You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Dmitriy Kirhlarov <dk...@oilspace.com> on 2005/09/21 12:51:15 UTC
[users@httpd] [ondrej@sury.org: Re: [apache-modules] ldapS auth]
I test this patch. It work for me.
But little issue finded.
When you use DER or BASE64 packed CAcert you must describe it as BASE64_FILE.
----- Forwarded message from Ondrej Sury <on...@sury.org> -----
On Tue, 2005-09-20 at 17:12 +0100, Dmitriy Kirhlarov wrote:
> On Tue, Sep 20, 2005 at 05:51:44PM +0200, Ondrej Sury wrote:
> > > As I write previously -- I get error message, when apache started. WITHOUT connection to ldap-server (I specialy look tcpdump for this).
> >
> > This message ("LDAP: SSL support unavailable") has nothing to do with
> > real connection to LDAP, LDAPTrustedCA and LDAPTrustedCAType is
> > processed when apache starts on global scope of configuration.
> >
> > For more info see modules/experimental/util_ldap.c
BTW: You need to use mod_ldap from 2.0.x HEAD, because mod_ldap in
2.0.54 and before is broken. You also propably want to use my
backported patch which fixes caching brokeness when there is null value
in result set:
http://issues.apache.org/bugzilla/show_bug.cgi?id=36563
> Oh, yes... True.
> I think possible only 3 problems:
> - this module compiled without SSL (How I can test it?)
False. It would give you "LDAP: Not built with SSL support." (see line
1624).
> - certificate, needed for apache -- not a standart BASE64, or DER
> cert, getted from openssl (Where I can read -- how to modify cert for
> apache?)
Just tested it, you need to setup LogLevel debug *before* mod_ldap
configuration. apache2.conf very beginning seems to be nice place :-)
> - bug in util (How I can help to find it?)
Nope. It works :-).
[Tue Sep 20 21:12:36 2005]
[debug] /build/buildd/apache2-2.0.54/build-tree/apache2/modules/experimental/util_ldap.c(1285): LDAP: SSL trusted certificate authority file - /etc/ssl/certs/Visa_International_Global_Root_2.pem
[Tue Sep 20 21:12:36 2005]
[debug] /build/buildd/apache2-2.0.54/build-tree/apache2/modules/experimental/util_ldap.c(1314): LDAP: SSL trusted certificate authority file type - BASE64_FILE
[Tue Sep 20 21:14:02 2005]
[debug] /build/buildd/apache2-2.0.54/build-tree/apache2/modules/experimental/util_ldap.c(1437): LDAP merging Shared Cache conf: shm=0x81458b0 rmm=0x81458e0 for VHOST: maple.active24.cz
[Tue Sep 20 21:14:02 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Tue Sep 20 21:14:02 2005] [notice] LDAP: SSL support available
[Tue Sep 20 21:14:02 2005]
[debug] /build/buildd/apache2-2.0.54/build-tree/apache2/modules/experimental/util_ldap.c(1625): Initialisation of global mutex /tmp/fileEjifvx in child process 10050 successful.
[Tue Sep 20 21:14:02 2005]
[debug] /build/buildd/apache2-2.0.54/build-tree/apache2/modules/experimental/util_ldap.c(1625): Initialisation of global mutex /tmp/fileEjifvx in child process 10052 successful.
--
Ondrej Sury <on...@sury.org>
----- End forwarded message -----
WBR
--
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 095 105 7247 F:+7 095 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org