You are not logged in.
Hello,
I'm setting up the Apache server to authenticate users against the external LDAP server, which is working fine until I try to do the LDAP over SSL. According to the mod_ldap confg I use:
LoadModule ldap_module modules/mod_ldap.so
...
LDAPTrustedCA /etc/httpd/conf/bluepages.crt
LDAPTrustedCAType BASE64_FILE
<Directory "/srv/http">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
AuthName "SECURE LDAP TEST"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldaps://ldap.server.com/ou=bluepages,o=company.com?mail?sub?" SSL
Require ldap-group cn=DEV_GRP,ou=memberlist,ou=allgroups,o=company.com
Satisfy any
SSLRequireSSL
</Directory>
I get this in the error_log:
Syntax error on line 197 of /etc/httpd/conf/httpd.conf:
Invalid command 'LDAPTrustedCA', perhaps misspelled or defined by a module not included in the server configuration
Any ideas???
Offline
Hi olegk25, seems that the directive has been replaced:
CHANGES_2.2.txt.html
*) mod_ldap: Updated to use the new apr-util v1.1 apr_ldap_*_option()
API for the setting of server and client SSL certificates. Replaced
LDAPTrustedCA directive with LDAPTrustedGlobalCert and
LDAPTrustedClientCert directives to correctly support global certs
(CA certs / Netware client certs) and per connection client certs
as supported by Netware, OpenLDAP and Netscape/Mozilla.
[Graham Leggett]
Take a look at the mod_ldap 2.2 documentation: http://httpd.apache.org/docs/2.2/mod/mod_ldap.html
Offline
Thanks a lot, it worked!!!
And as a follow-up question: the perfect solution would be using the key database (CA_CERT7_DB). How can I create and use it? I assume I'll need to find and install the Netscape SDK?
Thanks in advance!
Offline
I think that you need to install the nss package (from extra repo) and use the certutil command to create a cert7.db.
More I don't know if you need the mod_nss package (from AUR) instead of the 'standard' mod_ssl
Last edited by cipparello (2010-09-21 20:20:20)
Offline