Re: [users@httpd] mod_auth_ldap TLS Authoriztion

Tue, 24 Jan 2006 20:03:31 -0800 

Hi,
I am trying to use only TLS. I am using the openldap 2.2.28 libraries. Do I need to have ssl supported libraries even if I need only TLS support.? 


      I am following through the document 
http://info.ccone.at/INFO/Apache/mod/mod_auth_ldap.html#AuthLDAPStartTLS.



      I have the following entries in the /etc/openldap/ldap.conf for 
certificate.


TLS_CACERT /home/httpd/.ldapclientcert.pem
TLS_REQCERT allow


      I have not set the options  LDAPTrustedGlobalCert, 
LDAPTrustedClientCert and LDAPTrustedMode.


Thanks & Regards,
Muthu.

Ricardo Stella wrote:


Well, first things first... Did the module actually linked the ssl
libraries ?  Which libraries did you tried to link it to ?  iPlanet's
only support SSL...

Also, you need to tell apache where the certs are, ie
LDAPTrustedGlobalCert, LDAPTrustedClientCert and LDAPTrustedMode.

Read more http://httpd.apache.org/docs/2.2/mod/mod_ldap.html

There's no such thing as AuthLDAPStartTLS...



Muthu wrote:

 


Hi all,

        I am trying to use LDAP authentication using mod_auth_ldap
module(ver 3.33) in apache 2.0.55.

        I have a .htaccess file like below,

AuthType Basic
AuthName "Password Required"
AuthLDAPURL ldap://host.domain.net/dc=domain,dc=net?cn
AuthLDAPStartTLS on
require valid-user

When I am accessing the page I am getting the below mentioned error in
the /var/log/apache2/error.log

[Sat Jan 21 13:07:41 2006] [debug] mod_auth_ldap.c(884): LDAP:
auth_ldap not using SSL connections
[Sat Jan 21 13:07:41 2006] [alert] [client 192.168.0.2]
/var/www/localhost/htdocs/test/.htaccess: *Invalid command
'AuthLDAPStartTLS'*, perhaps mis-spelled or defined by a module not
included in the server configuration


If I remove the "AuthLDAPStartTLS on" directive from the .htaccess, I
am getting authenticated against LDAP server. I want to use TLS
authorization. Can somebody help me?.


Thanks & Regards,
Muthu.

   




 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to