[Fedora-directory-devel] re: apache ldap over SSL.
Joe Baker
joebaker at nelfc.com
Thu Jun 8 17:34:57 UTC 2006
As I recall ssl enabled communications are very fussy about the hostname
that their certificates were created for. So try using your
hostname.localnet name to connect to the IP and see if that helps.
There is really little point in enabling ssl connections to localhost
anyway.
Good Luck!
-Joe Baker
> From: "Mickael Besse" <mickaelb at hotmail.com>
> Subject: [Fedora-directory-devel] apache ldap over SSL.
> To: fedora-directory-devel at redhat.com
> Message-ID: <BAY104-F3037FD70C02E1E7B3174A2C98B0 at phx.gbl>
> Content-Type: text/plain; charset=iso-8859-1; format=flowed
>
> I have a problem to use apache ldap over SSL.
>
> os: fedora core 3 (updated with yum)
> tools :fedora directory server 1.0.2, HTTPd 2.0.53, mod_ssl 1:2.0.53,
> mod_auth_ldap, mod_ldap,
>
> errors :
> In /var/log/http/error_log: auth_ldap authenticate: user test
> authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Can't
> contact LDAP server]
>
> In /opt/fedora-ds/slapd-id/logs/access : SSL connection from 127.0.0.1 to
> 127.0.0.1
> closed - Encountered end of file
>
>
> I have no probleme without ssl.
>
> In http.conf:
>
> LDAPTrustedCA /etc/httpd/conf/ssl.crt/certificat.pem
> LDAPTrustedCAType BASE64_FILE
>
>
> <Directory "/var/www/html">
>
> AuthLDAPEnabled on
> AuthLDAPURL ldaps://name_of_LDAPserver:636/dc=***,dc=***?uid
> require group dn_groupe
> </Directory>
>
>
> In fedora directory server, I use certutil -L -d . -P slapd-serverID- -n
> "CA certificate" -a > cacert.asc to export CA cert. Then, I copy the
> contents of cacert.asc in /etc/httpd/conf/ssl.crt/certificat.pem.
>
> So /etc/httpd/conf/ssl.crt/certificat.pem look like:
>
> -----BEGIN CERTIFICATE-----
> kjbfilqbvlsdbvlisdf........
> -----END CERTIFICATE-----
>
>
> Note this message in access log when the httpd server start
> LDAP: Built with OpenLDAP LDAP SDK
> LDAP: SSL support unavailable
>
>
> Did a solution for this problem ?
> Can I use apache / ssl / auth_mod_ldap / ldap(s) togheter ?
> Maybe a miss somethings ?
>
> Did I have to rebuild my module auth_ldap module ?
>
> I want to rebuild the srpm from fedora core 3 updates, and include
> --with-ldap-sdk=netscape for the auth_ldap module.
> But I have no idea where to specifie this. httpd.spec file defines core
> options, but not modules options.
> Where can I specied configure options for auth_ldap modules ? This hints
> would be very appreciated...
>
> The time you spend to me is very appreciated
> regards
>
> _________________________________________________________________
> Windows Live Mail : découvrez et testez la version bêta !
> http://www.ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911fb2b2e6d
>
>
>
> ------------------------------
>
> --
> Fedora-directory-devel mailing list
> Fedora-directory-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-devel
>
>
> End of Fedora-directory-devel Digest, Vol 12, Issue 1
> *****************************************************
>
More information about the Fedora-directory-devel
mailing list