Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Upgrade from WebDev 1 to WebDev 2 |
|
Author |
|
jwsnasa
Joined: 05 Jul 2011 Posts: 1
|
Posted: Tue 05 Jul '11 15:26 Post subject: Upgrade from WebDev 1 to WebDev 2 |
|
|
My team recently made some hardware and software updates. Now our longtime stable server won't run correctly.
We run an apache server for the purposes of hosting a Wiki.
Apache: 2.0
PHP: 5.2.5
We upgraded from an old XP box to a rackmount server running Windows Server 2008. We took the migration opportunity to update from WebDev1 to WebDev2. We also went through the process of giving up our self-signed certificate and are now using a signed 3rd part cert.
So here's the problem: We can't bind users to our LDAP server from inside the wiki. We can authenticate, but the bind fails.
Now, we can authenticate AND bind using tester programs, such as Softerra or ldp.exe. But when trying to log-in through the wiki, we get the following error reported to the wiki:
**(I've blanked out the actual server and user entries for privacy purposes)
Entering validDomain
User is using a valid domain.
Setting domain as: XXX
Entering getCanonicalName
Username isn't empty.
Munged username: Xxxxxxxx
Entering authenticate
Entering Connect
Using SSL
Using servers: ldaps://xxxxxxx.xxx.xxx.xxx
Connected successfully
Entering getSearchString
Doing a straight bind
userdn is: XXX\Xxxxxxx
Binding as the user
Failed to bind as XXX\Xxxxxxx
Entering strict.
Returning true in strict().
Entering allowPasswordChange
Entering modifyUITemplate
**(I've blanked out the actual server and user entries for privacy purposes)
The 'error.log' is as follows:
[Tue Jul 05 09:08:01 2011] [info] mod_unique_id: using ip addr xxx.xx.xxx.xxx
[Tue Jul 05 09:08:02 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Tue Jul 05 09:08:02 2011] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jul 05 09:08:02 2011] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jul 05 09:08:02 2011] [info] Init: Initializing (virtual) servers for SSL
[Tue Jul 05 09:08:02 2011] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.8g
[Tue Jul 05 09:08:02 2011] [notice] ModSecurity for Apache 2.1.3 configured
[Tue Jul 05 09:08:02 2011] [warn] module auth_basic_module is already loaded, skipping
[Tue Jul 05 09:08:02 2011] [warn] module authz_user_module is already loaded, skipping
[Tue Jul 05 09:08:02 2011] [warn] The Alias directive in C:/www/Apache22/conf/extra/vhosts/localhost/suite-wordpress.conf at line 11 will probably never match because it overlaps an earlier Alias.
[Tue Jul 05 09:08:02 2011] [warn] The Alias directive in C:/www/Apache22/conf/extra/vhosts/localhost/suite-wordpress.conf at line 11 will probably never match because it overlaps an earlier Alias.
[Tue Jul 05 09:08:02 2011] [info] APR LDAP: Built with Microsoft Corporation. LDAP SDK
[Tue Jul 05 09:08:02 2011] [info] LDAP: SSL support unavailable: LDAP: CA certificates cannot be set using this method, as they are stored in the registry instead.
[Tue Jul 05 09:08:02 2011] [info] mod_unique_id: using ip addr xxx.xx.xxx.xxx
[Tue Jul 05 09:08:03 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Tue Jul 05 09:08:04 2011] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jul 05 09:08:04 2011] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jul 05 09:08:04 2011] [info] Shared memory session cache initialised
[Tue Jul 05 09:08:04 2011] [info] Init: Initializing (virtual) servers for SSL
[Tue Jul 05 09:08:04 2011] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.8g
[Tue Jul 05 09:08:04 2011] [notice] Apache/2.2.6 (Win32) PHP/5.2.5 mod_ssl/2.2.6 OpenSSL/0.9.8g configured -- resuming normal operations
[Tue Jul 05 09:08:04 2011] [notice] Server built: Sep 20 2007 14:13:35
[Tue Jul 05 09:08:04 2011] [notice] Parent: Created child process 3496
[Tue Jul 05 09:08:04 2011] [warn] module auth_basic_module is already loaded, skipping
[Tue Jul 05 09:08:04 2011] [warn] module authz_user_module is already loaded, skipping
[Tue Jul 05 09:08:04 2011] [warn] The Alias directive in C:/www/Apache22/conf/extra/vhosts/localhost/suite-wordpress.conf at line 11 will probably never match because it overlaps an earlier Alias.
[Tue Jul 05 09:08:04 2011] [warn] The Alias directive in C:/www/Apache22/conf/extra/vhosts/localhost/suite-wordpress.conf at line 11 will probably never match because it overlaps an earlier Alias.
[Tue Jul 05 09:08:04 2011] [info] mod_unique_id: using ip addr xxx.xx.xxx.xxx
[Tue Jul 05 09:08:05 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Tue Jul 05 09:08:05 2011] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jul 05 09:08:05 2011] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jul 05 09:08:05 2011] [info] Init: Initializing (virtual) servers for SSL
[Tue Jul 05 09:08:05 2011] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.8g
[Tue Jul 05 09:08:05 2011] [notice] ModSecurity for Apache 2.1.3 configured
[Tue Jul 05 09:08:05 2011] [warn] module auth_basic_module is already loaded, skipping
[Tue Jul 05 09:08:05 2011] [warn] module authz_user_module is already loaded, skipping
[Tue Jul 05 09:08:05 2011] [warn] The Alias directive in C:/www/Apache22/conf/extra/vhosts/localhost/suite-wordpress.conf at line 11 will probably never match because it overlaps an earlier Alias.
[Tue Jul 05 09:08:05 2011] [warn] The Alias directive in C:/www/Apache22/conf/extra/vhosts/localhost/suite-wordpress.conf at line 11 will probably never match because it overlaps an earlier Alias.
[Tue Jul 05 09:08:05 2011] [info] APR LDAP: Built with Microsoft Corporation. LDAP SDK
[Tue Jul 05 09:08:05 2011] [info] LDAP: SSL support unavailable: LDAP: CA certificates cannot be set using this method, as they are stored in the registry instead.
[Tue Jul 05 09:08:05 2011] [info] mod_unique_id: using ip addr xxx.xx.xxx.xxx
[Tue Jul 05 09:08:06 2011] [info] Init: Seeding PRNG with 136 bytes of entropy
[Tue Jul 05 09:08:07 2011] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jul 05 09:08:07 2011] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jul 05 09:08:07 2011] [info] Shared memory session cache initialised
[Tue Jul 05 09:08:07 2011] [info] Init: Initializing (virtual) servers for SSL
[Tue Jul 05 09:08:07 2011] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.8g
[Tue Jul 05 09:08:07 2011] [notice] Child 3496: Child process is running
[Tue Jul 05 09:08:07 2011] [info] Parent: Duplicating socket 412 and sending it to child process 3496
[Tue Jul 05 09:08:07 2011] [info] Parent: Duplicating socket 364 and sending it to child process 3496
[Tue Jul 05 09:08:07 2011] [notice] Child 3496: Acquired the start mutex.
[Tue Jul 05 09:08:07 2011] [notice] Child 3496: Starting 250 worker threads.
[Tue Jul 05 09:08:07 2011] [notice] Child 3496: Starting thread to listen on port 443.
[Tue Jul 05 09:08:07 2011] [notice] Child 3496: Starting thread to listen on port 80.
I have the 3rd party certificate imported through mmc.exe into the cert store as a Computer Account in the Trusted Root Cert Auth.
I've also found that if I edit my Local Settings.php and change:
$wgLDAPEncryptionType = array('DOMAIN' => 'ssl')
-to-
$wgLDAPEncryptionType = array('DOMAIN' => 'clear')
then I can connect. So it will bind, just not as ssl.
Can someone help? |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7371 Location: Germany, Next to Hamburg
|
|
Back to top |
|
|
|
|
|
|