nerdexam
CompTIA

LX0-104 · Question #183

When using the auth_ldap module with Apache 1.3, the log displays several messages containing "protocol error". Which of the following steps should be followed to fix the problem?

The correct answer is A. AuthLDAPStartTLS must be set to on.. An Apache auth_ldap module reporting 'protocol error' when connecting to LDAP often indicates a failed attempt at secure communication, which can be resolved by enabling AuthLDAPStartTLS in the Apache configuration.

Essential System Services

Question

When using the auth_ldap module with Apache 1.3, the log displays several messages containing "protocol error". Which of the following steps should be followed to fix the problem?

Options

  • AAuthLDAPStartTLS must be set to on.
  • BLDAPv2 should be disallowed.
  • CLDAPv3 should be allowed.
  • DThe Apache module must be turned on in slapd.conf.
  • EThe apache_auth.schema must be included in slapd.conf.

How the community answered

(62 responses)
  • A
    79% (49)
  • B
    10% (6)
  • C
    3% (2)
  • D
    2% (1)
  • E
    6% (4)

Why each option

An Apache `auth_ldap` module reporting 'protocol error' when connecting to LDAP often indicates a failed attempt at secure communication, which can be resolved by enabling `AuthLDAPStartTLS` in the Apache configuration.

AAuthLDAPStartTLS must be set to on.Correct

Protocol error in the context of auth_ldap often indicates a failure in establishing a secure connection or a mismatch in expected security protocols. Setting AuthLDAPStartTLS to on forces the Apache module to use the StartTLS extended operation, upgrading an insecure LDAP connection to a secure TLS connection, which can resolve protocol negotiation issues if the server expects or requires TLS.

BLDAPv2 should be disallowed.

Disallowing LDAPv2 is a general best practice for security but does not directly address a 'protocol error' that might stem from TLS negotiation issues, as both v2 and v3 can experience such errors.

CLDAPv3 should be allowed.

LDAPv3 is the modern, preferred protocol, but simply 'allowing' it does not resolve a specific 'protocol error' if the underlying issue is TLS negotiation, which is a separate mechanism.

DThe Apache module must be turned on in slapd.conf.

The Apache module is configured in Apache's configuration files (e.g., httpd.conf), not in slapd.conf, which is the configuration for the OpenLDAP server itself.

EThe apache_auth.schema must be included in slapd.conf.

The apache_auth.schema is an LDAP schema definition, not an Apache module configuration setting, and its inclusion in slapd.conf (if it were relevant) would not directly cause or fix an Apache-side 'protocol error' related to connection establishment.

Concept tested: Apache auth_ldap TLS/StartTLS configuration

Source: https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html

Topics

#Apache#LDAP authentication#Troubleshooting#StartTLS

Community Discussion

No community discussion yet for this question.

Full LX0-104 Practice