[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAP, Apache and RADIUS/TACACS+



I'm not planning to go private with this one myself. So far I've set up a
test ldap database with the following data being fairly typical:

dn: dc=rnib, dc=org, dc=uk
dc: rnib
o: rnib
objectclass: organization
 
dn: cn=hairya,dc=rnib,dc=org,dc=uk
cn: hairya
sn: aireya
userPassword: hairya
objectclass:top
objectclass:person

I'm using this in the slapd.conf file:

suffix  "dc=rnib, dc=org, dc=uk"
suffix  "o=rnib, c=GB"
rootdn  "cn=Manager, dc=rnib, dc=org, dc=uk"
rootdn  "cn=Manager, o=rnib, c=GB"

I have started with this in Apache:

 AuthType Basic
 AuthName ldap
 AuthLDAPURL ldap://priory.rnib.org.uk/ou=People, o=rnib?cn
 require valid-user

(Priory is the name of my test machine. Apache is running on the same
machine, but this will not be the case for the production system).

Although I can add to the database (something that has taken several months
for me to get working, although I've been working more off than on with
regards to this) the above isn't working.

Basically, do I need to specify "userPassword" in the ldif format file, and
what kind of encryption does auth_ldap support? ie, should I prefix with
{crypt}, {sha} , {md5} accordingly? I have looked in the documentation for
auth_ldap, but it is scant.

I'm currently using openldap-1.2.9-6 on RedHat 6.2, Apache-mod_ssl
1.3.20-2.8.4, Openssl 0.9.6 and auth_ldap-1.4.0-3. These are installed with
RPMs.

Once I get this working I'll be looking at tacacs+ or radius.

John


> -----Original Message-----
> From: Todd Lyons [mailto:todd@mrball.net]
> Sent: 22 June 2001 16:17
> To: openldap-software@OpenLDAP.org
> Subject: Re: LDAP, Apache and RADIUS/TACACS+
> 
> 
> #begin  Dipl.-Inf. Guus Leeuw jr. quotation:
> >>  Has anyone managed to set up an LDAP database that can be 
> queried via
> >>  Apache's mod_auth_ldap program?
> >Yes :) I did so just recently, actually.
> >Shoot some questions, and I'll be happy to provide answers 
> if I know them.
> 
> Hey guys, if you go private with these questions/answers, can 
> you cc me
> as well?  I have an interest in knowing this too.  (Of course I prefer
> that all questions and answers get posted to this forum since the
> archived messages will then be globally searchable, but who am I :)
> -- 
> Blue skies...		Todd
> | Get a bigger hammer!   |  Are you feeling lucky...punk?         |
> | http://www.mrball.net  |  I've had better days...               |
> | http://faq.mrball.net  |  It's the end of the world as we know i|
>