Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Apache 2.2 LDAPS Authentication

Avatar of emgdave
emgdave asked on
DatabasesApache Web Server
4 Comments1 Solution706 ViewsLast Modified:
Server Details
Windows server 2003 hosting
       Apache 2.2 .10
Client certificate installed using certificate services server.
I exported the certificate and copied to c:\ldap\ldap.cer
I reference the certificate in the httpd.conf file below.


Objective for Intranet site
Authenticate clients upon arrival of protected web pages.
Authentication must be given to only members of a particular group, the  Web group.
Authentication Method: authnz_ldap_module for Apache.
Use SSL to encrypt the authentication session. Via mod_ldap.so
I have used LDAP.exe and did create a connection to the LDAP server using the LDAP.exe tool.

#LDAPTrustedClientCert c:\ldap\ldap.cer
<Directory D:\web\intranet\Information-Services\Staff>

AuthType Basic
AuthName "Web"
AuthBasicProvider ldap
AuthLDAPBindDN Web@mc.ad.ll.org
AuthLDAPBindPassword password*1

AuthLDAPURL "ldap://ActiveDirectory:389/DC=mc,DC=ad,DC=ll,DC=org?sAMAccountName?sub?(objectClass=*)"
AuthLDAPURL ldaps://ActiveDirectory:636 /DC=mc,DC=ad,DC=ll,DC=org?sAMAccountName?sub?(objectClass=*)"

require ldap-attribute objectClass=user
#when I use the above directive I can authenticate to the ldap server, however other users can authenticate that should not be able to see the content.
#Require ldap-group cn=Web, ou=Web Groups, ou=Global Security Groups, dc=mc, dc=ad, dc=ll, dc=org
#When I use the directive above I cannot authenticate at all. This is the error I receive
Thu May 07 10:33:29 2009] [error] [client 192.168.0.70] File does not exist:

</Directory>


LDAP server: Windows server 2003 SP2 Active Directory

Thanks for your help.

ASKER CERTIFIED SOLUTION
Avatar of giltjr
Commented:
This problem has been solved!
Unlock 1 Answer and 4 Comments.
See Answers