0

We using a VM for a web server running with apache2 regulating a specific service. Both SSH-login and logging to the front end were regulated by our LDAP-server. A few weeks ago, some changes were made to our LDAP server due to increased security protocols. The server addresses were not changed though.

After the change we can still log-in to the VM via ssh, but for some reason, we can't log-in to the web front.

I have sudo rights on the vm, so I can make changes there (but not to our LDAP-server). The web server was set up using perl scripts, which are all saved under /www/mpiseq/*. In there we also have some perl libraries, in one of them, mpiseqGlobals.pm both parameters $ldap_server and $ldap_base are defined.

The apache2.conf file states the correct path

<VirtualHost *:80>
        ServerAdmin [email protected]
        DocumentRoot /www/mpiseq/web
        DirectoryIndex index.cgi index.html
         <Directory /www/mpiseq/web>
                AllowOverride None
               Options ExecCGI FollowSymLinks
                Require all granted
        </Directory>


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

and the default-ssl.conf file

<VirtualHost *:80>
        ServerName VM_NAME
        Redirect permanent / https://VM_NAME
</VirtualHost>
<VirtualHost *:443>
        ServerName VM_NAME
        ServerAdmin [email protected]
        DocumentRoot /www/mpiseq2/web
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/ngs-cert.pem
        SSLCertificateKeyFile /etc/ssl/private/ngs-private-key-nopass.pem
        SSLCertificateChainFile /etc/apache2/certificate/chain.txt
        DirectoryIndex index.cgi index.html
ErrorDocument 404 /404.cgi
ErrorDocument 500 /505.cgi
        <Directory /www/mpiseq2/web>
                AllowOverride None
                Options ExecCGI FollowSymLinks
                Require all granted
        </Directory>


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>

</VirtualHost>

Before the change we didn't use any auth_ldap.conf file, so I don't think this is the reason (but I have no real experience, so what do i know ), but we now added one hoping to solve the problem. But it didn't.

 LDAPConnectionTimeout 3
 LDAPTimeout 10

<Directory /www/mpiseq2/web>
    SSLRequireSSL
    AuthName "LDAP Authentication"
    AuthType Basic
    AuthBasicProvider ldap
    AuthLDAPURL "ldaps://ldapserv1.**** ldapserv2.**** ldapserv3.*****/dc=***,dc=**,dc=**?uid?sub?(objectClass=posixAccount)"
    Require valid-user
 </Directory>

I'm no server administrator and I don't know even where to look for the problem. I have tried to change the auth_ldap.conf as well as all the apache2 conf files, but nothing really made a difference. I don't know if this might be a certificate problem, and also not even sure how to test for that option.

I would appreciate any help you can give or advice where to look for the problem.

2
  • I'm no server administrator and I don't know even where to look for the problem what? How about the some changes were made? This isn't a forum where you speak mysteriously for extra points. Did you even speak to the others about the change?
    – Greg Askew
    Commented Apr 11 at 11:07
  • Do you think I would have asked this question here like that if I didn't? Yes, I did contact them and tried to understand but I didn't. I'm sorry for mistaken this forum also for something which can help people who don't know much about server administration Commented Apr 11 at 12:24

1 Answer 1

0

I found out the solution.

Apparently, now I have to add the port also to the server address.

The correct address was nos as such

$ldapserver => 'ldaps://SERVER.NAME:636'

This let me log in to the front end.

1
  • As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.
    – Community Bot
    Commented Apr 16 at 9:13

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .