Regarding the apache issue, as I expected, fingers raised towards the certificate file even if I have clarified that the same certificate works fine with the local client (installed along with the server).

Is there any way so as to prove that certificate file is Ok?


On Mon, Sep 21, 2009 at 3:53 PM, Asimananda Mohanty <asimananda.mohanty@gmail.com> wrote:
I think I am supposed to provide the bind DN with "-D" option i.e. cn=admin,dc=ldap-company,dc=com.

With this value, it works fine.

Sorry for the mistake.

Reg Apache issue, I will post it here once it is solved.


On Mon, Sep 21, 2009 at 3:42 PM, Asimananda Mohanty <asimananda.mohanty@gmail.com> wrote:
Hi Dieter,

I will try to look it from a different angle. Once I am able to solve it, I will post it here.

I have one more query.

On my server, I am able to get the result by :

# ldapsearch -d8 -H ldaps://ldap-company.com -b dc=ldap-company,dc=com uid=asimananda
SASL/DIGEST-MD5 authentication started
Please enter your password:


But the following query doesn't show any result and throws error.

# ldapsearch -d8 -H ldaps://ldap-company.com -D dc=ldap-company,dc=com uid=asimananda -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

Does this mean that I have still some configuration to do?

Please comment.


On Mon, Sep 21, 2009 at 10:54 AM, Dieter Kluenter <dieter@dkluenter.de> wrote:
Asimananda Mohanty <asimananda.mohanty@gmail.com> writes:

> Hi Dieter,
> Thanks for the reply.
> My Apache is built with openldap lib only.
> I am able to connect to ubuntu host my my solaris client on ports 389 and 636.
> Then I guess, apache is not able to verify the certificates presented. In that case, please let me know how do I debug
> slapd to watch apache connection.

As I mentioned many times, this topip is neither OpenLDAP nor Ubuntu
related, it is just a question of how to properly set up Apache on Sun
Solaris 10.
Did you configure mod_auth_ldap and mod_ldap to use TLS?
There are two sources of information, Sun Bigadmin and Apache
documentation. Lot of documentation is referring to *.der or cert7.db
files, note that OpenLDAP only handles *.pem files. For mor
information on this topic read openssl documentation.



Dieter Klünter | Systemberatung