apache ldap over SSL.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a problem to use apache ldap over SSL.

os: fedora core 3 (updated with yum)
tools :fedora directory server 1.0.2, HTTPd 2.0.53, mod_ssl 1:2.0.53, mod_auth_ldap, mod_ldap, 

errors :
In /var/log/http/error_log: auth_ldap authenticate: user test authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
In /opt/fedora-ds/slapd-id/logs/access : SSL connection from 127.0.0.1 to 127.0.0.1 
						  closed - Encountered end of file


I have no probleme without ssl.

In http.conf:

LDAPTrustedCA /etc/httpd/conf/ssl.crt/certificat.pem
LDAPTrustedCAType BASE64_FILE


<Directory "/var/www/html">

AuthLDAPEnabled on
AuthLDAPURL ldaps://name_of_LDAPserver:636/dc=***,dc=***?uid
require group dn_groupe
</Directory>
In fedora directory server, I use certutil -L -d . -P slapd-serverID- -n "CA certificate" -a > cacert.asc to export CA cert. Then, I copy the contents of cacert.asc in /etc/httpd/conf/ssl.crt/certificat.pem. 

So /etc/httpd/conf/ssl.crt/certificat.pem look like:

-----BEGIN CERTIFICATE-----
kjbfilqbvlsdbvlisdf........
-----END CERTIFICATE-----


Note this message in access log when the httpd server start
LDAP: Built with OpenLDAP LDAP SDK
LDAP: SSL support unavailable


Did a solution for this problem ?
Can I use apache / ssl / auth_mod_ldap / ldap(s) togheter ?
Maybe a miss somethings ?

Did I have to rebuild my module auth_ldap module ?
I want to rebuild the srpm from fedora core 3 updates, and include --with-ldap-sdk=netscape for the auth_ldap module. But I have no idea where to specifie this. httpd.spec file defines core options, but not modules options. Where can I specied configure options for auth_ldap modules ? This hints would be very appreciated... 

The time you spend to me is very appreciated
regards

_________________________________________________________________
Windows Live Mail : découvrez et testez la version bêta ! http://www.ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911fb2b2e6d 

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux