Hi

I don't remember having any of these directives when I set up Kerberos in Apache on 6.1 - have you set up EIM on the IBM i?

Maybe this is another way to do Kerberos on IBM i with Apache, but I didn't need to - just curious. Is it a way to do this in other flavors of Apache that run on other operating systems?

Vern

On 7/27/2015 5:25 PM, Dhiren Sahu wrote:
Hi Kevin,

Thanks for going through the issue.
/www/XMHPORTAL/Conf/LDAP.conf

LDAP.Relam "XDNR LDAP"
LDAP.URL "ldap:// 144.27.16.21:389/DC=xdnr"
LDAP.ObjectClass user
LDAP.Appid QIBM_HTTP_CLIENT_XMHPORTAL
LDAP.Application.DN XMHGWPXC
LDAP.Application.Password.stashFile
QIBM/UserData/HTTPSVR/LDAP/XMHPORTAL/133679023345.stash
LDAP.Group.MemberAttributes "member uniquemember"
LDAP.User.Name.FieldSep "\t,"
LDAP.Group.Name.Filter(&(SAMAccountName=%v)(objectClass=group))
LDAP.Group.Name.Filter(&(SAMAccountName=%v1)(objectClass=user))


I removed all LDAP related validation from httpd.conf but still the same
error.
I debugged the CLLE and put a break point in first executable line.
The error occurred even before it reach that first line of code.


The error is in the call of the CLLE program(EPHDR01C)

<div id = "header">
<script type = "text/javascript">
DvPage ('/cgi-bin/EPHDR01C.pgm','header') <----------------------Error
occuring at this line
</script>
</div>

Regards
Dhiren


On Mon, Jul 27, 2015 at 8:21 AM, Kevin Turner <
kevin.turner@xxxxxxxxxxxxxxxxxxxx> wrote:

What does /www/XMHPORTAL/Conf/LDAP.conf look like?

Sent from my iPad

On 27 Jul 2015, at 00:41, Dhiren Sahu <dhirensahu07@xxxxxxxxx> wrote:

Hi Scott,

We have contacted IBM but yet to receive any reply from them.
As I mentioned earlier the application running fine in v5r3 but throwing
error in v7r1.

From network trace we found the following error
HTTP:response, HTTP/1.1,Status:Internal server
error,URL:/cgi-bin/EPHDR01C.pgm {HTTP:102,TCP:101,IPv4:77}


=========================================================================================================
The error in HTTP log file says
[error] [client 156.80.16.184] ZSRV_MSG066C:ap_get_kerberos_auth :
kerberos
Authentication failed with code 3021,switching to baisc
[error] [client 156.80.16.184] ZSRV_MSG0107:Premature end of script
headers: File name is EPHDR01C.pgm


=======================================================================================================

Our current HTTP Apache server in v5r3
version : Apache/2.0.58
Server built : sep 12 2006 12:50:14
Server's module magic Number : 20020903:12
Server loded:APR 0.9.5-DEV,APR-UTIL 0.9.5-dev
compiled using :APR 0.9.12-DEV,APR-UTIL 0.9.12
Architecture :128 -bit

HTTP Apche server in v7r1 release
version : Apache/2.2.11(i5) with large file support
Server built : Nov 15 2012 09:34:30
Server's module magic Number : 20051115:21
Server loded:APR 1.3.3 ,APR-UTIL 1.3.4
compiled using :APR 1.3.3,APR-UTIL 1.3.4
Architecture :128 -bit
Server MPM : Worker
threaded :yes


===================================================================================
httpd.conf



#configuration originally created by create HTTP server wizard
loadModule ibm_ldap_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVLDAP.SRVPGM

Listen *:8081 FRCA

Alias /XMHP /www/XMHPORTAL/Htdocs/XMHP/Html
Alias /XCss /www/XMHPORTAL/Htdocs/XMHP/Css
Alias /XImage /www/XMHPORTAL/Htdocs/XMHP/Image
Alias /XIncl /www/XMHPORTAL/Htdocs/XMHP/Include
Alias /XTxt /www/XMHPORTAL/Htdocs/XMHP/Txt

DocumentRoot /www/XMHPORTAL/Htdocs/XMHP/Html
DirectoryIndex index.html XMHportal.html

ScriptAlias /cgi-bin/ /QSYS.LIB/CGILDLIB.LIB

Timeout 2147483647
StartCGI 1

Logmaint logs/error_log 28 0
options +ExecCGI +IncludesNoExec
FileEtag +INode +MTime +Size
ErrorDocument 403 '/XEHP/XMHPNoAut.html'
logFormat "%h %l %u %t \"%r\" %>s %b\"%{Referer}i\"
\"%{User-Agent}i\""combined
setEnvIf Request_method "(GET)"dontlog
Customlog logs/access_log common env=!donotlog


<Directory/>
order allow,deny
Deny from all
options -Indexes -ExecCGI -includes
AllowOverride options
Satisfy All
</Directory>


<Directory /www/XMHPORTAL/Htdocs>
order deny , Allow
allow from all
Require valid-user
Satisfy All
AuthType basic
AuthName XMHPortallogin
PasswdFile %%LDAP%%
LDAPConfigureFile /www/XMHPORTAL/Conf/LDAP.conf
options -Indexes -ExecCGI -include
</Directory>


<Directory /QSYS.LIB/CGILDLIB.LIB>
Sethandler cgi-script
options +ExecCGI
Satisfy All
AuthType Basic
AuthName XMHPortallogin
order Allow ,Deny
allow from all
Require valid-user
PasswdFile %%LDAP%%
LDAPConfigureFile /www/XMHPORTAL/Conf/LDAP.conf

</Directory>


=================================================================================================
/wwww/XMHPORTAL/htdocs/XMHP/html/XMHportal.html

<html>

<head>
<title> XMH Portal</title>
<meta http-equiv = "Content-type" content ="text/html;charset-iso-8859-1"
<link href ="/Xcss/XMHPcss.css" rel="stylesheet" type = "text/css">
<script src = "XIncl/XMHPLDv.js"></script>
<script src = "XIncl/XMHPdate.js"></script>
</head>

<body>

<div id = "lock">
</div>
</div>


<div id = "MPage">
<div id = "logo">
</div>


<div id = "header">
<script type = "text/javascript">
DvPage ('/cgi-bin/EPHDR01C.pgm','header') <----------------------Error
occuring at this line
</script>
</div>

===============================================================================================
*Thanks in advance for any help you are able to provide.*

--Dhiren












On Wed, Jul 15, 2015 at 11:22 PM, Scott Klement <web400@xxxxxxxxxxxxxxxx

wrote:

Hello,

The IBM HTTP Server is an IBM product. Perhaps you should contact IBM
Support for assistance?

I am not familiar with the error you've provided. I do not know how to
assist you.

-SK



On 7/15/2015 4:41 PM, Dhiren Sahu wrote:


Hi,


we have a CGI portal application hosted on IBMi using LDAP basic
authentication.

The application running fine on v5r3.


We migrated the application to v7R1 and getting the below error as
soon
as attempting to call the login page.

ZSRV_MSG066C : ap_get_kerberos_auth:Kerberos authentication failed with
error code 3021, switching to Basic .


your help much appreciated.



Thanks!

Dhiren
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.


___________________________________________
This email has been scanned by iomartcloud.
http://www.iomartcloud.com/

________________________________

NOTICE: The information in this electronic mail transmission is intended
by CoralTree Systems Ltd for the use of the named individuals or entity to
which it is directed and may contain information that is privileged or
otherwise confidential. If you have received this electronic mail
transmission in error, please delete it from your system without copying or
forwarding it, and notify the sender of the error by reply email or by
telephone, so that the sender's address records can be corrected.




--------------------------------------------------------------------------------


CoralTree Systems Limited
Company Registration Number 5021022.
Registered Office:
12-14 Carlton Place
Southampton
Hampshire
SO15 2EA
VAT Registration Number 834 1020 74.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.