[Fedora-directory-devel] re: apache ldap over SSL.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

As I recall ssl enabled communications are very fussy about the hostname that their certificates were created for. So try using your hostname.localnet name to connect to the IP and see if that helps.
There is really little point in enabling ssl connections to localhost anyway. 

Good Luck!
-Joe Baker

From: "Mickael Besse" <mickaelb@xxxxxxxxxxx>
Subject: [Fedora-directory-devel] apache ldap over SSL.
To: fedora-directory-devel@xxxxxxxxxx
Message-ID: <BAY104-F3037FD70C02E1E7B3174A2C98B0@xxxxxxx>
Content-Type: text/plain; charset=iso-8859-1; format=flowed

I have a problem to use apache ldap over SSL.

os: fedora core 3 (updated with yum)
tools :fedora directory server 1.0.2, HTTPd 2.0.53, mod_ssl 1:2.0.53, mod_auth_ldap, mod_ldap, 

errors :
In /var/log/http/error_log: auth_ldap authenticate: user test authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
In /opt/fedora-ds/slapd-id/logs/access : SSL connection from 127.0.0.1 to 127.0.0.1 
						  closed - Encountered end of file


I have no probleme without ssl.

In http.conf:

LDAPTrustedCA /etc/httpd/conf/ssl.crt/certificat.pem
LDAPTrustedCAType BASE64_FILE


<Directory "/var/www/html">

AuthLDAPEnabled on
AuthLDAPURL ldaps://name_of_LDAPserver:636/dc=***,dc=***?uid
require group dn_groupe
</Directory>
In fedora directory server, I use certutil -L -d . -P slapd-serverID- -n "CA certificate" -a > cacert.asc to export CA cert. Then, I copy the contents of cacert.asc in /etc/httpd/conf/ssl.crt/certificat.pem. 

So /etc/httpd/conf/ssl.crt/certificat.pem look like:

-----BEGIN CERTIFICATE-----
kjbfilqbvlsdbvlisdf........
-----END CERTIFICATE-----


Note this message in access log when the httpd server start
LDAP: Built with OpenLDAP LDAP SDK
LDAP: SSL support unavailable


Did a solution for this problem ?
Can I use apache / ssl / auth_mod_ldap / ldap(s) togheter ?
Maybe a miss somethings ?

Did I have to rebuild my module auth_ldap module ?
I want to rebuild the srpm from fedora core 3 updates, and include --with-ldap-sdk=netscape for the auth_ldap module. But I have no idea where to specifie this. httpd.spec file defines core options, but not modules options. Where can I specied configure options for auth_ldap modules ? This hints would be very appreciated... 

The time you spend to me is very appreciated
regards

_________________________________________________________________
Windows Live Mail : découvrez et testez la version bêta ! http://www.ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911fb2b2e6d 



------------------------------

--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel


End of Fedora-directory-devel Digest, Vol 12, Issue 1
*****************************************************
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux