From owner-freebsd-questions@FreeBSD.ORG  Fri Jan 13 02:54:48 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4CD2D16A41F
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Jan 2006 02:54:48 +0000 (GMT)
	(envelope-from brent@academy.netmojo.ca)
Received: from academy.netmojo.ca (academy.pims.math.ca [198.161.29.185])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 10D0943D46
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Jan 2006 02:54:47 +0000 (GMT)
	(envelope-from brent@academy.netmojo.ca)
Received: by academy.netmojo.ca (Postfix, from userid 500)
	id 862142126D; Thu, 12 Jan 2006 19:56:15 -0700 (MST)
Date: Thu, 12 Jan 2006 19:56:15 -0700
From: Brent Kearney <brent@kearneys.ca>
To: freebsd-questions@freebsd.org
Message-ID: <20060113025614.GA5073@kearneys.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Subject: apache2.0.55 w/ mod_ldap & tls
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jan 2006 02:54:48 -0000

Hello,

I'm having some trouble getting apache's ldap module to connect to my openldap server 
using TLS.  The reason it won't initiate an SSL connection is evident in the logs:

[Thu Jan 12 20:45:49 2006] [debug] util_ldap.c(1341): LDAP: SSL trusted certificate authority file type - BASE64_FILE
[Thu Jan 12 20:45:49 2006] [notice] SIGHUP received.  Attempting to restart
[Thu Jan 12 20:45:50 2006] [debug] util_ldap.c(1341): LDAP: SSL trusted certificate authority file type - BASE64_FILE
[Thu Jan 12 20:45:51 2006] [notice] Digest: generating secret for digest authentication ...
[Thu Jan 12 20:45:51 2006] [notice] Digest: done
[Thu Jan 12 20:45:51 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Thu Jan 12 20:45:51 2006] [notice] LDAP: SSL support unavailable
[Thu Jan 12 20:45:51 2006] [notice] Apache/2.0.55 (FreeBSD) mod_ssl/2.0.55 OpenSSL/0.9.7e DAV/2 PHP/5.1.1 configured -- resuming normal operations


I found this bug report, which details what looks like the same problem:

http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86416

However, it also mentions that the bug was supposed to be fixed in Apache 2.0.55, 
which I'm running.  As in that bug report, I am also using FreeBSD 5.4.  I added
"LDAPTrustedCAType BASE64_FILE" to my httpd.conf file as suggested, but it makes
no difference.

Ironically, it was working before I upgraded from apache 2.0.54.

Any suggestions are welcome.

Thanks,

Brent