Forums

Resolved
0 votes
Hello everyone, I'm hoping someone could give me some leads on this issue regarding web authentication with OpenLDAP.

I've created different virtual hosts from webconfig in the web server, also included the hosts files on machines to point them directly, everything works good but after a couple of hours the authentication fails even in Flexshare directories.

I've tested user and passwords locally from CLI on the server, and it works listing all my group and permissions, so LDAP is working and checking my user rights fine, but I can't access anymore to the different virtualhosts listed in the webconfig, /etc/httpd/conf.d/flex-443.conf and /etc/httpd/conf.d/flex-80.conf

I've found this in /var/log/messages each time I tried to login.
Aug 12 12:46:22 clear pwauth: pam_ldap: ldap_search_s No such object
Aug 12 12:47:28 clear auditd[852]: Audit daemon rotating log files
Aug 12 12:54:10 clear pwauth: pam_ldap: ldap_search_s No such object
Aug 12 12:54:19 clear pwauth: pam_ldap: ldap_search_s No such object

Hope someone could give some hints or help with this, since I've reinstalling the system each time this happens since I couldn't figure it out how to fix it.

from /etc/httpd/conf.d/flex-443.conf:

#----------------------------------------------------------------
# WARNING: This file is automatically created by webconfig.
#----------------------------------------------------------------

NameVirtualHost *:443

# Authentication mechanism
DefineExternalAuth pwauth pipe /usr/bin/pwauth
DefineExternalGroup pwauth pipe /usr/bin/unixgroup

# -----------------------------------------------#
# Web Site
# -----------------------------------------------#

<VirtualHost *:443>
ServerName webserver
DocumentRoot /var/www/html
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# No weak export crypto allowed
# SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:!EXP:+eNULL
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
DefineExternalAuth pwauth pipe /usr/bin/pwauth
DefineExternalGroup pwauth pipe /usr/bin/unixgroup
</VirtualHost>

# -----------------------------------------------#
# Web Site
# -----------------------------------------------#

<VirtualHost *:443>
ServerName wiki.marfil
DocumentRoot /var/www/virtual/wiki.marfil
ErrorLog /var/log/httpd/wiki.marfil_error_log
CustomLog /var/log/httpd/wiki.marfil_access_log combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# No weak export crypto allowed
# SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:!EXP:+eNULL
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>

# -----------------------------------------------#
# Web Site
# -----------------------------------------------#

<VirtualHost *:443>
ServerName factu.marfil
DocumentRoot /var/www/virtual/factu.marfil
ScriptAlias /cgi-bin/ /var/flexshare/shares/factu.marfil/cgi-bin/
ErrorLog /var/log/httpd/factu.marfil_error_log
CustomLog /var/log/httpd/factu.marfil_access_log combined
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# No weak export crypto allowed
# SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:!EXP:+eNULL
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
DefineExternalAuth pwauth pipe /usr/bin/pwauth
DefineExternalGroup pwauth pipe /usr/bin/unixgroup
</VirtualHost>
# -----------------------------------------------#
# File Share
# -----------------------------------------------#

ScriptAlias /flexshare/depcomercial/cgi-bin/ /var/flexshare/shares/depcomercial/cgi-bin/
Alias /flexshare/depcomercial /var/flexshare/shares/depcomercial

<VirtualHost *:443>
ServerName depcomercial.clear.marfil
DocumentRoot /var/flexshare/shares/depcomercial
ScriptAlias /cgi-bin/ /var/flexshare/shares/depcomercial/cgi-bin/
ErrorLog /var/log/httpd/clear.marfil_error_log
CustomLog /var/log/httpd/clear.marfil_access_log common
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# No weak export crypto allowed
# SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:!EXP:+eNULL
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
DefineExternalAuth pwauth pipe /usr/bin/pwauth
DefineExternalGroup pwauth pipe /usr/bin/unixgroup
</VirtualHost>

<Directory /var/flexshare/shares/depcomercial/cgi-bin>
Options +ExecCGI
</Directory>

<Directory /var/flexshare/shares/depcomercial>
Options +Indexes +FollowSymLinks -IncludesNOExec
AllowOverride All
AuthName "departamento comercial"
AuthType Basic
AuthBasicProvider external
AuthExternal pwauth
AuthzUnixgroup on
Require group allusers
Order deny,allow
Allow from all
AddType text/html .php
AddHandler php5-script .php
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>
Wednesday, August 12 2015, 06:05 PM
Share this post:
Responses (0)
  • There are no replies here yet.
Your Reply