AIX Open Source

 View Only
  • 1.  apache LDAP SSL support unavailable

    Posted Fri April 19, 2024 09:32 PM

    Since upgrading 

    httpd-2.4.56-1.ppc
    mod_ssl-2.4.56-1.ppc

    to

    httpd-2.4.58-1.ppc
    mod_ssl-2.4.58-1.ppc

    Apache can no longer use LDAPS authentication. I see this error in httpd log
    AH01320: LDAP: SSL support unavailable


    # /opt/freeware/sbin/httpd_64 -M | egrep 'ldap|ssl'
     authnz_ldap_module (shared)
     ldap_module (shared)
     ssl_module (shared)

    # rpm -qa | egrep 'ldap|http|ssl'
    httpd-2.4.58-1.ppc
    mod_ssl-2.4.58-1.ppc
    openldap-2.5.16-1.ppc

    Has there been any change to the way apache is compiled ?

    - Building on AIX:
      The following ./configure line is reported to work for AIX:
     
        CC=cc_r; export CC
        CPPFLAGS=-qcpluscmt;export CPPFLAGS
        ./configure --with-mpm=worker --prefix=/usr/local/apache \
          --enable-dav=static --enable-dav_fs=static --enable-ssl=static
          --with-ldap=yes --with-ldap-include=/usr/local/include
          --with-ldap-lib=/usr/local/lib --enable-ldap=static
          --enable-authnz-ldap=static



    ------------------------------
    Dennis Mathews
    ------------------------------


  • 2.  RE: apache LDAP SSL support unavailable

    Posted Wed April 24, 2024 02:23 AM

    Toolbox httpd is built with LDAP & SSL support. Can we get more info from the logs ? 



    ------------------------------
    Ayappan P
    ------------------------------



  • 3.  RE: apache LDAP SSL support unavailable

    Posted Mon April 29, 2024 09:03 PM
    Edited by Dennis Mathews Mon April 29, 2024 09:03 PM

    There isn't much else logged even with debug enabled for apache

    Starting Apache httpd... [Sat Apr 20 12:00:56.295581 2024] [ldap:debug] [pid 21234020] util_ldap.c(2455): AH01303: LDAP: SSL trusted global cert - /etc/certs/XXXXXX.pem (type CA_BASE64)
    
    [Sat Apr 20 12:00:56.334296 2024] [ssl:info] [pid 21234020] AH01876: mod_ssl/2.4.58 compiled against Server: Apache/2.4.58, Library: OpenSSL/1.1.1l

    [Sat Apr 20 13:22:07.188539 2024] [ldap:debug] [pid 19726674] util_ldap.c(3039): AH01316: LDAP merging Shared Cache conf: shm=0x110081e18 rmm=0x110081e70 for VHOST: XXXXXXXXXXXXXXXXXXXX
    [Sat Apr 20 13:22:07.188623 2024] [ldap:debug] [pid 19726674] util_ldap.c(3039): AH01316: LDAP merging Shared Cache conf: shm=0x110081e18 rmm=0x110081e70 for VHOST: XXXXXXXXXXXXXXXXXXXX
    [Sat Apr 20 13:22:07.188638 2024] [ldap:debug] [pid 19726674] util_ldap.c(3039): AH01316: LDAP merging Shared Cache conf: shm=0x110081e18 rmm=0x110081e70 for VHOST: XXXXXXXXXXXXXXXXXXXX
    [Sat Apr 20 13:22:07.192775 2024] [ldap:info] [pid 19726674] AH01320: LDAP: SSL support unavailable



    ------------------------------
    Dennis Mathews
    ------------------------------