Apache use of LDAP+SSL doesn't work on Windows. There's an upstream bug report (linked).
This bug isn't yet fixed in 2.4.x upstream. Additionally it is a bit tricky to test/develop on windows so except people from the ASF fix the bug we won't be able to have it EWS 2.0.1.
Added DocText. @Jean-Frederic Clere, can you please review the Doc Text content?
This issue won't be included in EWS 2.0.1 as it's already NACKed by PM
Identified by Jean-Frederic as a Known Issue. Added release note, assuming no workaround exists. Need SMEs to confirm the release note is accurate.
I have submitted a better patch upstream for 2.2.25. Now porting to 2.2.22
The upstream patch "https://issues.apache.org/bugzilla/attachment.cgi?id=30881" also applies to our httpd version.
I have rebuild httpd with applied patch You can download binaries from https://brewweb.devel.redhat.com/buildinfo?buildID=300050 Note that you only need to extract and copy mod_ldap.so and mod_authnz_ldap.so over the existing EWS. Please check if that does the tick.
Is this bug ON_QA ? If so, please change the status.
Are you sure Mladen, that only mod_ldap.so and mod_authnz_ldap.so copies from build are enough ? The test still returns httpd status code 500 - internal server error
(In reply to Libor Fuka from comment #13) > Are you sure Mladen, that only mod_ldap.so and mod_authnz_ldap.so copies > from build are enough ? > The test still returns httpd status code 500 - internal server error The patch only touches util_ldap.c so yes, that's the only file changed by this patch. No other files are affected.
ok, so patch doesn't work.
Created attachment 814970 [details] httpd error_log
Created attachment 814971 [details] access_log
Created attachment 814972 [details] ldap conf
Do you have a log files without patched mod_ldap?
Yes, I have. error_log is the same.
[Tue Oct 22 04:39:14 2013] [info] [client 127.0.0.1] [3152] auth_ldap authenticate: user hnelson authentication failed; URI /ldap-status [LDAP: ldap_simple_bind_s() failed][Server Down] Are you sure the ldap server is running?
Sure, LDAP is running
you should remove the STARTTLS in the AuthLDAPURL
The result is the same without or with STARTTLS
Note: TLS | STARTTLS is not supported by the Windows operating system LDAP SDK you need to use SSL or ldaps://
Tested with SSL and it still doesn't work :(
We need one more patch http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/util_ldap.h?r1=1375696&r2=1445119&pathrev=1445119&view=patch
New build: https://brewweb.devel.redhat.com/buildinfo?buildID=302150
VERIFED build from #28 (mod_ldap.so, mod_authnz_ldap.so) on MS Windows 2008 32-bit, MS Windows 2008 64-bit, MS Windows 2008R2 64-bit. No regressions found.
Changed Doc type to Bug Fix. Updated Doc Text.