SSL Accelerator and LDAP Auth Question‏

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I noticed in the archive that my message got mangled making it
completely unreadable, so please excuse my double post,   I am posting
from my Gmail account instead.  My original message follows.

I am trying to configure Apache 2.2 to allow act as an SSL accelerator
with LDAP authentication and I'm having two issues.

My first issue is I cannot get Apache to work as an SSL accelerator.
My current configuration:

NameVirtualHost site.system.com:443

<VirtualHost site.system.com:443>

    DocumentRoot "/mnt/data/remote"
    ServerName site.system.com

    SSLEngine On
    SSLCertificateFile /etc/key/cert.crt
    SSLCertificateKeyFile /etc/key/cert.key

    ProxyPass           /app1/       http://srv1.system.com/app1/
    ProxyPassReverse    /app1/       http://srv1.system.com/app1/
    ProxyHTMLURLMap     http://srv1.system.com/app1 /app1
</VirtualHost>

The above configuration works perfectly when it it is configured as a
non-ssl site, and the reverse proxy works exactly as expected.  When
SSL is enabled as it is above, the links within pages for app1 are not
re-written to be https:// and therefore it does not work.  I have
tried fiddling with the ProxyHTMLURLMap to no avail.  Can anyone
suggest where I am going wrong?

My second question is with AuthLdap, and I think is a simple one.  I'd
like to secure my SSL accelerator using LDAP against Active Directory.
 This works as expected, but I was wondering if there was a way to
specify authentication for the entire virtual host rather that
repeating the same configuration in the directory and location blocks.
Below is what hopefully  my final configuration would look like once I
figure out the SSL accelerator with reverse proxy issue above

NameVirtualHost site.system.com:443

<VirtualHost site.system.com:443>
    DocumentRoot "/opt/site"
    ServerName site.system.com

    SSLEngine On
    SSLCertificateKeyFile /etc/key/file.key
    SSLCertificateChainFile /etc/key/file.crt

    ErrorLog /var/log/apache2/remote/error.log
    CustomLog /var/log/apache2/remote/access.log common

    Options -Indexes

    <Directory /*>
            AuthBasicProvider ldap
            AuthType Basic
            AuthzLDAPAuthoritative off
            AuthName "site.system.com"
            AuthLDAPURL
"ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)"
NONE
            AuthLDAPBindDN "user@xxxxxxxxxx"
            AuthLDAPBindPassword password
            require ldap-group DC=site,DC=com
    </Directory>

    #RewriteRule ^/app2$ app2/ [R]
    <Location /app1>
            AuthBasicProvider ldap
            AuthType Basic
            AuthzLDAPAuthoritative off
            AuthName "site.system.com"
            AuthLDAPURL
"ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)"
NONE
            AuthLDAPBindDN "user@xxxxxxxxxx"
            AuthLDAPBindPassword password
            require ldap-group DC=site,DC=com

        ProxyPass http://srv1/app1/
        ProxyPassReverse http://srv1/app1/
        #ProxyHTMLURLMap http://srv1/app1/ /app1/
        #ProxyHTMLURLMap http://srv1/app1 /app1
    </Location>
</VirtualHost>

Any suggestions are appreciated.

Simon

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux