
AuthLDAPURL
"ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
NONE
AuthLDAPBindDN
"CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
AuthLDAPBindPassword *******
#<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
#</LimitExcept>
#AuthzSVNAccessFile /tmp/svntest
</Location>

However, if I wrap it into a virtual host, I get 500 messages back from
the server :

<VirtualHost *:80>
DocumentRoot /var/www/testhtml
ServerName testserv.company.local
CustomLog logs/svn_logfile "%t %{SVN-ACTION}e %u" env=SVN-ACTION
CustomLog logs/testserv_log combined


# Other directives here

<Location "/abc">
AuthBasicProvider ldap
#DAV svn
#SVNParentPath /home/SVN
#SVNIndexXSLT "/svnindex.xsl"
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "Subversion"
#AuthUserFile /etc/svn-auth-file
AuthLDAPURL
"ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
NONE
AuthLDAPBindDN
"CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
AuthLDAPBindPassword *****
#<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
#</LimitExcept>
#AuthzSVNAccessFile /tmp/svntest
</Location>
</VirtualHost>


In the error log I get:

[Tue Apr 08 00:14:22 2008] [warn] [client 192.168.117.1] [12209]
auth_ldap authenticate: user marsh authentication failed; URI /abc
[LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]



But a tcpdump shows that theres not even an attempt to contact our LDAP
server.

I know that the Virtualhost directives are taking affect as the normal
logs are written out to the testserv_log file, and it is mapping to /abc

I just dont get why the virtualhost ldaps lookup is failing...

I also tried dropping it back to ldap instead of ldaps to see if it was
the SSL wrapper, but that makes no difference either.

Any ideas??

Thanks,

Adrian

Report this message

#2: Re: LDAP within a virtual host

Posted on 2008-04-08 18:40:16 by Adrian Marsh

ok... solved this one..

It was a stupid networking fault caused by VMware suddenly deciding not
to resolve DNS. re-pointed it and this works. However I have a seperate
question about LDAP/Virtual machines and SSL that I'll post seperately.

Adrian Marsh wrote:
> Hi All,
>
> I'm trying to teach myself ldap and virutal hosting. If I setup a
> standard httpd.conf filewith just the below in it, then the ldaps lookup
> is successful:
>
> <Location "/wiki">
> AuthBasicProvider ldap
> #DAV svn
> #SVNParentPath /home/SVN
> #SVNIndexXSLT "/svnindex.xsl"
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "Subversion"
> #AuthUserFile /etc/svn-auth-file
> AuthLDAPURL
> "ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
> NONE
> AuthLDAPBindDN
> "CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
> AuthLDAPBindPassword *******
> #<LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> #</LimitExcept>
> #AuthzSVNAccessFile /tmp/svntest
> </Location>
>
> However, if I wrap it into a virtual host, I get 500 messages back from
> the server :
>
> <VirtualHost *:80>
> DocumentRoot /var/www/testhtml
> ServerName testserv.company.local
> CustomLog logs/svn_logfile "%t %{SVN-ACTION}e %u" env=SVN-ACTION
> CustomLog logs/testserv_log combined
>
>
> # Other directives here
>
> <Location "/abc">
> AuthBasicProvider ldap
> #DAV svn
> #SVNParentPath /home/SVN
> #SVNIndexXSLT "/svnindex.xsl"
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "Subversion"
> #AuthUserFile /etc/svn-auth-file
> AuthLDAPURL
> "ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
> NONE
> AuthLDAPBindDN
> "CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
> AuthLDAPBindPassword *****
> #<LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> #</LimitExcept>
> #AuthzSVNAccessFile /tmp/svntest
> </Location>
> </VirtualHost>
>
>
> In the error log I get:
>
> [Tue Apr 08 00:14:22 2008] [warn] [client 192.168.117.1] [12209]
> auth_ldap authenticate: user marsh authentication failed; URI /abc
> [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
>
>
>
> But a tcpdump shows that theres not even an attempt to contact our LDAP
> server.
>
> I know that the Virtualhost directives are taking affect as the normal
> logs are written out to the testserv_log file, and it is mapping to /abc
>
> I just dont get why the virtualhost ldaps lookup is failing...
>
> I also tried dropping it back to ldap instead of ldaps to see if it was
> the SSL wrapper, but that makes no difference either.
>
> Any ideas??
>
> Thanks,
>
> Adrian

Report this message