httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Holt" <harryh...@gmail.com>
Subject Re: [users@httpd] SSL LDAP Connections on Win32
Date Tue, 26 Feb 2008 18:12:18 GMT
Ok, it's pretty basic:

ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2"

Listen 80

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so

LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so

LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so

#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_svn_module modules/svn/mod_dav_svn.so

LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so

LoadModule ldap_module modules/mod_ldap.so

LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule setenvif_module modules/mod_setenvif.so

LoadModule ssl_module modules/mod_ssl.so

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User daemon
Group daemon
</IfModule>
</IfModule>

ServerAdmin postmaster@localhost

DocumentRoot "D:/wwwroot/htdocs"

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

ErrorLog "logs/error.log"

#LogLevel warn
LogLevel debug

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access.log" common

</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "C:/Program Files/Apache Software
Foundation/Apache2.2/cgi-bin/"
</IfModule>

DefaultType text/plain

<IfModule mime_module>
    TypesConfig conf/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

# Certificate for conneccting to LDAP server (eDir)
# LDAPTrustedGlobalCert     CA_DER conf/CACert.der
# LDAPTrustedMode        SSL
#LDAPVerifyServerCert    Off

<Directory "D:/wwwroot/htdocs">
        AllowOverride All
        Options FollowSymLinks Includes
        Order allow,deny
        Allow from all
</Directory>

# Subversion setup
<Location "/">
    # LDAP Authentication & Authorization is final; do not check other
databases
      AuthzLDAPAuthoritative OFF

      AuthLDAPUrl ldaps://ldap.intranet.mysite/o=mysite?uid SSL

      # Do basic password authentication (IN THE CLEAR!?) - no, not over SSL
      AuthType Basic
      AuthName "TEST Root directory"
      AuthBasicProvider ldap

      Require valid-user
</Location>



On Tue, Feb 26, 2008 at 12:41 PM, Udo Rader <udo.rader@bestsolution.at>
wrote:

>
> On Tue, 2008-02-26 at 12:35 -0500, Harry Holt wrote:
> > Okay, apparently, with the binary distribution of Apache 2.2 for
> > Win32, it is not possible to initialize an SSL connection to an LDAP
> > server using mod_ldap and mod_authnz_ldap.
> >
> > During startup I get:
> >
> > [info] LDAP: SSL support unavailable: LDAP: CA certificates cannot be
> > set using this method, as they are stored in the registry instead.
> >
> > And if I try to initiate an SSL connection with an LDAP server I get:
> >
> > [warn] [client 127.0.0.1] [8048] auth_ldap authenticate: user vec02
> > authentication failed; URI /svn [LDAP: an attempt to set LDAP_OPT_SSL
> > on failed.][Parameter Error]
> >
> > So, my questions:
> >
> > Am I crazy or is LDAP over SSL just not supported for this
> > distribution?  and
> >
> > If I'm not crazy, is there a binary distribution of aprutil-1.dll that
> > will support this (that anyone knows of) or will I have to figure out
> > how to compile it myself?
> >
> > I appreciate any info and pointers.
>
> ... maybe you should start by posting some configuration excerpts?
>
> --
> ´╗┐Udo Rader
>
> bestsolution.at EDV Systemhaus GmbH
> http://www.bestsolution.at
>
>
> >
>



-- 
Harry Holt, PMP
Mime
View raw message