Re: [users@httpd] mod_auth_ldap TLS Authoriztion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I am trying to use only TLS. I am using the openldap 2.2.28 libraries. Do I need to have ssl supported libraries even if I need only TLS support.?
I am following through the document http://info.ccone.at/INFO/Apache/mod/mod_auth_ldap.html#AuthLDAPStartTLS.
I have the following entries in the /etc/openldap/ldap.conf for certificate. 

TLS_CACERT /home/httpd/.ldapclientcert.pem
TLS_REQCERT allow
I have not set the options LDAPTrustedGlobalCert, LDAPTrustedClientCert and LDAPTrustedMode. 

Thanks & Regards,
Muthu.

Ricardo Stella wrote:


Well, first things first... Did the module actually linked the ssl
libraries ?  Which libraries did you tried to link it to ?  iPlanet's
only support SSL...

Also, you need to tell apache where the certs are, ie
LDAPTrustedGlobalCert, LDAPTrustedClientCert and LDAPTrustedMode.

Read more http://httpd.apache.org/docs/2.2/mod/mod_ldap.html

There's no such thing as AuthLDAPStartTLS...



Muthu wrote:

Hi all,

        I am trying to use LDAP authentication using mod_auth_ldap
module(ver 3.33) in apache 2.0.55.

        I have a .htaccess file like below,

AuthType Basic
AuthName "Password Required"
AuthLDAPURL ldap://host.domain.net/dc=domain,dc=net?cn
AuthLDAPStartTLS on
require valid-user

When I am accessing the page I am getting the below mentioned error in
the /var/log/apache2/error.log

[Sat Jan 21 13:07:41 2006] [debug] mod_auth_ldap.c(884): LDAP:
auth_ldap not using SSL connections
[Sat Jan 21 13:07:41 2006] [alert] [client 192.168.0.2]
/var/www/localhost/htdocs/test/.htaccess: *Invalid command
'AuthLDAPStartTLS'*, perhaps mis-spelled or defined by a module not
included in the server configuration


If I remove the "AuthLDAPStartTLS on" directive from the .htaccess, I
am getting authenticated against LDAP server. I want to use TLS
authorization. Can somebody help me?.


Thanks & Regards,
Muthu.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux