Hi,I am trying to use only TLS. I am using the openldap 2.2.28 libraries. Do I need to have ssl supported libraries even if I need only TLS support.?
I am following through the document http://info.ccone.at/INFO/Apache/mod/mod_auth_ldap.html#AuthLDAPStartTLS.
I have the following entries in the /etc/openldap/ldap.conf for certificate.
TLS_CACERT /home/httpd/.ldapclientcert.pem TLS_REQCERT allowI have not set the options LDAPTrustedGlobalCert, LDAPTrustedClientCert and LDAPTrustedMode.
Thanks & Regards, Muthu. Ricardo Stella wrote:
Well, first things first... Did the module actually linked the ssl libraries ? Which libraries did you tried to link it to ? iPlanet's only support SSL... Also, you need to tell apache where the certs are, ie LDAPTrustedGlobalCert, LDAPTrustedClientCert and LDAPTrustedMode. Read more http://httpd.apache.org/docs/2.2/mod/mod_ldap.html There's no such thing as AuthLDAPStartTLS... Muthu wrote:Hi all, I am trying to use LDAP authentication using mod_auth_ldap module(ver 3.33) in apache 2.0.55. I have a .htaccess file like below, AuthType Basic AuthName "Password Required" AuthLDAPURL ldap://host.domain.net/dc=domain,dc=net?cn AuthLDAPStartTLS on require valid-user When I am accessing the page I am getting the below mentioned error in the /var/log/apache2/error.log [Sat Jan 21 13:07:41 2006] [debug] mod_auth_ldap.c(884): LDAP: auth_ldap not using SSL connections [Sat Jan 21 13:07:41 2006] [alert] [client 192.168.0.2] /var/www/localhost/htdocs/test/.htaccess: *Invalid command 'AuthLDAPStartTLS'*, perhaps mis-spelled or defined by a module not included in the server configuration If I remove the "AuthLDAPStartTLS on" directive from the .htaccess, I am getting authenticated against LDAP server. I want to use TLS authorization. Can somebody help me?. Thanks & Regards, Muthu.--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx