No luck on this thread. Let me ask a different question: Is anyone using ldaps authentication - or ldap for that matter? Anyone using ldaps to AD? Thanks, Grant --------------- > -----Original Message----- > From: Sturgis, Grant > Sent: Wednesday, January 18, 2006 2:12 PM > To: users@xxxxxxxxxxxxxxxx > Subject: [users@httpd] ldaps authentication > > Greetings List, > > I have seen this question posted several times, but have not seen a > resolution. If it is in the archives, I apologize for not seeing it > there. > > I have ldap authentication working using mod_auth_ldap, but I want to > enable ldaps to avoid transmitting passwords in clear text. > This is the > configuration so far: > > <Directory "/home/httpd/ldap_test"> > AuthType basic > AuthName "ldap test" > AuthLDAPUrl > ldap://dc1.domain.com/dc=domain,dc=com?sAMAccountName?sub?(obj > ectClass=u > ser) > AuthLDAPBindDN cn=nobody,ou=Users-IT,dc=domain,dc=com > AuthLDAPBindPassword password > AuthLDAPGroupAttribute member > require group cn=ldap_test_group,ou=Users-IT,dc=domain,dc=com > </Directory> > > however, to enable ldaps, I add these lines (outside the > <Directory>, of > course): > > LDAPTrustedCA /etc/httpd/conf/cacerts/dc1.cer > LDAPTrustedCAType BASE64_FILE > > and then change ldap to ldaps in the AuthLDAPUrl line > > and it stops working. > > I have used this cert successfully in pam_ldap and ldapsearch. > > Any suggestions for what I could be doing wrong? > > The details: > > RHEL ES 4 > httpd-2.0.52-22.ent > > Thanks for any suggestions, > > Grant > ----------------- > > > > > Pardon this rubbish: > > > This electronic message transmission is a PRIVATE > communication which contains > information which may be confidential or privileged. The > information is intended > to be for the use of the individual or entity named above. If > you are not the > intended recipient, please be aware that any disclosure, > copying, distribution > or use of the contents of this information is prohibited. > Please notify the > sender of the delivery error by replying to this message, or > notify us by > telephone (877-633-2436, ext. 0), and then delete it from your system. > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx