After upgrading a machine from fedora 13 to fedora 14 (with all
updates), I was suddenly unable to get its httpd to authenticate
with my LDAP servers. After connecting my browser to the web server
with https, and typing in my username and password,
I get an Internal Server Error response.
My configuration is:
LDAPTrustedGlobalCert CA_BASE64 /etc/pki/tls/certs/ca-bundle.crt
LDAPTrustedGlobalCert CA_BASE64 /etc/openldap/cacerts/cacert.asc
AuthName "User Login"
AuthLDAPURL "ldap://serv1.foo.orgserv2.foo.org/dc=foo,dc=org" TLS
The httpd debugging log shows:
auth_ldap authenticate: user XXXX authentication failed;
[LDAP: ldap_start_tls_s() failed][Connect error]
Changing AuthLDAPURL to use SSL instead of TLS also fails but with:
[LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
tcpdump shows that the httpd client connects to the LDAP server,
and is sent:
Start TLSrequest accepted Server willing to negotiate SSL
but no certificate info is exchanged and the client quickly closes
Changing AuthLDAPURL to use NONE makes it connect successfully.
serv1 uses a cert purchased from GoDaddy,
and serv2 uses a self signed cert
(which is /etc/openldap/cacerts/cacert.asc).
Both servers are 389-ds.
Both certs mentioned in LDAPTrustedGlobalCert are valid and world
readable. ldapsearch is able to connect to both servers with TLS.
On another machine with the same httpd configuration, but still at
fedora 13, httpd is able to connect securely even
without the LDAPTrustedGlobalCert lines.
As a side note, after upgrading to fedora 14, I had to add
to /etc/nss_ldap.conf and /etc/pam_ldap.conf
and also add
in order to get those to work.
Under fedora 13, everything worked without those lines.
I don't know if this is a problem with httpd's mod_authnz_ldap
or its mod_ldap or with openldap, or just a configuration mistake
on my part, but it used to work before the upgrade.
I have searched all over for an answer to this problem
because I can't believe that I am the only one having it,
but I have found nothing.
I welcome any ideas.
Sorry for the length:-) I have used RedHat/Fedora since the company
started. But for the last few years (since F9) I have been doing
science. I tried to install F14 and found many changes. Much of what one
used accomplish by editing configuration files is now done using GUIs
I would like to know how the system works at the configuration file
level. What are the switches that can be included on the kernel command
line? Is there any way to control Plymouth so that the commands are
visible and one drops to a login prompt at the end? What is upstart
calling and what files does it modify? When one configures a dual head
display under gnome, what tools are used and what files are modified?
What auto configurations are controlled by HAL and udev and whatever?
Is there a document or book that can purchased/downloaded that explains
what is going on under the covers? I have found fragments via Google.
The software development I preform does not lend itself well to the
desktop environment. Most of my work is done from the command line
and/or under emacs. I currently use fvwm2 with a 6X6 grid of desktops.
If this query is not appropriate for this list, please suggest the
Not sure where to find the answer to this question. Google wasn't
helpful. The users on this list are a great repository of knowledge so
I thought to try here.
Is there a bash command that tells an executing script what *its* path
is? Not the path where the user is but where the script is. If not
that then a series of commands that yield the same result? Maybe some
way of using 'ps'?
Has me stumped and my dog-eared "UNIX in a Nutshell" hasn't exposed the
goodies either ;)
I have followed the man page of time commande to put a certain output
However, time command does not recognise -f option.
Could you help please.
[adel@localhost generateInstance]$ time -f "%e" ls
bash: -f: command not found
PhD candidate in Computer Science
3 avenue lamine, cité ezzahra, Sousse 4000
tel: +216 97 246 706 (+33640302046 jusqu'au 15/6)
fax: +216 71 391 166
It all started with Puppy Linux 5.2. I setup a LiveCD and jumped in to get
familiar with it. I had some trouble with connectivity. I eventually got
around to trying my linksys Wireless-G dongle. This showed some promise
although I was unable to find the correct Puppy driver for the dongle and
eventually removed the Wireless-G and shelved that project. Later on, I
tried to log on with Fedora and found that NetworkManager was now unusable.
Okay, after fiddling around with it for a while, I did a complete reinstall
of Fedora (including reformatting the disk) and low-and-behold
NetworkManager still doesn't work. I would have thought the Fedora reinstall
would have installed the correct driver but apparently it didn't. I am able
to send this because I have plugged the Wireless-G back in. (aargh!) Has
anyone ever seen this sort of thing?