[Fedora-directory-devel] apache ldap over SSL.
Mickael Besse
mickaelb at hotmail.com
Thu Jun 8 09:00:35 UTC 2006
I have a problem to use apache ldap over SSL.
os: fedora core 3 (updated with yum)
tools :fedora directory server 1.0.2, HTTPd 2.0.53, mod_ssl 1:2.0.53,
mod_auth_ldap, mod_ldap,
errors :
In /var/log/http/error_log: auth_ldap authenticate: user test
authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't
contact LDAP server]
In /opt/fedora-ds/slapd-id/logs/access : SSL connection from 127.0.0.1 to
127.0.0.1
closed - Encountered end of file
I have no probleme without ssl.
In http.conf:
LDAPTrustedCA /etc/httpd/conf/ssl.crt/certificat.pem
LDAPTrustedCAType BASE64_FILE
<Directory "/var/www/html">
AuthLDAPEnabled on
AuthLDAPURL ldaps://name_of_LDAPserver:636/dc=***,dc=***?uid
require group dn_groupe
</Directory>
In fedora directory server, I use certutil -L -d . -P slapd-serverID- -n
"CA certificate" -a > cacert.asc to export CA cert. Then, I copy the
contents of cacert.asc in /etc/httpd/conf/ssl.crt/certificat.pem.
So /etc/httpd/conf/ssl.crt/certificat.pem look like:
-----BEGIN CERTIFICATE-----
kjbfilqbvlsdbvlisdf........
-----END CERTIFICATE-----
Note this message in access log when the httpd server start
LDAP: Built with OpenLDAP LDAP SDK
LDAP: SSL support unavailable
Did a solution for this problem ?
Can I use apache / ssl / auth_mod_ldap / ldap(s) togheter ?
Maybe a miss somethings ?
Did I have to rebuild my module auth_ldap module ?
I want to rebuild the srpm from fedora core 3 updates, and include
--with-ldap-sdk=netscape for the auth_ldap module.
But I have no idea where to specifie this. httpd.spec file defines core
options, but not modules options.
Where can I specied configure options for auth_ldap modules ? This hints
would be very appreciated...
The time you spend to me is very appreciated
regards
_________________________________________________________________
Windows Live Mail : découvrez et testez la version bêta !
http://www.ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911fb2b2e6d
More information about the Fedora-directory-devel
mailing list