Prev: installing snort
Next: tcpdump?
From: vr on 19 Feb 2010 14:40
Hello,


I'm trying to get SSL enabled between apache2 and ldap communication to a
Microsoft active directory so passwords are not sent in clear text in their
next hop during authentication.


I've got my Debian i386 system up and apache2, ldap, ssl-cert all
installed and also:
* enabled apache2 modules ldap & authnz_ldap.
* confirmed at the active directory server that port 636 is open via
netstat.
* confirmed using nmap that the active directory server shows port 636
open to the network.


In my apache2 virtualhost section, if I use:
"ldap://adserver.domain.tld:389/DC=domain,DC=tld?sAMAccountname?sub?(objectClass=*)"
NONE
I can successfully make connections to https://myserver.domain.tld using
an active directory account, authentication works fine but will be plain
text.


If I use:
"ldaps://adserver.domain.tld:636/DC=domain,DC=tld?sAMAccountname?sub?(objectClass=*)"
SSL
the authentication fails, per my error.log with:
"authentication failed; URi / [LDAP: ldap_simple_bind_s() failed]Can't
contact LDAP server]".


I have searched extensively for ideas to get this working but am at a dead
end.


Are there any admins here who have traveled this path before that might
offer insight or suggestions? Or perhaps some ridicule and insult instead?
It's Friday and I'm in a light-hearted mood. :)


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/4a2631d5a64e2aa8fa9b96353b4b6706(a)192.168.0.66
 | 
Pages: 1
Prev: installing snort
Next: tcpdump?