RE: [users@httpd] ldaps auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hold on Dmitriy, I was out of town last week and some kind soul responded to a message I'd put out a couple of weeks ago.  Here it is, I'm going to take his advice and I'll let you know how it goes:

On Thu, 8 Sep 2005, Craig L. Ching wrote:

> Hi all,
>
> This is a follow up on my previous post about getting Apache 
> mod_auth_ldap to work with Novell e-directory.  I'm trying to build 
> apache with ldaps:// support.  I'm using the following versions:
>
> OpenLDAP 2.2.28
> OpenSSL 0.9.7f
> Apache 2.0.54
>
> This is all on SunOS 5.8.
>
> When I run configure I get the following from the LDAP feature:
>
> in error_log.
>
> Is OpenLDAP expected to have ldap_ssl.h?  Or is ldap_start_tls_s 
> support enough?  I'm a bit clueless about the difference between SSL 
> and TLS, I just need to get a secure connection to Novell e-directory.  
> Anyone have a clue how I might get LDAP+SSL to work in Apache?  Thanks for any help!
>
These files are used in the Sun LDAPSDK. The message in the logfile is misleading. OpenLDAP supports SSL but this message indicates that you have not set the LDAPTrustedCA and LDAPTrustedCAType directives.

Point LDAPTrustedCA at the CA's cert file and set LDAPTrustedCAType to the appropriate cert format (probably BASE64_FILE).

See:
http://httpd.apache.org/docs/2.0/mod/mod_ldap.html#ldaptrustedca

You will then see the message in the error log indicate that LDAP SSL is available.

----------------------------------------
"Mon aéroglisseur est plein d'anguilles"
John P. Dodge
Boeing Shared Services


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

 

> -----Original Message-----
> From: Dmitriy Kirhlarov [mailto:dkirhlarov@xxxxxxxxxxxx] 
> Sent: Tuesday, September 20, 2005 1:07 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re: [users@httpd] ldaps auth
> 
> Hi, list!
> 
> On Mon, Sep 19, 2005 at 04:06:21PM -0500, Craig L. Ching wrote:
> > I've been trying to get this to work for 4 weeks now without any
> 
> I think, time to write this question to dev@xxxxxxxxxxxxxxxx 
> or apache-modules@xxxxxxxxxxxxx
> 
> WBR
> --
> Dmitriy Kirhlarov
> OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 
> Moscow, Russia
> P:+7 095 105 7247 F:+7 095 105 7246 
> E:DmitriyKirhlarov@xxxxxxxxxxxx OILspace - The resource 
> enriched - www.oilspace.com
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux