Hi Everyone,

It's fun Friday; actually, I've been trying to get this working for awhile.

I have a PC running Win Server 2008 R2 Standard, with Apache 2.2. I'm using SSL with LDAP to authenticate a private website. Everything starts up just fine, I navigate to the website (https://myDomain.org) and it asks for a userid/pswd. I give it the same userid/password I use to sign on to the server (i.e. it's in the servers Active Directory), and it fails immediately.

Except for the OS and the certificates, this is identical to a working setup on Win Server 2003.

Here's the httpd-ssl.conffile:
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLPassPhraseDialog builtin

SSLMutex default

NameVirtualHost *:443

<VirtualHost *:443>

ServerName myDomain.org
DocumentRoot "C:/Data/Websites/Private"
ServerAdmin myEmail@xxxxxxxxxxxx
ErrorLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/error.log"
TransferLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/access.log"

SSLEngine on


SSLCertificateFile "C:/Data/Websites/Security/ssl.crt"
SSLCertificateKeyFile "C:/Data/Websites/Security/ssl.key"
SSLCACertificateFile "C:/Data/Websites/Security/ssl-certificates.crt"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars

<Directory "C:/Data/Websites/Private">
SSLOptions +StdEnvVars

Options Indexes FollowSymLinks IncludesNOEXEC
AllowOverride AuthConfig
Order allow,deny
Allow from all

AuthBasicProvider ldap
AuthType Basic
AuthName "Private Website"

AuthLDAPURL ldap://localhost:3268/DC=myDomain,DC=org?sAMAccountName?sub?(objectClass=*) NONE
AuthzLDAPAuthoritative on

AuthLDAPBindDN userid@xxxxxxxxxxxx
AuthLDAPBindPassword myPassword
require valid-user

BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

All comments welcome!

*Peter Dow* /
Dow Software Services, Inc.
909 793-9050
petercdow@xxxxxxxxx <mailto:petercdow@xxxxxxxxx>
pdow@xxxxxxxxxxxxxx <mailto:pdow@xxxxxxxxxxxxxx>/

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.