httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dmitriy Kirhlarov <dkirhla...@oilspace.com>
Subject Re: [users@httpd] ldaps auth
Date Tue, 20 Sep 2005 15:02:21 GMT
On Tue, Sep 20, 2005 at 08:52:44AM -0500, Craig L. Ching wrote:
> Hold on Dmitriy, I was out of town last week and some kind soul responded to a message
I'd put out a couple of weeks ago.  Here it is, I'm going to take his advice and I'll let
you know how it goes:

thnx.

> > Is OpenLDAP expected to have ldap_ssl.h?  Or is ldap_start_tls_s 
> > support enough?  I'm a bit clueless about the difference between SSL 
> > and TLS, I just need to get a secure connection to Novell e-directory.  

Difference between SSL and TLS very small. When your use SSL your have SSL connection on specific
SSL port, and, after that, use plain HTTP, or POP3, or IMAP4, ... over this tunnel. When you
use TLS, you, use connection to STANDART port for same service, after that, send command STARTTLS,
after that use SSL connection on standart service port.

> These files are used in the Sun LDAPSDK. The message in the logfile is misleading. OpenLDAP
supports SSL but this message indicates that you have not set the LDAPTrustedCA and LDAPTrustedCAType
directives.

Possible.
But it not my case.
It fine certificate:
$ sudo openssl verify -CAfile /usr/local/etc/ssl/cacert.pem -verbose /usr/local/etc/openldap/ssl/slapd-free2.mow.crt

/usr/local/etc/openldap/ssl/slapd-free2.mow.crt: OK

And, as I write previously, I get error message, when apache started. WITHOUT ldap-connection
(I look tcpdump in this moment)

WBR
-- 
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 095 105 7247 F:+7 095 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message