Re: AuthLDAPCertDBPath ???
Trevor Hurst wrote: I'm wondering if I should see mod_ldap in the static listing of the modules I compiled in? I don;t see mod_ldap but a few others such as mod_auth_ldap.c and util_ldap.c. Am I missing something? util_ldap.c is the same as mod_ldap. It's just named funny. Look in the source code for util_ldap.c - you should see the directives towards the end of the file - if you don't, you need to check out the latest version from CVS. Regards, Graham -- - [EMAIL PROTECTED] "There's a moon over Bourbon Street tonight..."
Re: AuthLDAPCertDBPath ???
Thanks for the help Graham. I'm wondering if I should see mod_ldap in the static listing of the modules I compiled in? I don;t see mod_ldap but a few others such as mod_auth_ldap.c and util_ldap.c. Am I missing something? eskimo [16] ./apachectl -l Compiled in modules: core.c mod_access.c mod_auth.c util_ldap.c mod_auth_ldap.c mod_include.c mod_log_config.c mod_env.c mod_mime_magic.c mod_setenvif.c mod_ssl.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_so.c Thanks for your help! -- Trev On Wed, 12 Mar 2003, Graham Leggett wrote: > Trevor Hurst wrote: > > > Syntax error on line 1073 of /usr/local/apache2/conf/httpd.conf: > > Invalid command 'LDAPTrustedCA', perhaps mis-spelled or defined by a > > module not included in the server configuration > > This is a very new addition - the cert handling was tidied up recently > and I think is only available in the latest CVS head. > > Follow the instructions to download the v2.0 branch of httpd, and try > that and see if it solves your hassles. > > Regards, > Graham > -- > - > [EMAIL PROTECTED] "There's a moon > over Bourbon Street > tonight..." >
Re: AuthLDAPCertDBPath ???
Trevor Hurst wrote: Syntax error on line 1073 of /usr/local/apache2/conf/httpd.conf: Invalid command 'LDAPTrustedCA', perhaps mis-spelled or defined by a module not included in the server configuration This is a very new addition - the cert handling was tidied up recently and I think is only available in the latest CVS head. Follow the instructions to download the v2.0 branch of httpd, and try that and see if it solves your hassles. Regards, Graham -- - [EMAIL PROTECTED] "There's a moon over Bourbon Street tonight..."
Re: AuthLDAPCertDBPath ???
Unfortunately that doesn't work either: LDAPTrustedCA /usr/local/apache2/conf/ssl.crt/cert7.db LDAPTRustedCAType cert7.db startup error: Syntax error on line 1073 of /usr/local/apache2/conf/httpd.conf: Invalid command 'LDAPTrustedCA', perhaps mis-spelled or defined by a module not included in the server configuration -- Trev Brad Nicholes wrote: > > Yes. In order to support SSL on multiple platforms, a more generic > directive was required. To specify a cert7.db file you will need to use > the directives: > > LDAPTrustedCA > LDAPTRustedCAType CERT7_DB_PATH > > The most recent documentation page for mod_ldap contains the > description of the new directive. > > Brad > > Brad Nicholes > Senior Software Engineer > Novell, Inc., the leading provider of Net business solutions > http://www.novell.com > > >>> [EMAIL PROTECTED] Tuesday, March 11, 2003 4:53:25 PM >>> > > Well, after successfully compiling auth_ldap with the > OpenLDAP libs I found that it doesn't jive well with > our Netscape LDAP server.. > > So... I finally rebuilt with the Netscape4-LDAP-SDK > libs.. > > Since then I received the following error: > > [Tue Mar 11 00:42:19 2003] [warn] [client 134.15.0.112] [1667653] > auth_ldap authenticate: user 25145 authentication failed; URI > /secure/finance/FA/search.jsp [secure LDAP requested, but no CA cert > defined][Unknown error], referer:http:// > > So, I then placed my cert7.db file in APACHE2/conf directory and > pointed > it > to the cert db file by using the following in my httpd.conf: > > Syntax error on line 1073 of /usr/local/apache2/conf/httpd.conf: > Invalid command 'AuthLDAPStartTLS', perhaps mis-spelled or defined by > a > module not included in the server configuration > > auth_ldap was built statically into the core and not ran as a mod. > > Is there a different command used for Apache2 to load the cert7.db > file > now? > > It worked for our older 1.3 apache.. > > Thanks, > > -- Trev >
Re: AuthLDAPCertDBPath ???
Okay, I think I've found the spot in ssl.conf but when I point the commands at /usr/local/apache2/conf/ssl.crt/cert7.db and try starting up the server it complains with: [error] Unable to configure verify locations for client authentication and will not start. Here's the entry in ssl.conf that I'm using: SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/cert7.db I've also tried the following: SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/server.crt which is not a valid (?) CA cert I suppose but one I created with OpenSSL but it doesn't like that one and complains in the error_log when trying to authenticate at the site with the following: URI /secure [secure LDAP requested, but no CA cert defined][Unknown error] And when I start the server I get a warning (?) : [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) Can anyone point me to where I can get/make a CA cert that will work with our Netscrape LDAP server? Thanks! -- Trev Trevor Hurst wrote: > > Well, after successfully compiling auth_ldap with the > OpenLDAP libs I found that it doesn't jive well with > our Netscape LDAP server.. > > So... I finally rebuilt with the Netscape4-LDAP-SDK > libs.. > > Since then I received the following error: > > [Tue Mar 11 00:42:19 2003] [warn] [client 134.15.0.112] [1667653] > auth_ldap authenticate: user 25145 authentication failed; URI > /secure/finance/FA/search.jsp [secure LDAP requested, but no CA cert > defined][Unknown error], referer:http:// > > So, I then placed my cert7.db file in APACHE2/conf directory and pointed > it > to the cert db file by using the following in my httpd.conf: > > Syntax error on line 1073 of /usr/local/apache2/conf/httpd.conf: > Invalid command 'AuthLDAPStartTLS', perhaps mis-spelled or defined by a > module not included in the server configuration > > auth_ldap was built statically into the core and not ran as a mod. > > Is there a different command used for Apache2 to load the cert7.db file > now? > > It worked for our older 1.3 apache.. > > Thanks, > > -- Trev > > --
Re: AuthLDAPCertDBPath ???
Yes. In order to support SSL on multiple platforms, a more generic directive was required. To specify a cert7.db file you will need to use the directives: LDAPTrustedCA LDAPTRustedCAType CERT7_DB_PATH The most recent documentation page for mod_ldap contains the description of the new directive. Brad Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com >>> [EMAIL PROTECTED] Tuesday, March 11, 2003 4:53:25 PM >>> Well, after successfully compiling auth_ldap with the OpenLDAP libs I found that it doesn't jive well with our Netscape LDAP server.. So... I finally rebuilt with the Netscape4-LDAP-SDK libs.. Since then I received the following error: [Tue Mar 11 00:42:19 2003] [warn] [client 134.15.0.112] [1667653] auth_ldap authenticate: user 25145 authentication failed; URI /secure/finance/FA/search.jsp [secure LDAP requested, but no CA cert defined][Unknown error], referer:http:// So, I then placed my cert7.db file in APACHE2/conf directory and pointed it to the cert db file by using the following in my httpd.conf: Syntax error on line 1073 of /usr/local/apache2/conf/httpd.conf: Invalid command 'AuthLDAPStartTLS', perhaps mis-spelled or defined by a module not included in the server configuration auth_ldap was built statically into the core and not ran as a mod. Is there a different command used for Apache2 to load the cert7.db file now? It worked for our older 1.3 apache.. Thanks, -- Trev -- Trevor Hurst Senior Systems Administrator DCO Unix Production Systems Silicon Graphics Office Ph: 650.933.6144 e-mail: [EMAIL PROTECTED] pager: [EMAIL PROTECTED] -- Thus a mind that is free from passion is a very citadel; man has no stronger fortress in which to seek shelter and defy every assault. Failure to perceive this is ignorance; but to perceive it, and still not to seek its refuge, is misfortune indeed. --Marcus Aurelius
AuthLDAPCertDBPath ???
Well, after successfully compiling auth_ldap with the OpenLDAP libs I found that it doesn't jive well with our Netscape LDAP server.. So... I finally rebuilt with the Netscape4-LDAP-SDK libs.. Since then I received the following error: [Tue Mar 11 00:42:19 2003] [warn] [client 134.15.0.112] [1667653] auth_ldap authenticate: user 25145 authentication failed; URI /secure/finance/FA/search.jsp [secure LDAP requested, but no CA cert defined][Unknown error], referer:http:// So, I then placed my cert7.db file in APACHE2/conf directory and pointed it to the cert db file by using the following in my httpd.conf: Syntax error on line 1073 of /usr/local/apache2/conf/httpd.conf: Invalid command 'AuthLDAPStartTLS', perhaps mis-spelled or defined by a module not included in the server configuration auth_ldap was built statically into the core and not ran as a mod. Is there a different command used for Apache2 to load the cert7.db file now? It worked for our older 1.3 apache.. Thanks, -- Trev -- Trevor Hurst Senior Systems Administrator DCO Unix Production Systems Silicon Graphics Office Ph: 650.933.6144 e-mail: [EMAIL PROTECTED] pager: [EMAIL PROTECTED] -- Thus a mind that is free from passion is a very citadel; man has no stronger fortress in which to seek shelter and defy every assault. Failure to perceive this is ignorance; but to perceive it, and still not to seek its refuge, is misfortune indeed. --Marcus Aurelius