Hi again, To follow up on my own question, in case others upgrade from 2.0.54 and run into this problem, 2.0.55 requires these two directives before SSL is enabled in mod_ldap:
LDAPTrustedCA /etc/ssl/CA/cacert.pem LDAPTrustedCAType BASE64_FILE The debug logs now produce: [Fri Jan 13 18:34:17 2006] [notice] LDAP: SSL support available Cheers, Brent On Thu, Jan 12, 2006 at 07:56:14PM -0700, Brent Kearney wrote: > Hello, > > I'm having some trouble getting apache's ldap module to connect to my > openldap server > using TLS. The reason it won't initiate an SSL connection is evident in the > logs: > > [Thu Jan 12 20:45:49 2006] [debug] util_ldap.c(1341): LDAP: SSL trusted > certificate authority file type - BASE64_FILE > [Thu Jan 12 20:45:49 2006] [notice] SIGHUP received. Attempting to restart > [Thu Jan 12 20:45:50 2006] [debug] util_ldap.c(1341): LDAP: SSL trusted > certificate authority file type - BASE64_FILE > [Thu Jan 12 20:45:51 2006] [notice] Digest: generating secret for digest > authentication ... > [Thu Jan 12 20:45:51 2006] [notice] Digest: done > [Thu Jan 12 20:45:51 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK > [Thu Jan 12 20:45:51 2006] [notice] LDAP: SSL support unavailable > [Thu Jan 12 20:45:51 2006] [notice] Apache/2.0.55 (FreeBSD) mod_ssl/2.0.55 > OpenSSL/0.9.7e DAV/2 PHP/5.1.1 configured -- resuming normal operations > > > I found this bug report, which details what looks like the same problem: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/86416 > > However, it also mentions that the bug was supposed to be fixed in Apache > 2.0.55, > which I'm running. As in that bug report, I am also using FreeBSD 5.4. I > added > "LDAPTrustedCAType BASE64_FILE" to my httpd.conf file as suggested, but it > makes > no difference. > > Ironically, it was working before I upgraded from apache 2.0.54. > > Any suggestions are welcome. > > Thanks, > > Brent > > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"