Bug#463278: marked as done (apache2.2-common: mod_auth_ldap doesnt work with LDAPVerifyServerCert Off)

Your message dated Thu, 31 Jan 2008 09:58:00 +0100 with message-id <20080131085800.GA17216@eibe.hagk.net> and subject line Bug#463278: Acknowledgement (apache2.2-common: mod_auth_ldap doesnt work with LDAPVerifyServerCert Off) has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.)

Debian bug tracking system administrator (administrator, Debian Bugs database)

attached mail follows:

Package: apache2.2-common
Version: 2.2.3-4+etch3
Severity: normal

The usage of

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

        LDAPVerifyServerCert Off

does normally disable the verfication of valid SSL certificates, if an auth-rule connect to a LDAP-server with ldaps://0.0.0.0:636/....

The debian package result with an entry in the slapd.log

Jan 30 18:37:25 hostname slapd[3087]: conn=3323 fd=14 ACCEPT from
IP=127.0.0.1:42555 (IP=0.0.0.0:636)
Jan 30 18:37:25 hostname slapd[3087]: conn=3323 fd=14 closed (TLS negotiation

The apache configuration is approved with other distros. The auth-configuration works w/o SSL.
The ldapsearch-util does works with a SSL connection.

• System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686-bigmem Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)

Versions of packages apache2.2-common depends on:

ii  apache2-utils              2.2.3-4+etch3 utility programs for webservers
ii  libmagic1                  4.17-5etch3   File type determination library us
ii  lsb-base                   3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii  mime-support               3.39-1        MIME files 'mime.types' & 'mailcap
ii  net-tools                  1.60-17       The NET-3 networking toolkit
ii  procps                     1:3.2.7-3     /proc file system utilities

apache2.2-common recommends no packages.

• no debconf information

  attached mail follows:

  ---

  Do you need more help?

  In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

Hi,

Apache 2.2 required a restart or clearing of other internal (SSL?) caching algorithm.

It works (but not with a simple reload of the configuration).

regards
Hagen

--

To UNSUBSCRIBE, email to debian-apache-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Received on Thu Jan 31 04:05:26 2008