reverse proxy with ldap authentication

reverse proxy with ldap authentication

am 27.09.2007 08:28:35 von roberto.ramos

Hi all, I try to install a reverse proxy with ldap authentication : it
works with ldap but not with ldaps.
I've got this notice about LDAP and SSL in the log

[Wed Sep 26 16:57:40 2007] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Wed Sep 26 16:57:40 2007] [notice] LDAP: SSL support unavailable
[Wed Sep 26 16:57:40 2007] [notice] Apache/2.0.52 (Red Hat) configured --
resuming normal operations

Any help would be appreaciated.
Thx

Roberto

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: reverse proxy with ldap authentication

am 30.09.2007 02:18:43 von dodge

On Thu, 27 Sep 2007 roberto.ramos@telintrans.fr wrote:

> Hi all, I try to install a reverse proxy with ldap authentication : it
> works with ldap but not with ldaps.
> I've got this notice about LDAP and SSL in the log
>
> [Wed Sep 26 16:57:40 2007] [notice] LDAP: Built with OpenLDAP LDAP SDK
> [Wed Sep 26 16:57:40 2007] [notice] LDAP: SSL support unavailable
> [Wed Sep 26 16:57:40 2007] [notice] Apache/2.0.52 (Red Hat) configured --
> resuming normal operations
>
> Any help would be appreaciated.
> Thx
>
> Roberto
>
>
OpenLDAP does indeed suport ldaps (assuming it was built with SSL support,
whis it most likely was).

This error message can be confusing, it also appears if you don't set the
LDAPTrustedCA and LDAPTrustedCAType directives.

In order to establish the ldaps connection (as a client) you need the CA
certificate to establish trust.

----------------------------------------
"Mon a=E9roglisseur est plein d'anguilles"
John P. Dodge
Boeing Shared Services


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org