You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Trevor Hurst <tr...@sgi.com> on 2003/03/12 00:53:25 UTC

AuthLDAPCertDBPath ???

Well, after successfully compiling auth_ldap with the 
OpenLDAP libs I found that it doesn't jive well with 
our Netscape LDAP server.. 

So... I finally rebuilt with the Netscape4-LDAP-SDK
libs.. 

Since then I received the following error:

[Tue Mar 11 00:42:19 2003] [warn] [client 134.15.0.112] [1667653]
auth_ldap authenticate: user 25145 authentication failed; URI
/secure/finance/FA/search.jsp [secure LDAP requested, but no CA cert
defined][Unknown error], referer:http://

So, I then placed my cert7.db file in APACHE2/conf directory and pointed
it
to the cert db file by using the following in my httpd.conf:

Syntax error on line 1073 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'AuthLDAPStartTLS', perhaps mis-spelled or defined by a
module not included in the server configuration

auth_ldap was built statically into the core and not ran as a mod.

Is there a different command used for Apache2 to load the cert7.db file
now?

It worked for our older 1.3 apache..

Thanks,

-- Trev

-- 
Trevor Hurst
Senior Systems Administrator
DCO Unix Production Systems
Silicon Graphics
Office Ph: 650.933.6144
e-mail: trev@sgi.com
pager: trev_p@pager.sgi.com

--
Thus a mind that is free from passion is a very citadel;
man has no stronger fortress in which to seek shelter and
defy every assault. Failure to perceive this is ignorance;
but to perceive it, and still not to seek its refuge, is
misfortune indeed. --Marcus Aurelius

Re: AuthLDAPCertDBPath ???

Posted by Trevor Hurst <tr...@sgi.com>.

Okay, I think I've found the spot in ssl.conf but when I point
the commands at /usr/local/apache2/conf/ssl.crt/cert7.db
and try starting up the server it complains with:

[error] Unable to configure verify locations for client authentication

and will not start. Here's the entry in ssl.conf that I'm using:

SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/cert7.db

I've also tried the following:

SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
which is not a valid (?) CA cert I suppose but one I created with
OpenSSL
but it doesn't like that one and complains in the error_log when
trying to authenticate at the site with the following:

URI /secure [secure LDAP requested, but no CA cert defined][Unknown
error]

And when I start the server I get a warning (?) :

[warn] RSA server certificate is a CA certificate (BasicConstraints: CA
== TRUE !?)

Can anyone point me to where I can get/make a CA cert that will work
with
our Netscrape LDAP server?

Thanks!

-- Trev


Trevor Hurst wrote:
> 
> Well, after successfully compiling auth_ldap with the
> OpenLDAP libs I found that it doesn't jive well with
> our Netscape LDAP server..
> 
> So... I finally rebuilt with the Netscape4-LDAP-SDK
> libs..
> 
> Since then I received the following error:
> 
> [Tue Mar 11 00:42:19 2003] [warn] [client 134.15.0.112] [1667653]
> auth_ldap authenticate: user 25145 authentication failed; URI
> /secure/finance/FA/search.jsp [secure LDAP requested, but no CA cert
> defined][Unknown error], referer:http://
> 
> So, I then placed my cert7.db file in APACHE2/conf directory and pointed
> it
> to the cert db file by using the following in my httpd.conf:
> 
> Syntax error on line 1073 of /usr/local/apache2/conf/httpd.conf:
> Invalid command 'AuthLDAPStartTLS', perhaps mis-spelled or defined by a
> module not included in the server configuration
> 
> auth_ldap was built statically into the core and not ran as a mod.
> 
> Is there a different command used for Apache2 to load the cert7.db file
> now?
> 
> It worked for our older 1.3 apache..
> 
> Thanks,
> 
> -- Trev
> 
> --