You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by SAQIB <sa...@seagate.com> on 2003/05/10 15:58:28 UTC

[users@httpd] LDAPTrustedCA and LDAPTrustedCAType

Hello everybody,

I am trying to get the LDAP over SSL working on Apache 2.x

The online documentation has the following two directive listed:
LDAPTrustedCA
LDAPTrustedCAType

to specify the CERT DB and CERT TYPE

So I added the following to my httpd.conf file:
...........
LDAPTrustedCA /usr/local/apache2/sslcert/cert7.db
LDAPTrustedCAType CERT7_DB_PATH
-----------

However, when I start apache I get the following msg in the error log:

..............
[Sat May 10 06:21:16 2003] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat May 10 06:21:16 2003] [crit] LDAP: Invalid LDAPTrustedCAType
directive - BASE64_FILE type required
[Sat May 10 06:21:16 2003] [warn] LDAP: SSL initialization failed
[Sat May 10 06:21:16 2003] [notice] LDAP: SSL support unavailable
[Sat May 10 06:21:16 2003] [notice] Apache/2.0.45 (Unix) mod_ssl/2.0.45
OpenSSL/0.9.7b DAV/2 configured -- resuming normal operations
--------------

and here is my configure line:
./configure --enable-so --enable-mods-shared="ldap auth-ldap" --with-ldap
--with-auth-ldap --with-ldap-lib=/usr/local/iplanet-ldap-sdk.5/
--with-ldap-include=/usr/local/iplanet-ldap-sdk.5/
--with-ssl=/usr/local/ssl --enable-ssl  --enable-rewrite  --enable-dav

Any one has any ideas why I am getting this error message?

P.S. My cert7.db is not corrupted, I tested it with IPlanet's ldapsearch
utility.


Thanks
Saqib Ali




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] LDAPTrustedCA and LDAPTrustedCAType (mod_auth_ldap issues)

Posted by SAQIB <sa...@seagate.com>.

Hello everybody,

I compiled apache using the following configure:
./configure --enable-so --enable-mods-shared="ldap auth-ldap"  --with-ldap 
--with-auth-ldap --with-ldap-lib=/usr/local/iplanet-ldap-sdk.5/ 
--with-ldap-include=/usr/local/iplanet-ldap-sdk.5/
--with-ssl=/usr/local/ssl  --enable-ssl  --enable-rewrite  --enable-dav

i.e. I specified the configure to use the iplanet SDK under
/usr/local/iplanet-ldap-sdk.5

However the error logs say:
> [Sat May 10 06:21:16 2003] [notice] LDAP: Built with OpenLDAP LDAP SDK   
> [Sat May 10 06:21:16 2003] [crit] LDAP: Invalid LDAPTrustedCAType
> directive - BASE64_FILE type required
> [Sat May 10 06:21:16 2003] [warn] LDAP: SSL initialization failed
> [Sat May 10 06:21:16 2003] [notice] LDAP: SSL support unavailable
> [Sat May 10 06:21:16 2003] [notice] Apache/2.0.45 (Unix) mod_ssl/2.0.45
> OpenSSL/0.9.7b DAV/2 configured -- resuming normal operations

LDAP was built with OpenLDAP SDK

I m not sure where Apache is getting OpenLDAP from? Shouldnt it say LDAP:
Built with IPlanet LDAP SDK?

Any ideas?

Thanks
Saqib Ali
http://www.cheetahdrives.com/

On Sat, 10 May 2003, SAQIB wrote:

> 
> Hello everybody,
> 
> I am trying to get the LDAP over SSL working on Apache 2.x
> 
> The online documentation has the following two directive listed:
> LDAPTrustedCA
> LDAPTrustedCAType
> 
> to specify the CERT DB and CERT TYPE
> 
> So I added the following to my httpd.conf file:
> ...........
> LDAPTrustedCA /usr/local/apache2/sslcert/cert7.db
> LDAPTrustedCAType CERT7_DB_PATH
> -----------
> 
> However, when I start apache I get the following msg in the error log:
> 
> ..............
> [Sat May 10 06:21:16 2003] [notice] LDAP: Built with OpenLDAP LDAP SDK
> [Sat May 10 06:21:16 2003] [crit] LDAP: Invalid LDAPTrustedCAType
> directive - BASE64_FILE type required
> [Sat May 10 06:21:16 2003] [warn] LDAP: SSL initialization failed
> [Sat May 10 06:21:16 2003] [notice] LDAP: SSL support unavailable
> [Sat May 10 06:21:16 2003] [notice] Apache/2.0.45 (Unix) mod_ssl/2.0.45
> OpenSSL/0.9.7b DAV/2 configured -- resuming normal operations
> --------------
> 
> and here is my configure line:
> ./configure --enable-so --enable-mods-shared="ldap auth-ldap" --with-ldap
> --with-auth-ldap --with-ldap-lib=/usr/local/iplanet-ldap-sdk.5/
> --with-ldap-include=/usr/local/iplanet-ldap-sdk.5/
> --with-ssl=/usr/local/ssl --enable-ssl  --enable-rewrite  --enable-dav
> 
> Any one has any ideas why I am getting this error message?
> 
> P.S. My cert7.db is not corrupted, I tested it with IPlanet's ldapsearch
> utility.
> 
> 
> Thanks
> Saqib Ali
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org