problems after upgrade with apache2 and ldap authentication
Jan Holzhüter
jh at opencsw.org
Fri Feb 13 07:53:35 CET 2015
Hi,
Am 12.02.15 um 23:09 schrieb Tom Lynch:
>> Put this:
>>
>>
>> TLS_CACERT /var/ldap/cacert.pem
>>
>> in
>> /etc/opt/csw/openldap/ldap.conf
>>
>> hope this helps.
> Jan,
>
> This didn’t appear to help. Do you mean I need to put this in the ldap.conf file on my ldap server?
no on your client Server/Apache. You need to create a Pam with the CA of
you ldap Server. As ldap/ ldap libs don't have a Cert Store to check if
the certs you use on your Ldap Server are valid.
>
> I searched the source code for "LDAP: SSL support unavailable…” that I get in my log file. That error appears to be in apr-util apr_ldap_option.c in a section that deals with the Netscape/Mozilla/Solaris SDK. But how does it get to that section when APR LDAP was built with OpenLDAP LDAP SDK?
Well Openldap is in that section. Too. It tries to find the CA Certs.
And can't find any. Thats what the error does say.
Greetings
Jan
More information about the users
mailing list