Apache, LDAP and SSL

--nextPart13978167.kST8TH1k0C
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi Admins,

has anyone ever made a configuration like this:
Apache 2.x.x, SSL and, most important, SSL-encrypted(!) LDAP auth against a=
=20
Microcrap ActiveDirectory 2003?

Topday, Apache 2.0.x and 2.2.0 works, LDAP-agaist-AD works, SSL works, but =
not=20
LDAPS.=20

I happily tried on SuSE10.0 (pre-built Apache, no LDAP SSL support built in=
,=20
so it's crap) and SLES9 (own-built Apache, with ldap modules with ssl/SASL)=
,=20
but there are always strange errors, most sounding like a non-available LDA=
P=20
server. But, indeed, the 3269 port is open there. Since I have no clue abou=
t=20
the windows box, I can't say any more about this side.

Is there any ressource in the world I can look on?=20
=2D-=20
Mit freundlichen Grüßen

i.A. Martin Klier
Systemadministration / Datenbanken
=2D--------------------------------------------------------- -------
A.T.U Auto-Teile-Unger
Handels GmbH & Co. KG
Dr.-Kilian-Straße 4
D-92637 Weiden i. d. OPf.
Tel.: +49 961 306 5663
=46ax: +49 961 306 5982
martin.klier@atu.de
www.atu.de
=2D--------------------------------------------------------- -------

--nextPart13978167.kST8TH1k0C
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBEMiFOVKZfihvnEcQRAj+2AKCuxVotzw+Oz3yDobr5IVtef52kPQCb B6w+
2Y0bSrbbaD+MK05ycoSpeu4=
=sxB+
-----END PGP SIGNATURE-----

--nextPart13978167.kST8TH1k0C--
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Apache, LDAP and SSL

Grüsse aus der Operpfalz :)=20

http://www.rrze.uni-erlangen.de/dienste/arbeiten-rechnen/lin ux/howtos/l=
dap/ssl.shtml=20
There i found something about SSL and LDAP in german.=20

I=B4ve had tried a few time ago something simular but after a few hours=
i=20
decieded that it costs too much time to integrate this with M$ Active=20
Directory. I must say that i only have done this for playing and testin=
g.=20
But i have often read in forums that there is a problem with M$ AD and =
LDAP in=20
the same way. I remember a possible solution that the M$ AD must be the=
PDC=20
an the Linux must be BPC but in this special case i can=B4t help much.

Maybe reply some more information like syslogs for the problem in SLES9=


Maybe you can get help in www.linuxforen.de (if you not already searche=
d or=20
asked there). In this forum i found this link=20
http://www.oo-services.com/de/articles/sso.aspx .
This is a Howto for making SSL and LDAP running with Active Directory 2=
003.

I hope this could help you.
I think that the problem with not working LDAP in SLES9 is a configurat=
ion or=20
version problem maybe an new version of LDAP/Samba could help. I realy =
dont=20
know which version is in SLES9 but in SuSe most times there are old and=
crap=20
versions, this would be nothing new for me ;)=20

Best regards

Jan Martin Trautmann=20


Am Dienstag, 4. April 2006 09:33 schrieben Sie:
> Hi Admins,
>
> has anyone ever made a configuration like this:
> Apache 2.x.x, SSL and, most important, SSL-encrypted(!) LDAP auth aga=
inst a
> Microcrap ActiveDirectory 2003?
>
> Topday, Apache 2.0.x and 2.2.0 works, LDAP-agaist-AD works, SSL works=
, but
> not LDAPS.
>
> I happily tried on SuSE10.0 (pre-built Apache, no LDAP SSL support bu=
ilt
> in, so it's crap) and SLES9 (own-built Apache, with ldap modules with
> ssl/SASL), but there are always strange errors, most sounding like a
> non-available LDAP server. But, indeed, the 3269 port is open there. =
Since
> I have no clue about the windows box, I can't say any more about this=
side.
>
> Is there any ressource in the world I can look on?
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Apache, LDAP and SSL

--nextPart23853201.bUvqpII4lj
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi Jan,

Am Dienstag 11 April 2006 21:03 schrieb Jan Trautmann:
> Grüsse aus der Operpfalz :)
Ja sauber :))

> I=B4ve had tried a few time ago something simular but after a few hours i
> decieded that it costs too much time to integrate this with M$ Active
> Directory. I must say that i only have done this for playing and testing.
> But i have often read in forums that there is a problem with M$ AD and LD=
AP
> in the same way. I remember a possible solution that the M$ AD must be the
> PDC an the Linux must be BPC but in this special case i can=B4t help much.

In the meantime, I've integrated LDAP and M$ AD 2003, but, as said, without=
=20
LDAPS. For an integration of LDAPS a Microsoft Certificate Server within th=
e=20
AD domain is absolutely neccessary, but AFAIK not so easy to set up. At the=
=20
moment, I am waiting for our windows division to set up such a system, then=
I=20
will progress.=20

As soon as it fully works I will provide a description here.

Thanks so far.

=2D-=20
Mit freundlichen Grüßen

i.A. Martin Klier
Systemadministration / Datenbanken
=2D--------------------------------------------------------- -------
A.T.U Auto-Teile-Unger
Handels GmbH & Co. KG
Dr.-Kilian-Straße 4
D-92637 Weiden i. d. OPf.

--nextPart23853201.bUvqpII4lj
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBEPJ8ZVKZfihvnEcQRAjtRAJ9yTaH8WOs/Hw8XdZ+o5lBhQZJYWwCg 249y
wJGII+D3RYPvruT9E4MhoBY=
=ac5M
-----END PGP SIGNATURE-----

--nextPart23853201.bUvqpII4lj--
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html