On Fri, Aug 15, 2008 at 4:47 PM, Howard Chu hyc@symas.com wrote:
Personally I would put ldap and apache into a group and make the key readable to that specific group.
easy & works like a champ. thanks!
for others' ref:
cat /etc/apache2/uid.conf User wwwrun Group www egrep "OPENLDAP_USER=|OPENLDAP_GROUP=" /etc/sysconfig/openldap OPENLDAP_USER="ldap" OPENLDAP_GROUP="ldap"
groupadd wwwssl grep wwwssl /etc/group usermod -G wwwssl ldap usermod -G wwwssl wwwrun
mkdir -p /usr/local/etc/ssl cd /usr/local/etc/ssl mkdir ssl.crt mkdir ssl.key
cp {.../ca.crt,.../svr.crt} ssl.crt/ cp .../svr.key ssl.key/
chown -R root:wwwssl /usr/local/etc/ssl chmod 755 ssl.crt chmod 750 ssl.key
chmod 644 ssl.crt/ca.crt chmod 644 ssl.crt/svr.crt chmod 640 ssl.key/svr.key
point apache2 & openldap confs as these files.
service apache2 start Starting httpd2 (prefork) done
service ldap start Starting ldap-server done
ps ax | egrep "http|ldap" 8359 ? S<s 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf 8603 ? S<sl 0:00 /usr/lib/openldap/slapd -h ldap:// -f /etc/openldap/slapd.conf -u ldap -g ldap -4 -o slp=on