Apache2 mod_auth_ldap with eDirectory 8.x
greg...@juno.com
space via eDirectory. I am able to get it to work fine using regular ldap.
The problem arises when trying to use secure ldap and TLS.
I have exported the root certificate in Base64 (PEM) format and installed
it on our web server. Here is the snippet from my httpd.conf:
LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPTrustedCA conf/ssl.crt/TrustedRootCert.b64
LDAPTrustedCAType BASE64_FILE
<Location /ldap-status>
SetHandler ldap-status
AuthLDAPEnabled on
AuthLDAPURL ldaps://edir.company.com:636/<search filter>
AuthLDAPAuthoritative on
require valid-user
</Location>
When attempting to authenticate I get the following error when using
ndstrace -l on our eDir server:
New TLS connection 0xc43e0 from <ip:port>, monitor = 0xe, index = 2
Monitor 0xe initiating TLS handshake on connection 0xc43e0
()(0x0000:0x00) DoTLSHandshake on connection 0xc43e0
()(0x0000:0x00) TLS accept failure 5 on connection 0xc43e0, setting err =
-5875. Error stack:
()(0x0000:0x00) TLS handshake failed on connection 0xc43e0, err = -5875
Server closing connection 0xc43e0, socket error = -5875
New TLS connection 0x16fe520 from <IP:PORT>, monitor = 0xe, index = 3
Connection 0xc43e0 closed
Monitor 0xe initiating TLS handshake on connection 0x16fe520
()(0x0000:0x00) DoTLSHandshake on connection 0x16fe520
()(0x0000:0x00) TLS accept failure 5 on connection 0x16fe520, setting err =
-5875. Error stack:
()(0x0000:0x00) TLS handshake failed on connection 0x16fe520, err = -5875
Server closing connection 0x16fe520, socket error = -5875
Looking up these error codes in the Novell docs was futile.
Using a command line client we were able to connect just fine with the
secure connection. Has anyone else successfully managed to get Apache to
connect to an eDirectory server using ldaps?
jarv...@ldschurch.org
following to my /etc/openldap/ldap.conf file:
TLS_REQCERT never
Norman