On Fri, Aug 15, 2008 at 4:47 PM, Howard Chu <[EMAIL PROTECTED]> wrote:
> Personally I would put ldap and apache into a group and make the key
> readable to that specific group.
easy & works like a champ. thanks!
for others' ref:
cat /etc/apache2/uid.conf
User wwwrun
Group www
egrep "OPENLDAP_USER=|OPENLDAP_GROUP=" /etc/sysconfig/openldap
OPENLDAP_USER="ldap"
OPENLDAP_GROUP="ldap"
groupadd wwwssl
grep wwwssl /etc/group
usermod -G wwwssl ldap
usermod -G wwwssl wwwrun
mkdir -p /usr/local/etc/ssl
cd /usr/local/etc/ssl
mkdir ssl.crt
mkdir ssl.key
cp {.../ca.crt,.../svr.crt} ssl.crt/
cp .../svr.key ssl.key/
chown -R root:wwwssl /usr/local/etc/ssl
chmod 755 ssl.crt
chmod 750 ssl.key
chmod 644 ssl.crt/ca.crt
chmod 644 ssl.crt/svr.crt
chmod 640 ssl.key/svr.key
point apache2 & openldap confs as these files.
service apache2 start
Starting httpd2 (prefork)
done
service ldap start
Starting ldap-server
done
ps ax | egrep "http|ldap"
8359 ? S<s 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
8603 ? S<sl 0:00 /usr/lib/openldap/slapd -h ldap:// -f
/etc/openldap/slapd.conf -u ldap -g ldap -4 -o slp=on
