Topic: ldaps with httpd-2.4 Inertnal Error

[aladdin4483]

Hi,

any help about this Error Plz:

The server encountered an internal error or misconfiguration and was unable to complete your request.

conf ssl.conf

SetHandler server-status
Order Deny,Allow
Deny from all
AuthType Basic
AuthName "MyServer"
AuthBasicProvider ldap
#AuthLDAPBindDN cn=admin,dc=test,dc=net
#AuthLDAPBindPassword XXXX
AuthLDAPCompareDNOnServer Off
AuthLDAPURL ldaps://localhos/
#AuthzLDAPAuthoritative off
AuthUserFile /dev/null
Require valid-user
Satisfy any

Thnx!!

[mraddi]

Hello,

- do you already have checked your configuration with "httpd -t" or "httpd -S"?
- do you have included all needed apache-modules?
- is your LDAP-server's hostname really "localhos" without "t"?
- as you are using ldapS: have you ensured that your Apache trusts the LDAP-server's certificate? Maybe you can use ldap for troubleshooting?
- maybe the configuration I have used (within a .htaccess) can help (but is only using ldap instead of ldapS)?

[aladdin4483]

hello,

Using LDAP --> OK
Using htacces --> OK

i tested sertificat server by openssl -connet localhost:636 it's verified OK

[mraddi]

Hello,

if I understand correctly when using only ldap it is working, when using ldapS it is not working?

As "openssl s_client ..." normally does not check the complete validity of the certificate (issuer trusted? cn matching requesting hostname? current date/time between "not valid before" and "not valid after"?) this is not a sufficient test.

- Could you check that the cn or the SAN (subject alternate name) contains "localhost" as your configuration contains this hostname within the ldap-URL?
- Can you verify (maybe with a tcpdump) that the connection is established correctly and not dropped/canceled due to a certificate error (because of untrusted CA or non-matching-hostname)?