Bug 962819
Summary: | Apache Use of LDAP+SSL Doesn't Work on Windows | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [JBoss] JBoss Enterprise Web Server 2 | Reporter: | Jimmy Wilson <jawilson> | ||||||||
Component: | httpd | Assignee: | Weinan Li <weli> | ||||||||
Status: | CLOSED EOL | QA Contact: | Libor Fuka <lfuka> | ||||||||
Severity: | urgent | Docs Contact: | |||||||||
Priority: | urgent | ||||||||||
Version: | 2.0.0, 2.0.1 | CC: | jclere, jdoyle, mturk, myarboro, pslavice, rsvoboda, weli | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: |
Previously in JBoss Enterprise Web Server, httpd partially supported the Microsoft Windows version of the LDAP SDK. The SSL information for secure LDAP should be stored in the registry but this is not supported by httpd/apr. On Windows, a combination of LDAP and SSL did not work correctly and displayed the following error message:
<screen>LDAP: SSL support unavailable: LDAP: CA certificates cannot be set using this method, as they are stored in the registry instead.</screen>
This issue is fixed in JBoss Enterprise Web Server 2.1 and the secure LDAP information is now stored in the registry without errors as expected.
|
Story Points: | --- | ||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2019-06-13 12:09:53 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Jimmy Wilson
2013-05-14 13:56:12 UTC
This bug isn't yet fixed in 2.4.x upstream. Additionally it is a bit tricky to test/develop on windows so except people from the ASF fix the bug we won't be able to have it EWS 2.0.1. Added DocText. @Jean-Frederic Clere, can you please review the Doc Text content? This issue won't be included in EWS 2.0.1 as it's already NACKed by PM Identified by Jean-Frederic as a Known Issue. Added release note, assuming no workaround exists. Need SMEs to confirm the release note is accurate. I have submitted a better patch upstream for 2.2.25. Now porting to 2.2.22 The upstream patch "https://issues.apache.org/bugzilla/attachment.cgi?id=30881" also applies to our httpd version. I have rebuild httpd with applied patch You can download binaries from https://brewweb.devel.redhat.com/buildinfo?buildID=300050 Note that you only need to extract and copy mod_ldap.so and mod_authnz_ldap.so over the existing EWS. Please check if that does the tick. Is this bug ON_QA ? If so, please change the status. Are you sure Mladen, that only mod_ldap.so and mod_authnz_ldap.so copies from build are enough ? The test still returns httpd status code 500 - internal server error (In reply to Libor Fuka from comment #13) > Are you sure Mladen, that only mod_ldap.so and mod_authnz_ldap.so copies > from build are enough ? > The test still returns httpd status code 500 - internal server error The patch only touches util_ldap.c so yes, that's the only file changed by this patch. No other files are affected. ok, so patch doesn't work. Created attachment 814970 [details]
httpd error_log
Created attachment 814971 [details]
access_log
Created attachment 814972 [details]
ldap conf
Do you have a log files without patched mod_ldap? Yes, I have. error_log is the same. [Tue Oct 22 04:39:14 2013] [info] [client 127.0.0.1] [3152] auth_ldap authenticate: user hnelson authentication failed; URI /ldap-status [LDAP: ldap_simple_bind_s() failed][Server Down] Are you sure the ldap server is running? Sure, LDAP is running you should remove the STARTTLS in the AuthLDAPURL The result is the same without or with STARTTLS Note: TLS | STARTTLS is not supported by the Windows operating system LDAP SDK you need to use SSL or ldaps:// Tested with SSL and it still doesn't work :( We need one more patch http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/util_ldap.h?r1=1375696&r2=1445119&pathrev=1445119&view=patch VERIFED build from #28 (mod_ldap.so, mod_authnz_ldap.so) on MS Windows 2008 32-bit, MS Windows 2008 64-bit, MS Windows 2008R2 64-bit. No regressions found. Changed Doc type to Bug Fix. Updated Doc Text. |