Re: SSL LDAP Connections on Win32

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ok, it's pretty basic:

ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2"

Listen 80

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so

LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so

LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so

#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_svn_module modules/svn/mod_dav_svn.so

LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so

LoadModule ldap_module modules/mod_ldap.so

LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule setenvif_module modules/mod_setenvif.so

LoadModule ssl_module modules/mod_ssl.so

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User daemon
Group daemon
</IfModule>
</IfModule>

ServerAdmin postmaster@localhost

DocumentRoot "D:/wwwroot/htdocs"

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

ErrorLog "logs/error.log"

#LogLevel warn
LogLevel debug

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access.log" common

</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin/"
</IfModule>

DefaultType text/plain

<IfModule mime_module>
    TypesConfig conf/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

# Certificate for conneccting to LDAP server (eDir)
# LDAPTrustedGlobalCert     CA_DER conf/CACert.der
# LDAPTrustedMode        SSL
#LDAPVerifyServerCert    Off

<Directory "D:/wwwroot/htdocs">
        AllowOverride All
        Options FollowSymLinks Includes
        Order allow,deny
        Allow from all
</Directory>

# Subversion setup
<Location "/">
    # LDAP Authentication & Authorization is final; do not check other databases
      AuthzLDAPAuthoritative OFF
     
      AuthLDAPUrl ldaps://ldap.intranet.mysite/o=mysite?uid SSL
     
      # Do basic password authentication (IN THE CLEAR!?) - no, not over SSL
      AuthType Basic
      AuthName "TEST Root directory"
      AuthBasicProvider ldap
     
      Require valid-user
</Location>



On Tue, Feb 26, 2008 at 12:41 PM, Udo Rader <udo.rader@xxxxxxxxxxxxxxx> wrote:

On Tue, 2008-02-26 at 12:35 -0500, Harry Holt wrote:
> Okay, apparently, with the binary distribution of Apache 2.2 for
> Win32, it is not possible to initialize an SSL connection to an LDAP
> server using mod_ldap and mod_authnz_ldap.
>
> During startup I get:
>
> [info] LDAP: SSL support unavailable: LDAP: CA certificates cannot be
> set using this method, as they are stored in the registry instead.
>
> And if I try to initiate an SSL connection with an LDAP server I get:
>
> [warn] [client 127.0.0.1] [8048] auth_ldap authenticate: user vec02
> authentication failed; URI /svn [LDAP: an attempt to set LDAP_OPT_SSL
> on failed.][Parameter Error]
>
> So, my questions:
>
> Am I crazy or is LDAP over SSL just not supported for this
> distribution?  and
>
> If I'm not crazy, is there a binary distribution of aprutil-1.dll that
> will support this (that anyone knows of) or will I have to figure out
> how to compile it myself?
>
> I appreciate any info and pointers.

... maybe you should start by posting some configuration excerpts?

--
Udo Rader

bestsolution.at EDV Systemhaus GmbH
http://www.bestsolution.at


>



--
Harry Holt, PMP
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux