httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sturgis, Grant" <Grant.Stur...@arraybiopharma.com>
Subject [users@httpd] ldaps authentication
Date Wed, 18 Jan 2006 21:11:54 GMT
Greetings List,

I have seen this question posted several times, but have not seen a
resolution.  If it is in the archives, I apologize for not seeing it
there.

I have ldap authentication working using mod_auth_ldap, but I want to
enable ldaps to avoid transmitting passwords in clear text.  This is the
configuration so far:

<Directory "/home/httpd/ldap_test">
   AuthType basic
   AuthName "ldap test"
   AuthLDAPUrl
ldap://dc1.domain.com/dc=domain,dc=com?sAMAccountName?sub?(objectClass=u
ser)
   AuthLDAPBindDN cn=nobody,ou=Users-IT,dc=domain,dc=com
   AuthLDAPBindPassword password
   AuthLDAPGroupAttribute member
   require group cn=ldap_test_group,ou=Users-IT,dc=domain,dc=com
</Directory>

however, to enable ldaps, I add these lines (outside the <Directory>, of
course):

LDAPTrustedCA /etc/httpd/conf/cacerts/dc1.cer
LDAPTrustedCAType BASE64_FILE

and then change ldap to ldaps in the AuthLDAPUrl line

and it stops working.

I have used this cert successfully in pam_ldap and ldapsearch.  

Any suggestions for what I could be doing wrong?  

The details:

RHEL ES 4
httpd-2.0.52-22.ent

Thanks for any suggestions,

Grant
-----------------




Pardon this rubbish:


This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is intended 
to be for the use of the individual or entity named above. If you are not the 
intended recipient, please be aware that any disclosure, copying, distribution 
or use of the contents of this information is prohibited. Please notify the
sender  of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message