Debian Lenny, apache2, ldaps to active directory

To: <debian-user@lists.debian.org>
Subject: Debian Lenny, apache2, ldaps to active directory
From: vr <debian-user@iotk.net>
Date: Fri, 19 Feb 2010 14:28:10 -0500
Message-id: <[🔎] 4a2631d5a64e2aa8fa9b96353b4b6706@192.168.0.66>
Reply-to: debian-user@lists.debian.org

Hello,


I'm trying to get SSL enabled between apache2 and ldap communication to a
Microsoft active directory so passwords are not sent in clear text in their
next hop during authentication.


I've got my Debian i386 system up and apache2, ldap, ssl-cert all
installed and also:
* enabled apache2 modules ldap & authnz_ldap.
* confirmed at the active directory server that port 636 is open via
netstat.
* confirmed using nmap that the active directory server shows port 636
open to the network.


In my apache2 virtualhost section, if I use:
"ldap://adserver.domain.tld:389/DC=domain,DC=tld?sAMAccountname?sub?(objectClass=*)"
NONE
I can successfully make connections to https://myserver.domain.tld using
an active directory account, authentication works fine but will be plain
text.


If I use:
"ldaps://adserver.domain.tld:636/DC=domain,DC=tld?sAMAccountname?sub?(objectClass=*)"
SSL
the authentication fails, per my error.log with:
"authentication failed; URi / [LDAP: ldap_simple_bind_s() failed]Can't
contact LDAP server]".


I have searched extensively for ideas to get this working but am at a dead
end.


Are there any admins here who have traveled this path before that might
offer insight or suggestions? Or perhaps some ridicule and insult instead?
It's Friday and I'm in a light-hearted mood. :)

Reply to:

Prev by Date: Re: New kernel / stable Debian fails to detect USB printers
Next by Date: Re: Two Lenny problems
Previous by thread: Re: 1 last line from upgrade to squeeze
Next by thread: mp3 Book Helper
Index(es):
- Date
- Thread