Hi Mathias,
I have done the same. Thanks.
I have one more question.
I have my apache https server on solaris 10 x86 machine that does access my
openldap server on an ubuntu machine so as to do the required
authentication.
It actually checks for the username, password and an attribute so as to
grant access to the user. The attribute defines the kind of controls user
can see in the gui.
Now the issue is that httpd.conf contains ldaps url in AuthLDAPUrl
parameter. If I change it to ldap, it works fine but with ldaps, it doesn't.
The link
http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapurl says "For
regular ldap, use the string ldap. For secure LDAP, use ldaps instead.
Secure LDAP is only available if Apache was linked to an LDAP library with
SSL support."
My openldap server has ssl support with it (I can use ldapsearch with ldaps
url OR ldap url with -ZZ option successfully).
Please let me know what needs to be done in order to use ldaps url in
AuthLDAPUrl
in httpd.conf
Regards
Asimananda
On Fri, Sep 11, 2009 at 8:01 PM, Mathias Gug <mathiaz(a)ubuntu.com> wrote:
Hi,
On Fri, Sep 11, 2009 at 2:27 AM, Howard Chu <hyc(a)symas.com> wrote:
> Asimananda Mohanty wrote:
>> I just changed the permission level of /etc/sasldb2 from 640 to 644 and
>> the command "ldapsearch -d8 -ZZ -b dc=ldap-company,dc=com
>> uid=asimananda" started working fine.
>
> Generally that's a bad idea, since it exposes all of your SASL passwords
to
> anyone who can access that machine or filesystem. Instead you should just
> make sure that slapd is running as a user that belongs to the same group
as
> the sasldb file, or is the owner of the file.
The default group of /etc/sasldb2 should be sasl. Thus adding the
openldap user to the sasl group should fix the problem without having
to change permissions:
$ adduser openldap sasl
--
Mathias Gug
Ubuntu Developer
http://www.ubuntu.com