Temos o Linux RHEL6 com o httpd 2.2.15 e depois de logados com o nome de usuário LDAP e
password, erro de retorno do apache 500. Retornar este erro somente se você usar ldaps
(porta 636), para o ldap (porta 389) funciona bem.
Com a seguinte configuração:
<VirtualHost _default_:443>
SSLEngine On
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /etc/pki/tls/certs/xxx.crt
SSLCertificateKeyFile /etc/pki/tls/private/xxxxxxxxx.key
ServerName xxxxxxxxxx
ServerAlias xxxxxxxxxxxxx
DocumentRoot /var/www/xxxxxxxx
# Specific configuration
<Location /private/status>
SetHandler server-status
</Location>
<Location />
AuthType Basic
AuthName "Admin xxxxxx"
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldaps://ldap.xxxxxxxx.com/ou=People,dc=xxxxx,dc=com?uid?one
Require ldap-user xxxx xxxx
</Location>
ErrorLog logs/xxxxxxxx-ssl-error_log
CustomLog logs/xxxxxxxxx-ssl-access_log combined
</VirtualHost>
Módulos carregados:
auth_basic_module
ldap_module
authnz_ldap_module
A mesma configuração funciona com o RHEL5.xe o httpd 2.2.3
Nenhuma informação disponível sobre esse erro no log de erros do servidor.
Paramos o httpd, excluímos todos os logs e, em seguida, iniciamos o httpd e tentamos
para acessar o site, apenas uma vez. Apache não escreve nada em qualquer log de erro
arquivo quando ocorre o 500 Internal Server Error.
ls -al /var/log/httpd/
total 16 drwx------. 2 apache apache 4096 Jan 21 15:56 . drwxr-xr-x. 8 root root 4096 Jan 18 13:50 ..
-rw-r--r--. 1 root root 0 Jan 21 15:56 access_log
-rw-r--r--. 1 root root 3038 Jan 21 15:56 error_log
-rw-r--r--. 1 root root 595 Jan 21 15:56 takeover-ssl-access_log
-rw-r--r--. 1 root root 0 Jan 21 15:56 takeover-ssl-error_log
cat /var/log/httpd/*
[Fri Jan 21 15:56:13 2011] [notice] SELinux policy enabled; httpd running as
context unconfined_u:system_r:httpd_t:SystemLow
[Fri Jan 21 15:56:13 2011] [info] Init: Seeding PRNG with 0 bytes of entropy
[Fri Jan 21 15:56:13 2011] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[Fri Jan 21 15:56:13 2011] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Fri Jan 21 15:56:13 2011] [warn] Init: Session Cache is not configured [hint:
SSLSessionCache]
[Fri Jan 21 15:56:13 2011] [info] Init: Initializing (virtual) servers for SSL
[Fri Jan 21 15:56:13 2011] [info] mod_ssl/2.2.15 compiled against Server: Apache/2.2.15, Library: OpenSSL/1.0.0-fips
[Fri Jan 21 15:56:13 2011] [debug] util_ldap.c(2058): LDAP merging Shared Cache
conf: shm=0x7fe25bad19f8 rmm=0x7fe25bad1a50 for VHOST: takeover.fluendo.lan
[Fri Jan 21 15:56:13 2011] [info] APR LDAP: Built with OpenLDAP LDAP SDK
[Fri Jan 21 15:56:13 2011] [info] LDAP: SSL support available
[Fri Jan 21 15:56:13 2011] [info] Init: Seeding PRNG with 0 bytes of entropy
[Fri Jan 21 15:56:13 2011] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[Fri Jan 21 15:56:13 2011] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Fri Jan 21 15:56:13 2011] [info] Init: Initializing (virtual) servers for SSL
[Fri Jan 21 15:56:13 2011] [info] mod_ssl/2.2.15 compiled against Server:
Apache/2.2.15, Library: OpenSSL/1.0.0-fips
[Fri Jan 21 15:56:13 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 25893 for worker proxy:reverse
[Fri Jan 21 15:56:13 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 25893 for (*)
[Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 25894 for worker proxy:reverse
[Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 25894 for (*)
[Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 25895 for worker proxy:reverse
[Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 25895 for (*)
[Fri Jan 21 15:56:14 2011] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15
OpenSSL/1.0.0-fips configured -- resuming normal operations
[Fri Jan 21 15:56:14 2011] [info] Server built: Aug 14 2010 08:53:20
[Fri Jan 21 15:56:14 2011] [debug] prefork.c(1013): AcceptMutex: sysvsem
(default: sysvsem)
[Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1818): proxy: grabbed
scoreboard slot 0 in child 25896 for worker proxy:reverse
[Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1837): proxy: worker
proxy:reverse already initialized
[Fri Jan 21 15:56:14 2011] [debug] proxy_util.c(1934): proxy: initialized
single connection worker 0 in child 25896 for (*)
172.17.5.59 - - [21/Jan/2011:15:56:32 +0100] "GET / HTTP/1.1" 401 401 "-"
"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like
Gecko) Chrome/8.0.552.224 Safari/534.10"
172.17.5.59 - sgafsgaf [21/Jan/2011:15:56:42 +0100] "GET / HTTP/1.1" 500 536
"-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like
Gecko) Chrome/8.0.552.224 Safari/534.10"
172.17.5.59 - sgafsgaf [21/Jan/2011:15:56:42 +0100] "GET /favicon.ico HTTP/1.1"
500 536 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10
(KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10"