problems after upgrade with apache2 and ldap authentication
Tom Lynch
tlynch at primate.wisc.edu
Thu Feb 12 23:09:08 CET 2015
> On Feb 4, 2015, at 8:48 AM, Jan Holzhueter <jh at opencsw.org> wrote:
>
> Hi,
>
> Am 04.02.15 um 15:29 schrieb Tom Lynch:
>>>>
>>>> Unfortunately, I am still having problems with this. Here is what my error_log says:
>>>>
>>>> [Mon Feb 02 17:01:51 2015] [info] APR LDAP: Built with OpenLDAP LDAP SDK
>>>> [Mon Feb 02 17:01:51 2015] [info] LDAP: SSL support unavailable: LDAP: SSL/TLS ldapssl_client_init() function not supported by this Netscape/Mozilla/Solaris SDK. Certificate authority file not set
>>>>
>>>> What exactly is this telling me - that SSL support is unavailable even though the previous line show that the APR is built with openLDAP SDK? Or is it not supported because there is a problem with my trusted certificate file?
>
> you need to provide a PEM for your LDAP Server I guess.
>
> of your CA that is
>
> Put this:
>
>
> TLS_CACERT /var/ldap/cacert.pem
>
> in
> /etc/opt/csw/openldap/ldap.conf
>
> hope this helps.
Jan,
This didn’t appear to help. Do you mean I need to put this in the ldap.conf file on my ldap server?
I searched the source code for "LDAP: SSL support unavailable…” that I get in my log file. That error appears to be in apr-util apr_ldap_option.c in a section that deals with the Netscape/Mozilla/Solaris SDK. But how does it get to that section when APR LDAP was built with OpenLDAP LDAP SDK?
Maybe this is a question for another list…
Thanks for your help.
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2877 bytes
Desc: not available
URL: <http://lists.opencsw.org/pipermail/users/attachments/20150212/b2ada13d/attachment-0001.p7s>
More information about the users
mailing list