We using a VM for a web server running with apache2
regulating a specific service. Both SSH-login and logging to the front end were regulated by our LDAP-server. A few weeks ago, some changes were made to our LDAP server due to increased security protocols. The server addresses were not changed though.
After the change we can still log-in to the VM via ssh, but for some reason, we can't log-in to the web front.
I have sudo
rights on the vm, so I can make changes there (but not to our LDAP-server). The web server was set up using perl scripts, which are all saved under /www/mpiseq/*
. In there we also have some perl libraries, in one of them, mpiseqGlobals.pm
both parameters $ldap_server
and $ldap_base
are defined.
The apache2.conf
file states the correct path
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /www/mpiseq/web
DirectoryIndex index.cgi index.html
<Directory /www/mpiseq/web>
AllowOverride None
Options ExecCGI FollowSymLinks
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
and the default-ssl.conf
file
<VirtualHost *:80>
ServerName VM_NAME
Redirect permanent / https://VM_NAME
</VirtualHost>
<VirtualHost *:443>
ServerName VM_NAME
ServerAdmin [email protected]
DocumentRoot /www/mpiseq2/web
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ngs-cert.pem
SSLCertificateKeyFile /etc/ssl/private/ngs-private-key-nopass.pem
SSLCertificateChainFile /etc/apache2/certificate/chain.txt
DirectoryIndex index.cgi index.html
ErrorDocument 404 /404.cgi
ErrorDocument 500 /505.cgi
<Directory /www/mpiseq2/web>
AllowOverride None
Options ExecCGI FollowSymLinks
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
</VirtualHost>
Before the change we didn't use any auth_ldap.conf file, so I don't think this is the reason (but I have no real experience, so what do i know ), but we now added one hoping to solve the problem. But it didn't.
LDAPConnectionTimeout 3
LDAPTimeout 10
<Directory /www/mpiseq2/web>
SSLRequireSSL
AuthName "LDAP Authentication"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldaps://ldapserv1.**** ldapserv2.**** ldapserv3.*****/dc=***,dc=**,dc=**?uid?sub?(objectClass=posixAccount)"
Require valid-user
</Directory>
I'm no server administrator and I don't know even where to look for the problem. I have tried to change the auth_ldap.conf
as well as all the apache2 conf files, but nothing really made a difference. I don't know if this might be a certificate problem, and also not even sure how to test for that option.
I would appreciate any help you can give or advice where to look for the problem.
I'm no server administrator and I don't know even where to look for the problem
what? How about thesome changes were made
? This isn't a forum where you speak mysteriously for extra points. Did you even speak to the others about the change?