Recent pages

Edit
page

New
page

Print
page
Page last modified 15:53, 15 Oct 2008 by pfaffman
0
Page Notifications Off
Ubiquiki > Courses > IT566 Fall 2008 > Software > Apache2 and LDAP

Apache2 and LDAP

From $1

Table of contents
  1. 1. Hodges, Bill (Bill)

Hodges, Bill (Bill)

 to LANMAN
show details 10:44 AM (1 hour ago)
Reply
  
I've been trying to access UT's LDAP over SSL from Apache2 Version 2.0.49 and 2.0.63 on Netware 6.5 SP7 (OES2) for a long time and finally succeeded.
 
I want to share what worked in case anyone else has these problems.
 
From the Apache2 mod_ldap documentation:  "The ability to create an SSL connection to an LDAP server is defined by the directives LDAPTrustedCA and LDAPTrustedCAType. These directives specify the LDAP server's root certificate file and the certificate type."
 
I could not find appropriate documentation or examples in any one place about the file type of the root certificate file and the certificate type.  Piecing together information from multiple sources and after a significant amount of trial-and-error, success.
 
First, I downloaded all of Thawte's root certificate files from http://thawte.com/roots and copied them to the apache2/certs directory.  At this point, I did not know which Thawte certificate file I needed.  After trying .cer, .db, .der, and all the other certificate  file types, I found an IBM article about .pem files.  I didn't find a .pem file in the collection of Thawte certificate files, but there was a ThawtePremiumServerCA.b64.txt file.  I renamed this file ThawtePremiumServerCA.pem.  
 
The following Apache mod_ldap directives were added to the Apache httpd.conf file:
 
LDAPTrustedCA "sys:/apache2/certs/<wbr/>thawtepremiumserverca.pem"
LDAPTrustedCAType BASE64_FILE
 
The following Apache mod_auth_ldap directives were added to an .htaccess file in the directory I wanted to protect:
 
AuthType basic
AuthName "(College of Law Network ID and Password)"
order deny,allow
deny from all
satisfy any
 
# allow access from within the College of Law
allow from 160.36.68.   
allow from 160.36.69.
allow from 160.36.70.
allow from 160.36.71.
 
AuthLDAPAuthoritative On
# If outside of the College of Law subnets, make secure call to LDAP and authenticate if user is a student in Law or if user is a member of Law Staff or Law Faculty
 
require valid-user
 
===================
 
I haven't tried it yet, but I think this will also work from PHP if the .pem certificate file is placed in the php/cert directory.
 
Hope this might prevent much searching and trial-and-error for someone else.
Tags:
Attach file or image
Files (0)
 
Images (0)
 
Comments (0)
You must login to post a comment.

 
Powered by MindTouch Core v.9.08.1