httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Osborne <david.osbo...@nottingham.ac.uk>
Subject Re: [users@httpd] Remove apache 2.0.45 / upgrade to 2.0.47
Date Wed, 30 Jul 2003 15:25:41 GMT
You may think you're linking against the Netscape LDAP SDK but your
Apache thinks otherwise... see the "LDAP: Built with OpenLDAP LDAP SDK"
message from your error log.

This is the reason for the error "LDAP: Invalid LDAPTrustedCAType
directive - BASE64_FILE type required", because when OpenLDAP is used,
only an LDAPTrustedCAType of BASE64_FILE is accepted. The documentation
doesn't make it explicit that the Netscape SDK allows the use of
CERT7_DB_PATH, the OpenLDAP SDK allows the use of BASE64_FILE and the
Novell SDK allows either BASE64_FILE or DER_FILE. See the source file
modules/experimental/util_ldap.c around lines 1175--1235 for details.

What I can't answer is how to make sure your build uses the Netscape SDK
you want to use. I'm only getting to grips with this myself, having my
own problems building 2.0.47 on Solaris and trying to use LDAP.

David

On Wed, 2003-07-09 at 18:01, vic@summerseas.com wrote:
> Hello List,
> 
> I'm trying to get apache 2.0.46 to authenticate against an iPlanet
> Directory Server ver 4.16 using an SSL connection. I can get to work
> without SSL but when I try to configure for SSL and restart the server, I
> get the following in the error_log:
> 
> [Wed Jul 09 12:45:22 2003] [notice] LDAP: Built with OpenLDAP LDAP SDK
> [Wed Jul 09 12:45:22 2003] [crit] LDAP: Invalid LDAPTrustedCAType
> directive - BASE64_FILE type required
> [Wed Jul 09 12:45:22 2003] [warn] LDAP: SSL initialization failed
> [Wed Jul 09 12:45:22 2003] [notice] LDAP: SSL support unavailable
> [Wed Jul 09 12:45:22 2003] [notice] Apache/2.0.46 (Unix) mod_ssl/2.0.46
> OpenSSL/0.9.7a configured -- resuming normal operations
> 
> My certificate database is a copy of cert7.db and according to the docs
> the directive to tell apache about my certificates is LDAPTrustedCAType
> which can be either CERT7_DB_PATH, BASE64_FILE or DER_FILE. It seems that
> for some reason apache isn't accepting CERT7_DB_PATH!
> 
> Any idea what I'm doing wrong?
> 
> 
> I compiled with the netscape sdk.

-- 
David Osborne
Central Systems & Security Team, Information Services
The University of Nottingham
http://www.nottingham.ac.uk/~cczdao/


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message