httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Holt" <>
Subject Re: [users@httpd] SSL LDAP Connections on Win32
Date Tue, 26 Feb 2008 18:12:18 GMT
Ok, it's pretty basic:

ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2"

Listen 80

LoadModule actions_module modules/
LoadModule alias_module modules/
LoadModule asis_module modules/
LoadModule auth_basic_module modules/

LoadModule authn_default_module modules/
LoadModule authn_file_module modules/

LoadModule authnz_ldap_module modules/

LoadModule authz_dbm_module modules/
LoadModule authz_default_module modules/
LoadModule authz_groupfile_module modules/
LoadModule authz_host_module modules/
LoadModule authz_owner_module modules/
LoadModule authz_user_module modules/
LoadModule autoindex_module modules/

#LoadModule dav_module modules/
#LoadModule dav_svn_module modules/svn/

LoadModule dir_module modules/
LoadModule env_module modules/
LoadModule include_module modules/
LoadModule isapi_module modules/

LoadModule ldap_module modules/

LoadModule log_config_module modules/
LoadModule mime_module modules/
LoadModule negotiation_module modules/
LoadModule setenvif_module modules/

LoadModule ssl_module modules/

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User daemon
Group daemon

ServerAdmin postmaster@localhost

DocumentRoot "D:/wwwroot/htdocs"

<IfModule dir_module>
    DirectoryIndex index.html

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All

ErrorLog "logs/error.log"

#LogLevel warn
LogLevel debug

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio

    CustomLog "logs/access.log" common


<IfModule alias_module>
    ScriptAlias /cgi-bin/ "C:/Program Files/Apache Software

DefaultType text/plain

<IfModule mime_module>
    TypesConfig conf/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

# Certificate for conneccting to LDAP server (eDir)
# LDAPTrustedGlobalCert     CA_DER conf/CACert.der
# LDAPTrustedMode        SSL
#LDAPVerifyServerCert    Off

<Directory "D:/wwwroot/htdocs">
        AllowOverride All
        Options FollowSymLinks Includes
        Order allow,deny
        Allow from all

# Subversion setup
<Location "/">
    # LDAP Authentication & Authorization is final; do not check other
      AuthzLDAPAuthoritative OFF

      AuthLDAPUrl ldaps://ldap.intranet.mysite/o=mysite?uid SSL

      # Do basic password authentication (IN THE CLEAR!?) - no, not over SSL
      AuthType Basic
      AuthName "TEST Root directory"
      AuthBasicProvider ldap

      Require valid-user

On Tue, Feb 26, 2008 at 12:41 PM, Udo Rader <>

> On Tue, 2008-02-26 at 12:35 -0500, Harry Holt wrote:
> > Okay, apparently, with the binary distribution of Apache 2.2 for
> > Win32, it is not possible to initialize an SSL connection to an LDAP
> > server using mod_ldap and mod_authnz_ldap.
> >
> > During startup I get:
> >
> > [info] LDAP: SSL support unavailable: LDAP: CA certificates cannot be
> > set using this method, as they are stored in the registry instead.
> >
> > And if I try to initiate an SSL connection with an LDAP server I get:
> >
> > [warn] [client] [8048] auth_ldap authenticate: user vec02
> > authentication failed; URI /svn [LDAP: an attempt to set LDAP_OPT_SSL
> > on failed.][Parameter Error]
> >
> > So, my questions:
> >
> > Am I crazy or is LDAP over SSL just not supported for this
> > distribution?  and
> >
> > If I'm not crazy, is there a binary distribution of aprutil-1.dll that
> > will support this (that anyone knows of) or will I have to figure out
> > how to compile it myself?
> >
> > I appreciate any info and pointers.
> ... maybe you should start by posting some configuration excerpts?
> --
> ´╗┐Udo Rader
> EDV Systemhaus GmbH
> >

Harry Holt, PMP
View raw message