httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <...@summerseas.com>
Subject [users@httpd] Authentication with LDAP via SSL
Date Wed, 09 Jul 2003 17:04:10 GMT
> Hello List,
>
> I'm trying to get apache 2.0.46 to authenticate against an iPlanet
> Directory Server ver 4.16 using an SSL connection. I can get to work
> without SSL but when I try to configure for SSL and restart the server,
> I get the following in the error_log:
>
> [Wed Jul 09 12:45:22 2003] [notice] LDAP: Built with OpenLDAP LDAP SDK
> [Wed Jul 09 12:45:22 2003] [crit] LDAP: Invalid LDAPTrustedCAType
> directive - BASE64_FILE type required
> [Wed Jul 09 12:45:22 2003] [warn] LDAP: SSL initialization failed
> [Wed Jul 09 12:45:22 2003] [notice] LDAP: SSL support unavailable
> [Wed Jul 09 12:45:22 2003] [notice] Apache/2.0.46 (Unix) mod_ssl/2.0.46
> OpenSSL/0.9.7a configured -- resuming normal operations
>
> My certificate database is a copy of cert7.db and according to the docs
> the directive to tell apache about my certificates is LDAPTrustedCAType
> which can be either CERT7_DB_PATH, BASE64_FILE or DER_FILE. It seems
> that for some reason apache isn't accepting CERT7_DB_PATH!
>
> Any idea what I'm doing wrong?
>
>
> I compiled with the netscape sdk.
>
> This is how I built apache:
>
> export LDFLAGS="-L/opt/local/ldapcsdk/lib/
> -R/opt/local/ldapcsdk/lib/:/usr/local/lib:/usr/lib"
>
> export CPPFLAGS="-I/opt/local/ldapcsdk/lib/include
> -I/usr/kerberos/include"
>
> ./configure --prefix=/opt/apache/dev/2.0.46/default/servers \
>               --enable-so \
>               --enable-mods-shared="ldap auth-ldap" \
>               --with-ldap \
>               --with-auth-ldap \
>               --with-ldap-lib=/opt/local/ldapcsdk/ \
>               --with-ldap-include=/opt/local/ldapcsdk/ \
>               --with-gdbm \
>               --with-berkeley-db \
>               --with-ssl \
>               --enable-ssl  \
>               --enable-auth-anon --enable-auth-dbm --enable-auth-digest
> \ --enable-rewrite
>
> Here are the related config directives from httpd.conf:
>
> LDAPTrustedCA /opt/local/cert_db/cert7.db
> LDAPTrustedCAType    CERT7_DB_PATH
> #LDAPTrustedCAType    BASE64_FILE
>
> LDAPSharedCacheSize 200000
> LDAPCacheEntries 1024
> LDAPCacheTTL 600
> LDAPOpCacheEntries 1024
> LDAPOpCacheTTL 600
>
> <Location /ldap-status>
> SetHandler ldap-status
> Order deny,allow
> Deny from all
> Allow from dcri.duke.edu
> AuthLDAPEnabled on
> AuthLDAPURL ldaps://ldap.dcri.duke.edu/o=DCRI,c=US?uid?sub
> AuthLDAPAuthoritative on
> AuthLDAPBindDN dn="uid=admin,ou=administrators,o=DCRI,c=US"
> AuthLDAPBindPassword "some_passwd"
> require valid-user
> AuthType Digest
> AuthName "DCRI LDAP Login"
> </Location>
>
> Thanks,
>
> Vic Engle




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message