I test this patch. It work for me. But little issue finded. When you use DER or BASE64 packed CAcert you must describe it as BASE64_FILE. ----- Forwarded message from Ondrej Sury <ondrej@xxxxxxxx> ----- On Tue, 2005-09-20 at 17:12 +0100, Dmitriy Kirhlarov wrote: > On Tue, Sep 20, 2005 at 05:51:44PM +0200, Ondrej Sury wrote: > > > As I write previously -- I get error message, when apache started. WITHOUT connection to ldap-server (I specialy look tcpdump for this). > > > > This message ("LDAP: SSL support unavailable") has nothing to do with > > real connection to LDAP, LDAPTrustedCA and LDAPTrustedCAType is > > processed when apache starts on global scope of configuration. > > > > For more info see modules/experimental/util_ldap.c BTW: You need to use mod_ldap from 2.0.x HEAD, because mod_ldap in 2.0.54 and before is broken. You also propably want to use my backported patch which fixes caching brokeness when there is null value in result set: http://issues.apache.org/bugzilla/show_bug.cgi?id=36563 > Oh, yes... True. > I think possible only 3 problems: > - this module compiled without SSL (How I can test it?) False. It would give you "LDAP: Not built with SSL support." (see line 1624). > - certificate, needed for apache -- not a standart BASE64, or DER > cert, getted from openssl (Where I can read -- how to modify cert for > apache?) Just tested it, you need to setup LogLevel debug *before* mod_ldap configuration. apache2.conf very beginning seems to be nice place :-) > - bug in util (How I can help to find it?) Nope. It works :-). [Tue Sep 20 21:12:36 2005] [debug] /build/buildd/apache2-2.0.54/build-tree/apache2/modules/experimental/util_ldap.c(1285): LDAP: SSL trusted certificate authority file - /etc/ssl/certs/Visa_International_Global_Root_2.pem [Tue Sep 20 21:12:36 2005] [debug] /build/buildd/apache2-2.0.54/build-tree/apache2/modules/experimental/util_ldap.c(1314): LDAP: SSL trusted certificate authority file type - BASE64_FILE [Tue Sep 20 21:14:02 2005] [debug] /build/buildd/apache2-2.0.54/build-tree/apache2/modules/experimental/util_ldap.c(1437): LDAP merging Shared Cache conf: shm=0x81458b0 rmm=0x81458e0 for VHOST: maple.active24.cz [Tue Sep 20 21:14:02 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK [Tue Sep 20 21:14:02 2005] [notice] LDAP: SSL support available [Tue Sep 20 21:14:02 2005] [debug] /build/buildd/apache2-2.0.54/build-tree/apache2/modules/experimental/util_ldap.c(1625): Initialisation of global mutex /tmp/fileEjifvx in child process 10050 successful. [Tue Sep 20 21:14:02 2005] [debug] /build/buildd/apache2-2.0.54/build-tree/apache2/modules/experimental/util_ldap.c(1625): Initialisation of global mutex /tmp/fileEjifvx in child process 10052 successful. -- Ondrej Sury <ondrej@xxxxxxxx> ----- End forwarded message ----- WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 F:+7 095 105 7246 E:DmitriyKirhlarov@xxxxxxxxxxxx OILspace - The resource enriched - www.oilspace.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx