Ldap – Apache LDAPS Authentication


I am having a difficult time setting up an LDAPS authentication for my directory /var/svn.

Here is the configuration file I have for Apache:

LDAPTrustedGlobalCert CERT_BASE64 /etc/openldap/cacerts/Cert.pem

<VirtualHost *:80>
  ServerName myserver.com
  DocumentRoot /var/www
  <Location /svn>
    DAV svn
    SVNParentPath /var/svn
    AuthType Basic
    AuthBasicProvider ldap
    AuthLDAPBindDN "mybind_dn"
    AuthLDAPBindPassword "mypassword"
    AuthLDAPURL "ldaps://my_ldap_server:636/credentials"
    AuthName "Authorized Personnel Only"
    Require valid-user

When I try to access "myserver.com/svn" I get a "Internal Server Error" (500) and nothing shows up in the error logs. I know LDAPS is working at the operating systems level (I have a test script that confirms this), so I'm really at a loss.

Any ideas?

EDIT: If I leave out the LDAP authentication and use just basic authentication (with a .htpasswd file), it works just fine.

Best Answer

As it turns out, this was a "special case" issue, however I will post my findings to help anyone else having a similar problem.

It stemmed from my LDAP server having an invalid security certificate. Because Apache didn't know what to do with a "faulty" certificate, it panicked and just dropped everything. To force apache to ignore faulty certificates, place the following line in your httpd.conf file:

 LDAPVerifyServerCert off

Doing this, and a quick apache restart gave me the results I have been looking for.