I suggest a 600 perms sub-conf file you 'Include' in the main httpd.conf, illegible to the non-root user. Or use starttls/ssl and add this client's ldap cert to your servers ldap CA chain, protecting the key 600 as you would always do. Same difference. Erik Froese wrote:
I'm trying to move from apache 2.0 to 2.2 and would like to use the supplied *ldap modules that are built into apache. I'd like to authenticate against our LDAP but we don't alow anonymous binds and I'd rather not store an LDAP user's name and pw in an apache conf file to get LDAPauthentication working.I've had success in the past with mm_mod_auth_ldap from muquit.com <http://muquit.com> with apache 2.0. MM_mod_auth_ldap allowed apache to try and bind as the name/pw credentials provided bythe browser using the AuthOnBind directive.Our LDAP directory is rather large (>100,000) and it cuts down on authentication time if we don't have to go through the normal bind, search/compare/verify uniqueness, close, bindprocess that the apache 2.2 module talks about in the docs.In short, is there a way to make apache 2.2 try to bind to the ldap server with the credentialsprovided by the browser and consider itself authenticated if it could bind? Erik Froese
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx