Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

Wwwxxx.comvam, WWWXXX AMS, WWWXXX.APC, should producers of software based systems services such as atms be held liable for economic injuries suffered when their systems failed, WWWXXX DOCO, WWWXXX BDCE, WWWXXX DACB, wwwxxx,nvif, why atm producer might be held liable for economic injury, wwwxxxy=ServiceLogin

Links

XODOX
Impressum

#1: LDAP within a virtual host

Posted on 2008-04-08 11:37:14 by Adrian Marsh

Hi All,

I'm trying to teach myself ldap and virutal hosting. If I setup a
standard httpd.conf filewith just the below in it, then the ldaps lookup
is successful:

<Location "/wiki">
AuthBasicProvider ldap
#DAV svn
#SVNParentPath /home/SVN
#SVNIndexXSLT "/svnindex.xsl"
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "Subversion"
#AuthUserFile /etc/svn-auth-file
AuthLDAPURL
"ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
NONE
AuthLDAPBindDN
"CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
AuthLDAPBindPassword *******
#<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
#</LimitExcept>
#AuthzSVNAccessFile /tmp/svntest
</Location>

However, if I wrap it into a virtual host, I get 500 messages back from
the server :

<VirtualHost *:80>
DocumentRoot /var/www/testhtml
ServerName testserv.company.local
CustomLog logs/svn_logfile "%t %{SVN-ACTION}e %u" env=SVN-ACTION
CustomLog logs/testserv_log combined


# Other directives here

<Location "/abc">
AuthBasicProvider ldap
#DAV svn
#SVNParentPath /home/SVN
#SVNIndexXSLT "/svnindex.xsl"
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "Subversion"
#AuthUserFile /etc/svn-auth-file
AuthLDAPURL
"ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
NONE
AuthLDAPBindDN
"CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
AuthLDAPBindPassword *****
#<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
#</LimitExcept>
#AuthzSVNAccessFile /tmp/svntest
</Location>
</VirtualHost>


In the error log I get:

[Tue Apr 08 00:14:22 2008] [warn] [client 192.168.117.1] [12209]
auth_ldap authenticate: user marsh authentication failed; URI /abc
[LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]



But a tcpdump shows that theres not even an attempt to contact our LDAP
server.

I know that the Virtualhost directives are taking affect as the normal
logs are written out to the testserv_log file, and it is mapping to /abc

I just dont get why the virtualhost ldaps lookup is failing...

I also tried dropping it back to ldap instead of ldaps to see if it was
the SSL wrapper, but that makes no difference either.

Any ideas??

Thanks,

Adrian

Report this message

#2: Re: LDAP within a virtual host

Posted on 2008-04-08 18:40:16 by Adrian Marsh

ok... solved this one..

It was a stupid networking fault caused by VMware suddenly deciding not
to resolve DNS. re-pointed it and this works. However I have a seperate
question about LDAP/Virtual machines and SSL that I'll post seperately.

Adrian Marsh wrote:
> Hi All,
>
> I'm trying to teach myself ldap and virutal hosting. If I setup a
> standard httpd.conf filewith just the below in it, then the ldaps lookup
> is successful:
>
> <Location "/wiki">
> AuthBasicProvider ldap
> #DAV svn
> #SVNParentPath /home/SVN
> #SVNIndexXSLT "/svnindex.xsl"
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "Subversion"
> #AuthUserFile /etc/svn-auth-file
> AuthLDAPURL
> "ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
> NONE
> AuthLDAPBindDN
> "CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
> AuthLDAPBindPassword *******
> #<LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> #</LimitExcept>
> #AuthzSVNAccessFile /tmp/svntest
> </Location>
>
> However, if I wrap it into a virtual host, I get 500 messages back from
> the server :
>
> <VirtualHost *:80>
> DocumentRoot /var/www/testhtml
> ServerName testserv.company.local
> CustomLog logs/svn_logfile "%t %{SVN-ACTION}e %u" env=SVN-ACTION
> CustomLog logs/testserv_log combined
>
>
> # Other directives here
>
> <Location "/abc">
> AuthBasicProvider ldap
> #DAV svn
> #SVNParentPath /home/SVN
> #SVNIndexXSLT "/svnindex.xsl"
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "Subversion"
> #AuthUserFile /etc/svn-auth-file
> AuthLDAPURL
> "ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
> NONE
> AuthLDAPBindDN
> "CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
> AuthLDAPBindPassword *****
> #<LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> #</LimitExcept>
> #AuthzSVNAccessFile /tmp/svntest
> </Location>
> </VirtualHost>
>
>
> In the error log I get:
>
> [Tue Apr 08 00:14:22 2008] [warn] [client 192.168.117.1] [12209]
> auth_ldap authenticate: user marsh authentication failed; URI /abc
> [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
>
>
>
> But a tcpdump shows that theres not even an attempt to contact our LDAP
> server.
>
> I know that the Virtualhost directives are taking affect as the normal
> logs are written out to the testserv_log file, and it is mapping to /abc
>
> I just dont get why the virtualhost ldaps lookup is failing...
>
> I also tried dropping it back to ldap instead of ldaps to see if it was
> the SSL wrapper, but that makes no difference either.
>
> Any ideas??
>
> Thanks,
>
> Adrian

Report this message