02-24-2012 03:24 PM
I got a call from a user today that our apache auth_ldap link
into an external ldap server is no longer working.
I haven't rebooted the server.
The only thing I can think of that has changed in the last
few weeks is that we have enabled "trusted mode".
Would that interrupt auth_ldap traffic? Where should I be looking?
02-25-2012 02:03 AM
The authentication modules of Apache are all completely separate from HP-UX system authentication, so the change to trusted mode should not have had no effect whatsoever.
Start with the basics.
- What does the Apache error log say when authentication is attempted?
- Do you have network connectivity to the LDAP server? (ping, telnet to the server's LDAP/LDAPS port as appropriate)
- If you're using LDAPS, did the server's SSL certificate change? (you could use "openssl s_client -connect ldap.server:636 </dev/null" to dump the SSL certificate the LDAP server is actually using in PEM encoded form, then save it to a file and run "openssl x509 -in certificate.txt -noout -text" to view it in human-readable form)
- Does the LDAP server allow anonymous binds, or do you need to specify AuthLDAPBindDN and AuthLDAPBindPassword? If you have to specify them, can you verify that they are correct? (Can you use some other LDAP client to successfully query the LDAP server, either anonymously or using Apache's BindDN and password?)