服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Apache通过LDAP安全端口validation返回500错误(ldaps)
Intereting Posts
nginx通过HTTPS从不同的主机提供content / ssl 禁用系统日志远程连接 为PHP安装PCNTL模块,无需重新编译 如何configuration远程桌面会话主机服务器使用第三方CA和证书? 一台机器上的Hyper-V 我如何在FreeBSD中自动安装Perl模块? 最大打开文件 – 为什么没有错误? 在本地装载ZFS zvol快照会给出“无效参数” CentOSvalidation后端PHP和Apache修复 configuration邮件中继 Sendmail chdir(/ clientmqueue)权限被拒绝 arp请求本地networking中不存在的主机 思科ASA:允许build立的stream量恢复 委托删除打印队列权限 哪种FTP备份系统适用于这种情况?

Apache通过LDAP安全端口validation返回500错误(ldaps)

我们有Linux的RHEL6与httpd 2.2.15,并与LDAP用户名和密码loving后,Apache返回500错误。 仅当您使用ldaps(端口636),ldap(端口389)正常工作时才返回此错误。

有了以下configuration: 

<VirtualHost _default_:443> SSLEngine On SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /etc/pki/tls/certs/xxx.crt SSLCertificateKeyFile /etc/pki/tls/private/xxxxxxxxx.key ServerName xxxxxxxxxx ServerAlias xxxxxxxxxxxxx DocumentRoot /var/www/xxxxxxxx # Specific configuration <Location /private/status> SetHandler server-status </Location> <Location /> AuthType Basic AuthName "Admin xxxxxx" AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPURL ldaps://ldap.xxxxxxxx.com/ou=People,dc=xxxxx,dc=com?uid?one Require ldap-user xxxx xxxx </Location> ErrorLog logs/xxxxxxxx-ssl-error_log CustomLog logs/xxxxxxxxx-ssl-access_log combined </VirtualHost>

加载模块:

auth_basic_module ldap_module authnz_ldap_module

RHEL5.x和httpd 2.2.3也可以使用相同的configuration

在服务器错误日志中没有关于此错误的信息。

我们停止了httpd,我们删除了所有日志,然后我们启动httpd,试图访问该网站,只是一次。 发生500内部服务器错误时,Apache不会在任何错误日志文件中写入任何内容。

ls -al / var / log / httpd / 

 total 16 drwx------. 2 apache apache 4096 Jan 21 15:56 . drwxr-xr-x. 8 root root 4096 Jan 18 13:50 .. -rw-r--r--. 1 root root 0 Jan 21 15:56 access_log -rw-r--r--. 1 root root 3038 Jan 21 15:56 error_log -rw-r--r--. 1 root root 595 Jan 21 15:56 takeover-ssl-access_log -rw-r--r--. 1 root root 0 Jan 21 15:56 takeover-ssl-error_log

cat / var / log / httpd / * 

 [Fri Jan 21 15:56:13 2011] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:SystemLow [Fri Jan 21 15:56:13 2011] [info] Init: Seeding PRNG with 0 bytes of entropy [Fri Jan 21 15:56:13 2011] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Fri Jan 21 15:56:13 2011] [info] Init: Generating temporary DH parameters (512/1024 bits) [Fri Jan 21 15:56:13 2011] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Fri Jan 21 15:56:13 2011] [info] Init: Initializing (virtual) servers for SSL [Fri Jan 21 15:56:13 2011] [info] mod_ssl/2.2.15 compiled against Server: Apache/2.2.15, Library: OpenSSL/1.0.0-fips [Fri Jan 21 15:56:13 2011] [debug] util_ldap.c(2058): LDAP merging Shared Cache conf: shm=0x7fe25bad19f8 rmm=0x7fe25bad1a50 for VHOST: takeover.fluendo.lan [Fri Jan 21 15:56:13 2011] [info] APR LDAP: Built with OpenLDAP LDAP SDK [Fri Jan 21 15:56:13 2011] [info] LDAP: SSL support available [Fri Jan 21 15:56:13 2011] [info] Init: Seeding PRNG with 0 bytes of entropy [Fri Jan 21 15:56:13 2011] [info] Init: Generating temporary RSA private keys (512/1024 bits) [Fri Jan 21 15:56:13 2011] [info] Init: Generating temporary DH parameters (512/1024 bits) [Fri Jan 21 15:56:13 2011] [info] Init: Initializing (virtual) servers for SSL [Fri Jan 21 15:56:13 2011] [info] mod_ssl/2.2.15 compiled against Server: Apache/2.2.15, Library: OpenSSL/1.0.0-fips [Fri Jan 21 15:56:13 2011] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 25893 for worker proxy:reverse [Fri Jan 21 15:56:13 2011] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 25893 for (*) [Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 25894 for worker proxy:reverse [Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized [Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 25894 for (*) [Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 25895 for worker proxy:reverse [Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized [Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 25895 for (*) [Fri Jan 21 15:56:14 2011] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations [Fri Jan 21 15:56:14 2011] [info] Server built: Aug 14 2010 08:53:20 [Fri Jan 21 15:56:14 2011] [debug] prefork.c(1013): AcceptMutex: sysvsem (default: sysvsem) [Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 0 in child 25896 for worker proxy:reverse [Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized [Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1934): proxy: initialized single connection worker 0 in child 25896 for (*) 172.17.5.59 - - [21/Jan/2011:15:56:32 +0100] "GET / HTTP/1.1" 401 401 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10" 172.17.5.59 - sgafsgaf [21/Jan/2011:15:56:42 +0100] "GET / HTTP/1.1" 500 536 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10" 172.17.5.59 - sgafsgaf [21/Jan/2011:15:56:42 +0100] "GET /favicon.ico HTTP/1.1" 500 536 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10"

您还需要一个或多个LDAPTrusted *指令; 请参阅链接页面以了解详细信息。 如果没有这些function,首先无法build立与LDAP服务器的连接,所以Apache抛出了它的手,并返回500(这对于不适合于任何其他类别的错误来说是一种满足感) 。