[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reg OpenLdap on Ubuntu

Hi Mathias,

I have done the same. Thanks.

I have one more question. 

I have my apache https server on solaris 10 x86 machine that does access my openldap server on an ubuntu machine so as to do the required authentication. 

It actually checks for the username, password and an attribute so as to grant access to the user. The attribute defines the kind of controls user can see in the gui.

Now the issue is that httpd.conf contains ldaps url in AuthLDAPUrl parameter. If I change it to ldap, it works fine but with ldaps, it doesn't.

The link http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapurl says "For regular ldap, use the string ldap. For secure LDAP, use ldaps instead. Secure LDAP is only available if Apache was linked to an LDAP library with SSL support."

My openldap server has ssl support with it (I can use ldapsearch with ldaps url OR ldap url with -ZZ option successfully).

Please let me know what needs to be done in order to use ldaps url in AuthLDAPUrl in httpd.conf


On Fri, Sep 11, 2009 at 8:01 PM, Mathias Gug <mathiaz@ubuntu.com> wrote:

On Fri, Sep 11, 2009 at 2:27 AM, Howard Chu <hyc@symas.com> wrote:
> Asimananda Mohanty wrote:
>> I just changed the permission level of /etc/sasldb2 from 640 to 644 and
>> the command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com
>> uid=asimananda" started working fine.
> Generally that's a bad idea, since it exposes all of your SASL passwords to
> anyone who can access that machine or filesystem. Instead you should just
> make sure that slapd is running as a user that belongs to the same group as
> the sasldb file, or is the owner of the file.

The default group of /etc/sasldb2 should be sasl. Thus adding the
openldap user to the sasl group should fix the problem without having
to change permissions:

 $ adduser openldap sasl

Mathias Gug
Ubuntu Developer  http://www.ubuntu.com