RE: [users@httpd] ldaps authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



No luck on this thread.  Let me ask a different question:

Is anyone using ldaps authentication - or ldap for that matter?  

Anyone using ldaps to AD?

Thanks,

Grant
--------------- 

> -----Original Message-----
> From: Sturgis, Grant 
> Sent: Wednesday, January 18, 2006 2:12 PM
> To: users@xxxxxxxxxxxxxxxx
> Subject: [users@httpd] ldaps authentication
> 
> Greetings List,
> 
> I have seen this question posted several times, but have not seen a
> resolution.  If it is in the archives, I apologize for not seeing it
> there.
> 
> I have ldap authentication working using mod_auth_ldap, but I want to
> enable ldaps to avoid transmitting passwords in clear text.  
> This is the
> configuration so far:
> 
> <Directory "/home/httpd/ldap_test">
>    AuthType basic
>    AuthName "ldap test"
>    AuthLDAPUrl
> ldap://dc1.domain.com/dc=domain,dc=com?sAMAccountName?sub?(obj
> ectClass=u
> ser)
>    AuthLDAPBindDN cn=nobody,ou=Users-IT,dc=domain,dc=com
>    AuthLDAPBindPassword password
>    AuthLDAPGroupAttribute member
>    require group cn=ldap_test_group,ou=Users-IT,dc=domain,dc=com
> </Directory>
> 
> however, to enable ldaps, I add these lines (outside the 
> <Directory>, of
> course):
> 
> LDAPTrustedCA /etc/httpd/conf/cacerts/dc1.cer
> LDAPTrustedCAType BASE64_FILE
> 
> and then change ldap to ldaps in the AuthLDAPUrl line
> 
> and it stops working.
> 
> I have used this cert successfully in pam_ldap and ldapsearch.  
> 
> Any suggestions for what I could be doing wrong?  
> 
> The details:
> 
> RHEL ES 4
> httpd-2.0.52-22.ent
> 
> Thanks for any suggestions,
> 
> Grant
> -----------------
> 
> 
> 
> 
> Pardon this rubbish:
> 
> 
> This electronic message transmission is a PRIVATE 
> communication which contains
> information which may be confidential or privileged. The 
> information is intended 
> to be for the use of the individual or entity named above. If 
> you are not the 
> intended recipient, please be aware that any disclosure, 
> copying, distribution 
> or use of the contents of this information is prohibited. 
> Please notify the
> sender  of the delivery error by replying to this message, or 
> notify us by
> telephone (877-633-2436, ext. 0), and then delete it from your system.
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
> 

This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is intended 
to be for the use of the individual or entity named above. If you are not the 
intended recipient, please be aware that any disclosure, copying, distribution 
or use of the contents of this information is prohibited. Please notify the
sender  of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux