Problem with XAMPP, ldap.conf, LDAPS, SSO, etc...

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Problem with XAMPP, ldap.conf, LDAPS, SSO, etc...

Postby CaseyE » 18. March 2014 22:10

I'm trying to set up seamless single sign-on using mod_authnz_sspi.so found here: https://www.apachehaus.net/modules/mod_authnz_sspi/ . I read somewhere that mod_auth_sspi.so was incompatible with apache 2.4, so I am using the authnz module instead.

I've got it working 90% of the way, but I cannot get LDAP over SSL ("LDAPS") working. Non-encrypted LDAP works fine.

LDAPS reports that my username/password is invalid, but this is not true. I ran into this problem when setting up AD integration with LDAP on IIS, and the solution was for me to put a file at C:\OpenLDAP\sysconf\ldap.conf with the contents:

Code: Select all
TLS_REQCERT never


On IIS, this worked fine.

The problem seems to be that Apache does not look for the ldap.conf file at this location, and I'm not sure how to fix it. I ran process monitor while attempting to log into a test website running XAMPP with my AD credentials, and process monitor shows that httpd.exe is trying to read the file at C:\xampp\apache\%SYSCONFDIR%\ldap.conf. I created an environment variable, %SYSCONFDIR% and set it to 'conf', and put my ldap.conf file in C:\xampp\apache\conf\ldap.conf but this didn't work either.

Does anyone know how to fix this problem? How do I tell Apache the correct location of ldap.conf?

Thank you,
Casey
CaseyE
 
Posts: 3
Joined: 18. March 2014 21:56
Operating System: Windows Server 2008 R2

Re: Problem with XAMPP, ldap.conf, LDAPS, SSO, etc...

Postby CaseyE » 21. March 2014 18:41

So I figured out a fix for this... I created a folder named %SYSCONFDIR% at C:\xampp\apache\ and put the ldap.conf file in there. So the full path to the file is C:\xampp\apache\%SYSCONFDIR%\ldap.conf. I didn't realize % were valid characters for folder name in Windows.

The contents of ldap.conf needs to be:
Code: Select all
TLS_REQCERT never


This opens you up to man-in-the-middle attacks. I'm still working on figuring out how to import the certificate from the Domain Controller to fix this.

You will need to import the cert from your domain controller OR add the ldap.conf with the TLS_REQCERT file to the specified path, or else it will say authentication failed.

In case anyone is wondering, I used SysInternals Process Monitor to figure out where apache (httpd.exe) was looking for ldap.conf.

I'll submit a bug report for this. This happened on XAMPP Version 1.8.3-1
CaseyE
 
Posts: 3
Joined: 18. March 2014 21:56
Operating System: Windows Server 2008 R2


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 54 guests