« How to import subversion into Google Code hosting | Main | Card reader on nc6120 »

Apache auth_ldap and SSL

Update: Forget following post. It seems that openssl hangs when used like this (why?) and that much simplier solution is to just add:



AuthLDAPStartTLS on


So, you tried to change your AuthLDAPURL ldap://ldap.example.com to ldaps://ldap.example.com and got following message:



.htaccess: Secure LDAP (ldaps://) not supported. Rebuild auth_ldap

However, you don't want to rebuild auth_ldap today, so...

  1. create wrapper script like this: /usr/local/sbin/ldaps-tunnel

    
#!/bin/sh
    
exec /usr/bin/openssl s_client -connect ldap.example.com:636 -quiet 2>/dev/null


  2. edit your /etc/inetd.conf to include:

    
ldap   stream   tcp   nowait.9999   nobody   /usr/sbin/tcpd /usr/local/sbin/ldaps-tunnel


  3. protect that only localhost can connect without ssl by adding following restriction to /etc/hosts.allow:

    
ldaps-tunnel: LOCAL



Tags:

Posted by Dobrica Pavlinušić on September 15, 2006 3:25 PM |

TrackBack

TrackBack URL for this entry:
http://blog.rot13.org/mt/mt-tb.cgi/531

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on September 15, 2006 3:25 PM.

The previous post in this blog was How to import subversion into Google Code hosting.

The next post in this blog is Card reader on nc6120.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 4.1