-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [replying to my own post, *sigh*] Well, my continued testing must've joggled something, because today at least it did the SSL handshake before sending an alert and tearing down the connection. I do have it working now. Our ADS DCs have a collective name which has an A RR for each DC, plus separate names for each DC (of course). The certificate on each DC has CN=individual-name, and the certificate verification freaked when a cert. was received which didn't textually match the hostname from the ldaps: URL. Listing the six individual DC hostnames in the URL yielded a working configuration. For the record, here's the .htaccess that worked: AuthLDAPBindDN "my user account's DN" AuthLDAPBindPassword "my user account's password" AuthLDAPURL "ldaps://host1 host2 host3 host4 host5 host6/base?CN?one" AuthName ADS AuthType Basic Require valid-user (with secrets and semi-secrets replaced, of course). - -- Mark H. Wood, Lead System Programmer mwood@xxxxxxxxx Open-source executable: $0.00. Source: $0.00 Control: priceless! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iD8DBQFCXqbZs/NR4JuTKG8RAo4FAJ9KqQfpzfvcAKh0GGvq39RvM8gI6gCcDzmq O/Oz6OPG/1eUJ6AhtsRVrOw= =B0Ok -----END PGP SIGNATURE----- --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|