LDAP authentication using TLS

------_=_NextPart_001_01C34658.68EAB004
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I am trying to get Apache to do LDAP authentication our campus LDAP =
server using TLS. I have it working without TLS but I am confused on how =
to make it work with TLS.

I installed Apache 2.0.46 with mod_ssl , mod_ldap, mod_auth_ldap on a =
Sun Server running Solaris 8 I used the OpenLDAP SDK, OpenSSL 0.9.6j, =
etc.

I understand that I need to add the directives:

LDAPTrustedCA path to cert
LDAPTrustedCAType type

What is the cert I am supposed to be using? Is this a Verisign Cert or a =
Cert from the camous LDAP server, or can I create a cert ?

Any help would be greatly appreciated.

Thanks,

Damian Marinaccio
RIT Library
dxmwml@rit.edu
585.475.7741


------_=_NextPart_001_01C34658.68EAB004
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable




charset=3Diso-8859-1">
6.0.6249.1">

I am trying to get Apache to do LDAP =
authentication our campus LDAP server using TLS. I have it working =
without TLS but I am confused on how to make it work with =
TLS.

I installed Apache 2.0.46 with mod_ssl =
, mod_ldap, mod_auth_ldap on a Sun Server running Solaris 8 I used the =
OpenLDAP SDK, OpenSSL 0.9.6j, etc.

I understand that I need to add the =
directives:

LDAPTrustedCA  path to =
cert


LDAPTrustedCAType SIZE=3D2 FACE=3D"Arial">type

What is the cert I am supposed to be =
using? Is this a Verisign Cert or a Cert from the camous LDAP server, or =
can I create a cert ?

Any help would be greatly =
appreciated.

Thanks,

Damian Marinaccio


RIT Library


dxmwml@rit.edu


585.475.7741

Re: LDAP authentication using TLS

Damian,

I'm trying to do something similar except I'm trying to authenticate via
SSL. I use the Netscape SDK and OpenSSL. The documentation on apache's
site says to get a certificate database from a netscape browser. Just do a
find for cert7.db within either .netscape or .mozilla within your home
directory. What I found was that you need to set the LDAPTrustedCAType
directive to CERT7_DB_PATH but when I do that I get errors in the
error_log saying the I have to use BASE64_FILE but when I try that it
doesn't work. Please let me know if you make any progress.

Thanks,

Vic Engle


> I am trying to get Apache to do LDAP authentication our campus LDAP
> server using TLS. I have it working without TLS but I am confused on how
> to make it work with TLS.
>
> I installed Apache 2.0.46 with mod_ssl , mod_ldap, mod_auth_ldap on a
> Sun Server running Solaris 8 I used the OpenLDAP SDK, OpenSSL 0.9.6j,
> etc.
>
> I understand that I need to add the directives:
>
> LDAPTrustedCA path to cert
> LDAPTrustedCAType type
>
> What is the cert I am supposed to be using? Is this a Verisign Cert or a
> Cert from the camous LDAP server, or can I create a cert ?
>
> Any help would be greatly appreciated.
>
> Thanks,
>
> Damian Marinaccio
> RIT Library
> dxmwml@rit.edu
> 585.475.7741




------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: LDAP authentication using TLS

Yeah, the LDAP over SSL doesn't seem to work in Apache 2.0.26 as of yet.
One alternative(Lord Willing) is to use
http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth _ldap_apache2.html

Instruction for installation are at
http://www.xml-dev.com:8080/cocoon/mount/docbook/Apache-WebD AV-LDAP-HOWTO.html#N4001AA

In Peace,
Saqib Ali
---------
http://www.xml-dev.com

On Wed, 9 Jul 2003 vic@summerseas.com wrote:

> Damian,
>
> I'm trying to do something similar except I'm trying to authenticate via
> SSL. I use the Netscape SDK and OpenSSL. The documentation on apache's
> site says to get a certificate database from a netscape browser. Just do a
> find for cert7.db within either .netscape or .mozilla within your home
> directory. What I found was that you need to set the LDAPTrustedCAType
> directive to CERT7_DB_PATH but when I do that I get errors in the
> error_log saying the I have to use BASE64_FILE but when I try that it
> doesn't work. Please let me know if you make any progress.
>
> Thanks,
>
> Vic Engle
>
>
> > I am trying to get Apache to do LDAP authentication our campus LDAP
> > server using TLS. I have it working without TLS but I am confused on how
> > to make it work with TLS.
> >
> > I installed Apache 2.0.46 with mod_ssl , mod_ldap, mod_auth_ldap on a
> > Sun Server running Solaris 8 I used the OpenLDAP SDK, OpenSSL 0.9.6j,
> > etc.
> >
> > I understand that I need to add the directives:
> >
> > LDAPTrustedCA path to cert
> > LDAPTrustedCAType type
> >
> > What is the cert I am supposed to be using? Is this a Verisign Cert or a
> > Cert from the camous LDAP server, or can I create a cert ?
> >
> > Any help would be greatly appreciated.
> >
> > Thanks,
> >
> > Damian Marinaccio
> > RIT Library
> > dxmwml@rit.edu
> > 585.475.7741
>
>
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org