Re: [users@httpd] mod_auth_ldap TLS Authoriztion

Ricardo Stella <stella@xxxxxxxxx> · Wed, 25 Jan 2006 10:07:56 -0500

Muthu wrote:
> Hi,
>
>       I am trying to use only TLS. I am using the openldap 2.2.28
> libraries. Do I need to have ssl supported libraries even if I need
> only TLS support.?
>
>       I am following through the document
> http://info.ccone.at/INFO/Apache/mod/mod_auth_ldap.html#AuthLDAPStartTLS.
>
Looks like that's someone elses module.  There are many auth ldap
modules out there.  And if someone else wrote that one, you should
contact the author.

If you are using the one that comes with the apache distro, then look at
it's documentation in the link I provided below...

In any case, it seems you need to do a bit more reading about openldap
(http://www.openldap.org/doc/admin23/install.html)

4.2.1. Transport Layer Security

OpenLDAP clients and servers require installation of OpenSSL TLS
libraries to provide Transport Layer Security services. Though some
operating systems may provide these libraries as part of the base system
or as an optional software component, OpenSSL often requires separate
installation.

>       I have the following entries in the /etc/openldap/ldap.conf for
> certificate.
>
> TLS_CACERT /home/httpd/.ldapclientcert.pem
> TLS_REQCERT allow
>
>       I have not set the options  LDAPTrustedGlobalCert,
> LDAPTrustedClientCert and LDAPTrustedMode.
>
> Thanks & Regards,
> Muthu.
>
> Ricardo Stella wrote:
>
>> Well, first things first... Did the module actually linked the ssl
>> libraries ?  Which libraries did you tried to link it to ?  iPlanet's
>> only support SSL...
>>
>> Also, you need to tell apache where the certs are, ie
>> LDAPTrustedGlobalCert, LDAPTrustedClientCert and LDAPTrustedMode.
>>
>> Read more http://httpd.apache.org/docs/2.2/mod/mod_ldap.html
>>
>> There's no such thing as AuthLDAPStartTLS...
>>
>>
>>
>> Muthu wrote:
>>  
>>
>>> Hi all,
>>>
>>>         I am trying to use LDAP authentication using mod_auth_ldap
>>> module(ver 3.33) in apache 2.0.55.
>>>
>>>         I have a .htaccess file like below,
>>>
>>> AuthType Basic
>>> AuthName "Password Required"
>>> AuthLDAPURL ldap://host.domain.net/dc=domain,dc=net?cn
>>> AuthLDAPStartTLS on
>>> require valid-user
>>>
>>> When I am accessing the page I am getting the below mentioned error in
>>> the /var/log/apache2/error.log
>>>
>>> [Sat Jan 21 13:07:41 2006] [debug] mod_auth_ldap.c(884): LDAP:
>>> auth_ldap not using SSL connections
>>> [Sat Jan 21 13:07:41 2006] [alert] [client 192.168.0.2]
>>> /var/www/localhost/htdocs/test/.htaccess: *Invalid command
>>> 'AuthLDAPStartTLS'*, perhaps mis-spelled or defined by a module not
>>> included in the server configuration
>>>
>>>
>>> If I remove the "AuthLDAPStartTLS on" directive from the .htaccess, I
>>> am getting authenticated against LDAP server. I want to use TLS
>>> authorization. Can somebody help me?.
>>>
>>>
>>> Thanks & Regards,
>>> Muthu.
>>>   
>>
>>  
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>

-- 

°(((=((===°°°(((===========================================