Re: [us...@httpd] Extra folders "build" and "include" after make install normal?
On Fri, Oct 2, 2009 at 5:52 PM, Rodney Beede wrote: > I'm building Apache 2.2.13 on Oracle Unbreakable 5.4 64-bit Linux with > the following commands: > > ./configure --prefix=/rmg/software/apache2.2.13-openssl0.9.8k > --with-included-apr --disable-autoindex --disable-imagemap > --disable-include --disable-negotiation --disable-userdir > --with-port=8080 --enable-ssl > --with-ssl=/rmg/software/apache2.2.13-openssl0.9.8k --with-ldap > --enable-mods-shared="auth_digest ldap authnz_ldap rewrite deflate > proxy proxy_ajp proxy_balancer headers" > > make > > make install > > > After make install I get my /rmg/software/apache2.2.13-openssl0.9.8k > as expected. However I noticed a "build" and "include" folder in the > root of my Apache directory. They're used to compile apache modules against your installed server. They're normal, but not required for actual runtime activity. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Extra folders "build" and "include" after make install normal?
I'm building Apache 2.2.13 on Oracle Unbreakable 5.4 64-bit Linux with the following commands: ./configure --prefix=/rmg/software/apache2.2.13-openssl0.9.8k --with-included-apr --disable-autoindex --disable-imagemap --disable-include --disable-negotiation --disable-userdir --with-port=8080 --enable-ssl --with-ssl=/rmg/software/apache2.2.13-openssl0.9.8k --with-ldap --enable-mods-shared="auth_digest ldap authnz_ldap rewrite deflate proxy proxy_ajp proxy_balancer headers" make make install After make install I get my /rmg/software/apache2.2.13-openssl0.9.8k as expected. However I noticed a "build" and "include" folder in the root of my Apache directory. Are these directories normal? Should I just delete them? Example listing below: [...@localhost apache2.2.13-openssl0.9.8k]# ls -l total 104 drwxr-x--- 2 root root 4096 Oct 2 16:19 bin drwxr-x--- 2 root root 4096 Oct 2 16:19 build drwxr-x--- 2 root root 4096 Oct 2 16:33 conf drwxr-x--- 3 root root 4096 Oct 2 16:19 error drwxr-x--- 2 root root 4096 Oct 2 16:36 htdocs drwxr-x--- 3 root root 4096 Oct 2 16:19 icons drwxr-x--- 3 root root 4096 Oct 2 16:19 include drwxr-x--- 5 root root 4096 Oct 2 16:19 lib drwxr-x--- 2 root root 4096 Oct 2 16:19 logs drwxr-x--- 4 root root 4096 Oct 2 16:19 man drwxr-x--- 2 root root 4096 Oct 2 16:19 modules drwxr-x--- 6 root root 4096 Oct 2 16:07 ssl -rw-r--r-- 1 root root 1162 Oct 2 16:45 VERSION [...@localhost apache2.2.13-openssl0.9.8k]# ls build/ include/ build/: apr_rules.mk config_vars.mk library.mk ltlib.mk make_var_export.awk program.mk special.mk config.nice instdso.sh libtool make_exports.awk mkdir.sh rules.mk include/: ap_compat.h apr_dbm.h apr_hooks.h apr_poll.hapr_support.hapu.h mod_dav.h util_cfgtree.h ap_config_auto.hapr_dso.h apr_inherit.h apr_pools.h apr_tables.h apu_version.h mod_dbd.h util_charset.h ap_config.h ap_regex.h apr_ldap.h apr_portable.hapr_thread_cond.hapu_want.h mod_include.h util_ebcdic.h ap_config_layout.h ap_regkey.h apr_ldap_init.h apr_proc_mutex.h apr_thread_mutex.h http_config.h mod_log_config.h util_filter.h ap_listen.h ap_release.hapr_ldap_option.h apr_queue.h apr_thread_pool.hhttp_connection.h mod_proxy.h util_ldap.h ap_mmn.hapr_env.h apr_ldap_rebind.h apr_random.h apr_thread_proc.hhttp_core.h mod_rewrite.h util_md5.h ap_mpm.hapr_errno.h apr_ldap_url.h apr_reslist.h apr_thread_rwlock.h httpd.hmod_ssl.h util_script.h ap_provider.h apr_file_info.h apr_lib.h apr_ring.hapr_time.h http_log.h mod_status.h util_time.h apr_allocator.h apr_file_io.h apr_md4.h apr_rmm.h apr_uri.hhttp_main.hmpm_common.h util_xml.h apr_anylock.h apr_fnmatch.h apr_md5.h apr_sdbm.hapr_user.h http_protocol.h mpm_default.h apr_atomic.hapr_general.h apr_memcache.h apr_sha1.hapr_uuid.h http_request.h mpm.h apr_base64.hapr_getopt.hapr_mmap.h apr_shm.h apr_version.hhttp_vhost.h openssl apr_buckets.h apr_global_mutex.h apr_network_io.h apr_signal.h apr_want.h mod_auth.h os.h apr_date.h apr.h apr_optional.h apr_strings.h apr_xlate.h mod_cgi.h scoreboard.h apr_dbd.h apr_hash.h apr_optional_hooks.h apr_strmatch.hapr_xml.hmod_core.h unixd.h - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] group authorization via LDAP
Thanks makes sense and works well using require ldap-filter -Tony > -Original Message- > From: Eric Covener [mailto:cove...@gmail.com] > Sent: Friday, October 02, 2009 3:38 PM > To: users@httpd.apache.org > Subject: Re: [us...@httpd] group authorization via LDAP > > > AuthLDAPGroupAttribute memberOf > > > > require ldap-group CN=mygroup,OU=GroupStuff,OU=Company > > Groups,DC=dev,DC=company,DC=com > > > > My LDAP entry (using the URL above) looks like this: > > dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com > > > > objectClass: top > > person > > organizationalPerson > > user > > cn: trice > > > > memberOf: CN=mygroup,OU=GroupStuff,OU=Company > > Groups,DC=dev,DC=company,DC=com > > CN=admins,OU=Standard,OU=Company > > Groups,DC=dev,DC= company,DC=com > > department: 8675309 > > company: Company, Inc. > > > Your config looks for entries like this in ldap: > > cn: =mygroup,OU=Grou > memberOf: trice > memberOf: bob > ... > > Your LDAP setup should use require ldap-filter to find a memberOf > under the _user_ that signifies membership in a group, or find how the > groups entry lists users (not memberOf, but something like member or > uniqueMember). ldap-filter starts at the user and looks for stuff, > ldap-group starts at the group and looks for an entry listing your > user. > > -- > Eric Covener > cove...@gmail.com > > - > The official User-To-User support forum of the Apache HTTP Server > Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >" from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache redirection does not work
On Fri, Oct 2, 2009 at 4:07 PM, Sharjeel Tariq
wrote:
> the redirection rule is written in a separate file under .
>
>
> RewriteCond %{HTTP_HOST} ^example.com$
> RewriteRule ^/(.*)$ http://www.example.com/$1 [L,R]
>
>
> The issue was that above rule works for all urls except for urls like
> http://example.com/news/headlines/more.jsp?content=20090624_075115_6540
>
>
> the rule redirects the above url to home page of site
>
> http://www.example.com/index.jsp?content=20090624_075115_6540
And it can't be captured by a RewriteLog? Is it some other
rewrite/redirect occuring?
--
Eric Covener
cove...@gmail.com
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache redirection does not work
the redirection rule is written in a separate file under .
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule ^/(.*)$ http://www.example.com/$1 [L,R]
The issue was that above rule works for all urls except for urls like
http://example.com/news/headlines/more.jsp?content=20090624_075115_6540
the rule redirects the above url to home page of site
http://www.example.com/index.jsp?content=20090624_075115_6540
Thanks,
Sharjeel.
On Fri, Oct 2, 2009 at 3:59 PM, Eric Covener wrote:
> On Fri, Oct 2, 2009 at 3:48 PM, Sharjeel Tariq
> wrote:
> > rewriteEngine is on. Here is the rule in Virtual Host.
> >
> >
> > Servername www.example.com
> > DocumentRoot /www/www_example_com/
> > CustomLog /var/log/apache/www_example_com_access.log
> > combined env=!disable_logging
> > ErrorLog /var/log/apache/www_example_com_error.log
> > include conf/shared/blockWebInf.inc
> > CookieDomain .example.com
> > WLCookieName visunique
> > CookieTracking on
> > RewriteEngine On
> > RewriteRule ^/(.*\.jsp.*$|.*\/$|$)
> > http://localhost:6201/www_example_com/$1 [P]
> > ProxyPassReverse / http://localhost:6201/www_example_com
> >
> >
> >
> > Can I say this is a bug in apache as I got this redirction rule from
> apache
> > manual to redirect all non 'www' requests to 'www' requests but it seems
> as
> > apache is not handling the urls with parameter at the end?
>
> Did you paste the right snippet? That's a pretty elaborate regex, and
> doesn't redirect at all but proxies.
>
> --
> Eric Covener
> cove...@gmail.com
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
Re: [us...@httpd] apache redirection does not work
On Fri, Oct 2, 2009 at 3:48 PM, Sharjeel Tariq wrote: > rewriteEngine is on. Here is the rule in Virtual Host. > > > Servername www.example.com > DocumentRoot /www/www_example_com/ > CustomLog /var/log/apache/www_example_com_access.log > combined env=!disable_logging > ErrorLog /var/log/apache/www_example_com_error.log > include conf/shared/blockWebInf.inc > CookieDomain .example.com > WLCookieName visunique > CookieTracking on > RewriteEngine On > RewriteRule ^/(.*\.jsp.*$|.*\/$|$) > http://localhost:6201/www_example_com/$1 [P] > ProxyPassReverse / http://localhost:6201/www_example_com > > > > Can I say this is a bug in apache as I got this redirction rule from apache > manual to redirect all non 'www' requests to 'www' requests but it seems as > apache is not handling the urls with parameter at the end? Did you paste the right snippet? That's a pretty elaborate regex, and doesn't redirect at all but proxies. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache redirection does not work
rewriteEngine is on. Here is the rule in Virtual Host. Servername www.example.com DocumentRoot /www/www_example_com/ CustomLog /var/log/apache/www_example_com_access.log combined env=!disable_logging ErrorLog /var/log/apache/www_example_com_error.log include conf/shared/blockWebInf.inc CookieDomain .example.com WLCookieName visunique CookieTracking on RewriteEngine On RewriteRule ^/(.*\.jsp.*$|.*\/$|$) http://localhost:6201/www_example_com/$1 [P] ProxyPassReverse / http://localhost:6201/www_example_com Can I say this is a bug in apache as I got this redirction rule from apache manual to redirect all non 'www' requests to 'www' requests but it seems as apache is not handling the urls with parameter at the end? On Fri, Oct 2, 2009 at 11:23 AM, Eric Covener wrote: > On Fri, Oct 2, 2009 at 10:46 AM, Sharjeel Tariq > wrote: > > The issue with creating ServerAlias is we get two analytics reports for > each > > of our site. There are many benefits associated with redirecting non > 'www' > > urls to 'www' urls. > > > > I tried using following configuration in httpd.conf as per Bob > > recommendation. > > > > > > Rewritelog logs/rewrite_log > > Rewriteloglevel 6 > > > > > > It created file rewrite_log but did not write any thing in the log file. > I > > have also tried using QSA flag to the rule but that didn't work either. > > no RewriteEngine on, htaccess not being read (allowoverride?), or > rules in a that isn't actually handling the request? > > -- > Eric Covener > cove...@gmail.com > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [us...@httpd] group authorization via LDAP
> AuthLDAPGroupAttribute memberOf > > require ldap-group CN=mygroup,OU=GroupStuff,OU=Company > Groups,DC=dev,DC=company,DC=com > > My LDAP entry (using the URL above) looks like this: > dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com > > objectClass: top > person > organizationalPerson > user > cn: trice > > memberOf: CN=mygroup,OU=GroupStuff,OU=Company > Groups,DC=dev,DC=company,DC=com > CN=admins,OU=Standard,OU=Company > Groups,DC=dev,DC= company,DC=com > department: 8675309 > company: Company, Inc. Your config looks for entries like this in ldap: cn: =mygroup,OU=Grou memberOf: trice memberOf: bob ... Your LDAP setup should use require ldap-filter to find a memberOf under the _user_ that signifies membership in a group, or find how the groups entry lists users (not memberOf, but something like member or uniqueMember). ldap-filter starts at the user and looks for stuff, ldap-group starts at the group and looks for an entry listing your user. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] group authorization via LDAP
One other wrinkle to add to this. I can get "require ldap-group" to work, but only if all the Auth config lines are in the .htaccess file. If it's in the httpd.conf file and only require lines are in the .htaccess file require ldap-group produces the errors below (though "require valid-user" and "require ldap-filter" work fine either way). -Tony > -Original Message- > From: Tony Rice (trice) > Sent: Friday, October 02, 2009 1:52 PM > To: users@httpd.apache.org > Subject: RE: [us...@httpd] group authorization via LDAP > > I'm able to do LDAP based group authorization when specify the group > info as a filter in the LDAP URL but I'd like to configure a more > generic LDAP string in the apache config and allow users to control > access by group membership using .htaccess files. I'm able to > authenticate based on userid/password but can seem to get the config > quite right to authorize based on group membership. > > These memberships are in the memberOf attribute on User records In the > LDAP tree, users are in OU=Company Users, groups are in OU=GroupStuff > and OU=Standard under OU=Company Groups. > > The log files complain that an attribute can't be found for the group > value specified. Any ideas? > > > My ldap config looks like this: > AuthName "Active Directory" > AuthType Basic > AuthBasicProvider ldap > AuthLDAPBindDN "CN=mybinduser,OU=Generics,OU=Company > Users,DC=dev,DC=company,DC=com" > AuthLDAPBindPassword secret > AuthLDAPRemoteUserAttribute cn > > AuthLDAPUrl "ldap://dev.company.com:389/OU=Company > Users,DC=dev,DC=company,DC=com?cn?sub?" > AuthzLDAPAuthoritative on > AuthLDAPGroupAttribute memberOf > > .htaccess file looks like this: > require valid-user > require ldap-group CN=mygroup,OU=GroupStuff,OU=Company > Groups,DC=dev,DC=company,DC=com > > > Logs look like this: > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(875): [6756] > auth_ldap url parse: `ldap://dev.company.com:389/OU=Company > Users,DC=dev,DC=company,DC=com?cn?sub?' > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(884): [6756] > auth_ldap url parse: Host: dev.company.com:389 > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(886): [6756] > auth_ldap url parse: Port: 389 > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(888): [6756] > auth_ldap url parse: DN: OU= Company Users,DC=dev,DC=company,DC=com > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(890): [6756] > auth_ldap url parse: attrib: cn > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(892): [6756] > auth_ldap url parse: scope: subtree > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(897): [6756] > auth_ldap url parse: filter: (null) > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(977): LDAP: > auth_ldap not using SSL connections > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(377): [client > 64.102.41.173] [6756] auth_ldap authenticate: using URL > ldap://dev.company.com:389/OU= Company > Users,DC=dev,DC=company,DC=com?cn?sub? > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(474): [client > 64.102.41.173] [6756] auth_ldap authenticate: accepting trice > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(715): [client > 64.102.41.173] [6756] auth_ldap authorise: require group: testing for > group membership in "CN=mygroup,OU=GroupStuff,OU=Company > Groups,DC=dev,DC=company,DC=com" > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(721): [client > 64.102.41.173] [6756] auth_ldap authorise: require group: testing for > memberOf: CN=trice,OU=Employees,OU=Company > Users,DC=dev,DC=company,DC=com (CN=mygroup,OU=GroupStuff,OU=Company > Groups,DC=dev,DC=company,DC=com) > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(737): [client > 64.102.41.173] [6756] auth_ldap authorise: require group > "CN=mygroup,OU=GroupStuff,OU=Company Groups,DC=dev,DC=company,DC=com": > authorisation failed [Comparison no such attribute (adding to > cache)][No > such attribute] > [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(852): [client > 64.102.41.173] [6756] auth_ldap authorise: authorisation denied > > My LDAP entry (using the URL above) looks like this: > dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com > >objectClass: top > person > organizationalPerson > user > cn: trice > > memberOf: CN=mygroup,OU=GroupStuff,OU=Company > Groups,DC=dev,DC=company,DC=com > CN=admins,OU=Standard,OU=Company > Groups,DC=dev,DC= company,DC=com > department: 8675309 >company: Company, Inc. > > - > The official User-To-User support forum of the Apache HTTP Server > Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >" from the digest: users-di
Re: [us...@httpd] Configuration Apache for multiple wars on Tomcat with multiple domains
On Fri, 2009-10-02 at 17:15 +0200, Cyril Vieville wrote: > Hi, > > > > I have an apache server used as load balancer for multiple tomcat > servers clusters with mod_jk. > > We use ServerAlias and our DNS registration (in direction of the > apache server of course) to have an URL by application. For this one, > it´s cluster1.mydomain.com > > > > Everything worked fine till today as we have a new need. We used to > install only one war on each Tomcat server with the context path “” so > the URL was http://cluster1.mydomain.com but now we have to host more > than 1 war by tomcat server. So the Context path will change to the > name of the war (no problem for that) but we don´t want to use > > > > cluster1.mydomain.com/war1 > > cluster1.mydomain.com/war2 > > > > but > > > > war1.mydomain.com > > war2.mydomain.com > > > > what should I do or add ? Is it on the Apache or mod_jk configuration, > or on the Tomcat side ? > > Of course I need to add some ServerAlias lines but I don´t know what > to do with the rest ... > > > > Thanks, > > > > Cyril Viéville Hello Cyril, Take a look at virtual host on tomcat: http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html I think that it is what you where searching for. Also remember to have the right virtual host on apache to the right worker. Cheers, Martin - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
RE: [us...@httpd] group authorization via LDAP
I'm able to do LDAP based group authorization when specify the group info as a filter in the LDAP URL but I'd like to configure a more generic LDAP string in the apache config and allow users to control access by group membership using .htaccess files. I'm able to authenticate based on userid/password but can seem to get the config quite right to authorize based on group membership. These memberships are in the memberOf attribute on User records In the LDAP tree, users are in OU=Company Users, groups are in OU=GroupStuff and OU=Standard under OU=Company Groups. The log files complain that an attribute can't be found for the group value specified. Any ideas? My ldap config looks like this: AuthName "Active Directory" AuthType Basic AuthBasicProvider ldap AuthLDAPBindDN "CN=mybinduser,OU=Generics,OU=Company Users,DC=dev,DC=company,DC=com" AuthLDAPBindPassword secret AuthLDAPRemoteUserAttribute cn AuthLDAPUrl "ldap://dev.company.com:389/OU=Company Users,DC=dev,DC=company,DC=com?cn?sub?" AuthzLDAPAuthoritative on AuthLDAPGroupAttribute memberOf .htaccess file looks like this: require valid-user require ldap-group CN=mygroup,OU=GroupStuff,OU=Company Groups,DC=dev,DC=company,DC=com Logs look like this: [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(875): [6756] auth_ldap url parse: `ldap://dev.company.com:389/OU=Company Users,DC=dev,DC=company,DC=com?cn?sub?' [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(884): [6756] auth_ldap url parse: Host: dev.company.com:389 [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(886): [6756] auth_ldap url parse: Port: 389 [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(888): [6756] auth_ldap url parse: DN: OU= Company Users,DC=dev,DC=company,DC=com [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(890): [6756] auth_ldap url parse: attrib: cn [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(892): [6756] auth_ldap url parse: scope: subtree [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(897): [6756] auth_ldap url parse: filter: (null) [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(977): LDAP: auth_ldap not using SSL connections [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(377): [client 64.102.41.173] [6756] auth_ldap authenticate: using URL ldap://dev.company.com:389/OU= Company Users,DC=dev,DC=company,DC=com?cn?sub? [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(474): [client 64.102.41.173] [6756] auth_ldap authenticate: accepting trice [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(715): [client 64.102.41.173] [6756] auth_ldap authorise: require group: testing for group membership in "CN=mygroup,OU=GroupStuff,OU=Company Groups,DC=dev,DC=company,DC=com" [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(721): [client 64.102.41.173] [6756] auth_ldap authorise: require group: testing for memberOf: CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com (CN=mygroup,OU=GroupStuff,OU=Company Groups,DC=dev,DC=company,DC=com) [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(737): [client 64.102.41.173] [6756] auth_ldap authorise: require group "CN=mygroup,OU=GroupStuff,OU=Company Groups,DC=dev,DC=company,DC=com": authorisation failed [Comparison no such attribute (adding to cache)][No such attribute] [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(852): [client 64.102.41.173] [6756] auth_ldap authorise: authorisation denied My LDAP entry (using the URL above) looks like this: dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com objectClass: top person organizationalPerson user cn: trice memberOf: CN=mygroup,OU=GroupStuff,OU=Company Groups,DC=dev,DC=company,DC=com CN=admins,OU=Standard,OU=Company Groups,DC=dev,DC= company,DC=com department: 8675309 company: Company, Inc. - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] [virtual host - jkmount]Infra structure refactoring
Hi, I need to modify apache config to accomplish the following characteristcis: 1- Have one domain with digital certificate. 2- Transform the production domains into applications below the domain. I´ve set up a virtualhost to accomplish the task 1, it works ok. But I´m stuck in refactoring the existing configuration below. Original vhost.conf with many VirtualHost entries: ServerName app1 . JkMount /app dmb . ServerName app2 . JkMount /app dmb2 . End of vhost.conf As we can see dmb and dmb2 point to different tomcat instances that can be running at the same time. I´ve created two virtualhost entries to handle the first task: ServerName portaldmb Redirect / https://portaldmb.ab/ ServerName portaldmb.ab JkMount /app dmb How can I configure the last VirtualHost to keep the two JkMounts? OR Do I´m using the worng config to solve the problem? Thanks, André - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache redirection does not work
On Fri, Oct 2, 2009 at 10:46 AM, Sharjeel Tariq wrote: > The issue with creating ServerAlias is we get two analytics reports for each > of our site. There are many benefits associated with redirecting non 'www' > urls to 'www' urls. > > I tried using following configuration in httpd.conf as per Bob > recommendation. > > > Rewritelog logs/rewrite_log > Rewriteloglevel 6 > > > It created file rewrite_log but did not write any thing in the log file. I > have also tried using QSA flag to the rule but that didn't work either. no RewriteEngine on, htaccess not being read (allowoverride?), or rules in a that isn't actually handling the request? -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Configuration Apache for multiple wars on Tomcat with multiple domains
Hi, I have an apache server used as load balancer for multiple tomcat servers clusters with mod_jk. The configuration is to have different workers on different servers and sometimes port as well : # # START # Nodes JkWorkerProperty worker.server_1_1.host=server40 JkWorkerProperty worker.server_1_1.port=8009 JkWorkerProperty worker.server_1_1.reference=worker.tmplt_worker JkWorkerProperty worker.server_2_1.host=server41 JkWorkerProperty worker.server_2_1.port=8009 JkWorkerProperty worker.server_2_1.reference=worker.tmplt_worker # Loadbalancer JkWorkerProperty worker.lb_cluster1.reference=worker.tmplt_balancer JkWorkerProperty worker.lb_cluster1.balance_workers=server_1_1,server_2_1 # END # We use ServerAlias and our DNS registration (in direction of the apache server of course) to have an URL by application. For this one, it´s cluster1.mydomain.com Everything worked fine till today as we have a new need. We used to install only one war on each Tomcat server with the context path "" so the URL was http://cluster1.mydomain.com but now we have to host more than 1 war by tomcat server. So the Context path will change to the name of the war (no problem for that) but we don´t want to use cluster1.mydomain.com/war1 cluster1.mydomain.com/war2 but war1.mydomain.com war2.mydomain.com what should I do or add ? Is it on the Apache or mod_jk configuration, or on the Tomcat side ? Of course I need to add some ServerAlias lines but I don´t know what to do with the rest ... Thanks, Cyril Viéville
Re: [us...@httpd] group authorization via LDAP
On Fri, Oct 2, 2009 at 8:38 AM, Marc Patermann wrote: > Hi, > > Tom Evans schrieb: >> >> On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote: > >> This is how we do it: >> [...] >> AuthzLDAPAuthoritative "On" >> Require valid-user >> Require ldap-group cn=Department,ou=Groups,o=Company > > Does this work? > When I read the docs: > "Require valid-user > If this directive exists, mod_authnz_ldap grants access to any user that has > successfully authenticated during the search/bind phase." > and: > "Other Require values may also be used which may require loading additional > authorization modules. Note that if you use a Require value from another > authorization module, you will need to ensure that AuthzLDAPAuthoritative > is set to off to allow the authorization phase to fall back to the module > providing the alternate Require value." > -> http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html > > This seems to me like either "Require valid-user" is not working at all - > because AuthzLDAPAuthoritative is "On" - or it overrules any ldap-group > setting. Hm!? The doc is poor in this regard. mod_authnz_ldap does not handle "valid-user", it allows another module to handle it [if the request gets that far]. This is why the AuthzLDAPAuthoritiative does not apply to the "Require valid-user", and this quoted config boils down to the same as if you'd removed the first two quoted directives [IIUC]. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] group authorization via LDAP
On Fri, Oct 2, 2009 at 10:36 AM, Tony Rice (trice) wrote: > Is our only choice changing all the .htaccess files with "require group > " to "require ldap-group cn=,ou=some long ldap > string" in order to make the switch group authorization via LDAP groups? Yes. -- Eric Covener cove...@gmail.com - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] apache redirection does not work
The issue with creating ServerAlias is we get two analytics reports for each
of our site. There are many benefits associated with redirecting non 'www'
urls to 'www' urls.
I tried using following configuration in httpd.conf as per Bob
recommendation.
Rewritelog logs/rewrite_log
Rewriteloglevel 6
It created file rewrite_log but did not write any thing in the log file. I
have also tried using QSA flag to the rule but that didn't work either.
Thanks,
Sharjeel
On Thu, Oct 1, 2009 at 5:06 PM, Martin Spinassi wrote:
> On Thu, 2009-10-01 at 11:53 -0400, Sharjeel Tariq wrote:
> > Hi,
> >
> >
> > I am trying to set up apache redirection rule for redirecting all of
> > our non
> > 'www' domains to 'www' domains. I got the redirection rule from apache
> > manual
> > but the rule does not work when we have subdirectories and parameters
> > at the
> > end of url.
> >
> > The redirection rule i have is
> >
> >
> > RewriteCond %{HTTP_HOST} ^example.com$
> > RewriteRule ^/(.*)$ http://www.example.com/$1 [L,R]
> >
>
>
> Sharjeel,
>
> I know it's not what you are asking for, but may accomplish your task.
>
> You can try adding a ServerAlias to the VirtualHost:
>
> ServerName example.com
> ServerAlias www.example.com
>
> Here is the documentation at apache site:
> http://httpd.apache.org/docs/2.0/mod/core.html#serveralias
>
>
> Sorry if it's not what you are asking for, but it's pretty much waht I'd
> do. With a simple script you can manage to add the ServerAlias to all
> the VirtualHosts.
>
>
> Cheers,
>
> Martin
>
>
> -
> The official User-To-User support forum of the Apache HTTP Server Project.
> See http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> " from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
RE: [us...@httpd] group authorization via LDAP
Is our only choice changing all the .htaccess files with "require group " to "require ldap-group cn=,ou=some long ldap string" in order to make the switch group authorization via LDAP groups? -Tony > -Original Message- > From: Tom Evans [mailto:tevans...@googlemail.com] > Sent: Friday, October 02, 2009 4:36 AM > To: users@httpd.apache.org > Subject: Re: [us...@httpd] group authorization via LDAP > > On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote: > > I'm trying to convert from DBM file based authentication and > > authorization to LDAP based authentication and authorization in > Apache > > 2.2.11. > > > > We've already got a large number of .htaccess files with specific > > configs for individual directories that are using "require user" and > > "require group". Is it possible to configure the apache server to > allow > > those .htaccess to continue work as expected or must we change them > to > > "require ldap-user" and "require ldap-group"? > > > > I'm digging through the mod_authnz_ldap docs but the config to > specify > > the base for group authorization (in my case: "ou=GroupStuff,ou=Our > > Groups,dc=Company,dc=Com") just isn't jumping out at me. > > > > This is how we do it: > > AuthType Basic > AuthName "Company" > AuthBasicProvider "ldap" > AuthLDAPURL "ldap://ldap/o=Company?mail?sub?(accountActive=TRUE)" > AuthLDAPBindDN "cn=authuser,ou=System Accounts,o=Company" > AuthLDAPBindPassword "authpass" > AuthzLDAPAuthoritative "On" > Require valid-user > Require ldap-group cn=Department,ou=Groups,o=Company > > > Cheers > > Tom > > > > - > The official User-To-User support forum of the Apache HTTP Server > Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >" from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache 2.2.13, OpenSSL 0.9.8k, Linux, [error] Unable to initialize TLS servername
On Fri, Oct 2, 2009 at 3:32 AM, Tom Evans wrote: > On Thu, 2009-10-01 at 13:24 -0500, Rodney Beede wrote: >> So I have a 64-bit Linux system (Oracle Unbreakable 5.4) where I am >> trying to compile Apache 2.2.13 with Openssl 0.9.8k with mod_ssl as a >> shared module. >> I setup my Openssl as follows: >> ./config --prefix=/software/openssl shared enable-tlsext >> make >> make test >> make install >> All went well there. >> Then I built Apache with the following: >> export PATH=/software/openssl/bin:$PATH >> export LD_LIBRARY_PATH=/software/openssl/lib >> openssl version >> Gives 0.9.8k version as expected >> ./configure --prefix=/software/apache2 --with-included-apr >> --disable-autoindex --disable-imagemap --disable-include >> --disable-negotiation --disable-userdir --with-port=8080 >> --with-ssl=/software/openssl --with-ldap >> --enable-mods-shared="auth_digest ldap authnz_ldap authn_file >> authz_user rewrite ssl deflate proxy proxy_ajp proxy_balancer" >> make >> make install >> All goes well. >> >> I then uncomment httpd-ssl.conf from httpd.conf and add a server.crt >> and server.key to conf/ >> I then run /software/apache2/bin/httpd >> The logs/errors file gives the following error message: >> [error] Unable to initialize TLS servername extension callback >> (incompatible OpenSSL version?) > > This is probably because you built apache against one version of OpenSSL > and your dynamic loader is finding a different version. > > You're building it against OpenSSL installed in /software/openssl/. > Is /software/openssl/lib in your ld path when you come to run it? What > does ldd say about the shared module and the apache binary? I set my PATH to the /software/openssl/bin folder and LD_LIBRARY_PATH to /software/openssl/lib before compiling Apache httpd. ldd concurs that /software/openssl is being used for both the module and binary. Is there something else I missed? I'd consider stripping out the vendor packaged and installed older version of openssl, but that would break pretty much everything else in the distro. The vendor is slow on providing patches which leaves security vulnerabilities. Perhaps I'd be better switching to another distro. > >> >> >> In the end I got it to work by recompiling Apache with mod_ssl static >> instead of shared (./configure --enable-ssl and no "ssl" in the >> enable-mods-shared list). >> >> My question is has anyone managed to get Apache 2.2.13 with Openssl >> 0.9.8k to work with mod_ssl as a shared module? >> This thread seems to be the only one that really relates to the error >> I'm seeing. The suggestion of changing the Apache ssl cert directives >> didn't work for me though. >> http://groups.google.com/group/lucky.freebsd.ports/browse_thread/thread/8678679422363783 >> >> I suppose I could try openssl 1.0.0 beta 3 next. Anyone had success with >> that? > > Until you have apache finding the version of openssl that you built it > against at runtime, you could keep trying different versions of openssl > and it will have the same effect. > > Cheers > > Tom > > > - > The official User-To-User support forum of the Apache HTTP Server Project. > See http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] HTTP/0.9 and mod_proxy
On Thu, Oct 1, 2009 at 4:25 PM, Danijel wrote: > Hi, > > I have to reverse proxy a beast which speaks HTTP/0.9. The documentation > to mod_proxy says: > > This module implements a proxy/gateway for Apache. It implements > proxying capability for FTP, CONNECT (for SSL), HTTP/0.9, > HTTP/1.0, and HTTP/1.1. > > The configuration simply is: > > ProxyPass / http://backend:9110/ > > But all I get is error 502. The log says: > > error reading status line from remote server backend You get this error because the backend didn't send a status line. Apache is behaving exactly as designed here. > The tcpdump between Apache and the backend looks like this: > > GET /test HTTP/1.0 > Host: backend:9110 > User-Agent: curl/7.15.1 (x86_64-suse-linux) libcurl/7.15.1 > OpenSSL/0.9.8a zlib/1.2.3 libidn/0.6.0 > Accept: */* > Max-Forwards: 10 > X-Forwarded-For: 127.0.0.1 > X-Forwarded-Host: localhost:4080 > X-Forwarded-Server: localhost > > AS2 Adapter is alive. Your problem is that apache expects a http/1.0 response to an HTTP/1.0 request. Because the response does not conform to HTTP/1.0 it is rejected. Thus the 502 error. Apache will proxy HTTP/0.9 just fine. Just repeat your test with a HTTP/0.9 client and you'll see. Apache does not translate between HTTP/1.0 and HTTP/0.9. It would anyway not be easy to do this. So if you send a HTTP/1.0 request to your forward proxy it will forward a HTTP/1.0 request to the backend. Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Filter by group attribute using mod authnz_ldap
Hi, Mxrgus Pxrt schrieb: Would it be possible to filter users not only by user attributes or groups but also by attributes of group using authnz_ldap? Example: Users: cn: First Last, ou: people, dc: lol cn: Second Last, ou: pople, dc: lol Groups: cn: lord, ou: group, dc: lol member: First Last attribute111: yes Now, if attribute111 is yes, auth succeeds. If not, what would be your recommendation, how to solve this task? Hm, if there was any group-filter setting ... But you have to _name_ the ldap-group anyone, don't you? So just name LDAP groups here which have the attribute. :) If you use AuthLDAPBindDN for searching ldap by apache, you could "hide" other groups than these with the attribute by ACL on the ldap server. Marc - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] group authorization via LDAP
Hi, Tom Evans schrieb: On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote: This is how we do it: [...] AuthzLDAPAuthoritative "On" Require valid-user Require ldap-group cn=Department,ou=Groups,o=Company Does this work? When I read the docs: "Require valid-user If this directive exists, mod_authnz_ldap grants access to any user that has successfully authenticated during the search/bind phase." and: "Other Require values may also be used which may require loading additional authorization modules. Note that if you use a Require value from another authorization module, you will need to ensure that AuthzLDAPAuthoritative is set to off to allow the authorization phase to fall back to the module providing the alternate Require value." -> http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html This seems to me like either "Require valid-user" is not working at all - because AuthzLDAPAuthoritative is "On" - or it overrules any ldap-group setting. Hm!? Marc - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] group authorization via LDAP
On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote: > I'm trying to convert from DBM file based authentication and > authorization to LDAP based authentication and authorization in Apache > 2.2.11. > > We've already got a large number of .htaccess files with specific > configs for individual directories that are using "require user" and > "require group". Is it possible to configure the apache server to allow > those .htaccess to continue work as expected or must we change them to > "require ldap-user" and "require ldap-group"? > > I'm digging through the mod_authnz_ldap docs but the config to specify > the base for group authorization (in my case: "ou=GroupStuff,ou=Our > Groups,dc=Company,dc=Com") just isn't jumping out at me. > This is how we do it: AuthType Basic AuthName "Company" AuthBasicProvider "ldap" AuthLDAPURL "ldap://ldap/o=Company?mail?sub?(accountActive=TRUE)" AuthLDAPBindDN "cn=authuser,ou=System Accounts,o=Company" AuthLDAPBindPassword "authpass" AuthzLDAPAuthoritative "On" Require valid-user Require ldap-group cn=Department,ou=Groups,o=Company Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Apache version dubio
Out of a technical and practical perspective, what should be the best choice now: Apache 2 or a lower version? Jos Chrispijn - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache 2.2.13, OpenSSL 0.9.8k, Linux, [error] Unable to initialize TLS servername
On Thu, 2009-10-01 at 13:24 -0500, Rodney Beede wrote: > So I have a 64-bit Linux system (Oracle Unbreakable 5.4) where I am > trying to compile Apache 2.2.13 with Openssl 0.9.8k with mod_ssl as a > shared module. > I setup my Openssl as follows: > ./config --prefix=/software/openssl shared enable-tlsext > make > make test > make install > All went well there. > Then I built Apache with the following: > export PATH=/software/openssl/bin:$PATH > export LD_LIBRARY_PATH=/software/openssl/lib > openssl version > Gives 0.9.8k version as expected > ./configure --prefix=/software/apache2 --with-included-apr > --disable-autoindex --disable-imagemap --disable-include > --disable-negotiation --disable-userdir --with-port=8080 > --with-ssl=/software/openssl --with-ldap > --enable-mods-shared="auth_digest ldap authnz_ldap authn_file > authz_user rewrite ssl deflate proxy proxy_ajp proxy_balancer" > make > make install > All goes well. > > I then uncomment httpd-ssl.conf from httpd.conf and add a server.crt > and server.key to conf/ > I then run /software/apache2/bin/httpd > The logs/errors file gives the following error message: > [error] Unable to initialize TLS servername extension callback > (incompatible OpenSSL version?) This is probably because you built apache against one version of OpenSSL and your dynamic loader is finding a different version. You're building it against OpenSSL installed in /software/openssl/. Is /software/openssl/lib in your ld path when you come to run it? What does ldd say about the shared module and the apache binary? > > > In the end I got it to work by recompiling Apache with mod_ssl static > instead of shared (./configure --enable-ssl and no "ssl" in the > enable-mods-shared list). > > My question is has anyone managed to get Apache 2.2.13 with Openssl > 0.9.8k to work with mod_ssl as a shared module? > This thread seems to be the only one that really relates to the error > I'm seeing. The suggestion of changing the Apache ssl cert directives > didn't work for me though. > http://groups.google.com/group/lucky.freebsd.ports/browse_thread/thread/8678679422363783 > > I suppose I could try openssl 1.0.0 beta 3 next. Anyone had success with > that? Until you have apache finding the version of openssl that you built it against at runtime, you could keep trying different versions of openssl and it will have the same effect. Cheers Tom - The official User-To-User support forum of the Apache HTTP Server Project. See http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
