5.6.06

 

Apache 2.2.2 and Novell NDS

I had some trouble with the Sun Solaris included LDAP SDK accessing a Novell NDS for Authentication/Authorization...

Anyway, I wanted to use Secure LDAP, and there's no way to get arround the Novell CLDAP SDK.

Here's the way to compile apache on a T2000. Take a look at all those with-ldap-something paramaters. Took a long time to figure these out. Documentation sucks...

./configure --prefix=/u00/appl/apache2 \
--enable-mods-shared=all \
--enable-ssl \
--enable-authnz-ldap \
--with-ssl=/usr/sfw \
--with-ldap \
--with-ldap-dir=/u00/appl/novell-cldap \
--enable-ldap \
--with-ldap-lib=/u00/appl/novell-cldap/lib \
--with-ldap-include=/u00/appl/novell-cldap/include \
--libdir=/usr/local/lib \
--with-apr=/u00/appl/apache2/apr-httpd \
--with-apr-util=/u00/appl/apache2/apr-util-httpd

It seems there is a bug in Apache's MPM-Worker implementation as my cgi's won't run when using that options. As I don't have that much traffic I don't use it.

What I don't like is, that by default you can't make a "make install" without being root. Apache want's to install the apr stuff into /usr/local/. Therefore you shoud first set the apr prefix to your directory of choice (mine is under apache2).

Here is the httpd.conf

LDAPTrustedGlobalCert CA_BASE64 /u00/appl/apache2/conf/rootca.pem
LDAPVerifyServerCert On
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOPCacheTTL 600
LDAPSharedCacheFile /u00/appl/apache2/logs/ldap_cache

Alias /location /u00/appl/somewhere


AuthType Basic
AuthName "host.domain"
AuthBasicProvider ldap
AuthLDAPURL ldaps://ldap1.domain/o=Organisation?uid
require ldap-attribute ou=OrganisationUnit
Options Indexes
IndexOptions FancyIndexing
IndexStyleSheet "/css/font.css"
Order allow,deny
Allow from all


The certificate is in pem/b64 format.

Good luck!

Technorati Tags: Apache LDAP

Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?