HP OSMS Blueprint: Directory Services on HP ProLiant Servers with SLES10
Figure 6 Log In Prompt
If the log in fails, the following message is displayed: Authorization Required
If the log in succeeds, the following message is displayed: The LDAP support worked!
Testing the Secure SSL-Enabled LDAP Connections
For this example, assume you need to restrict access to the directory
/srv/www/htdocs/ldapssltest and grant access to the directory for the user tomy with
the password tom.
1. Create an HTML file named /srv/www/htdocs/ldapssltest/index.html with the
following content:
<HTML>
<HEAD>
</HEAD>
<BODY DIR="LTR">
<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><FONT FACE="Times New Roman,serif">
<FONT SIZE=6>
The LDAP SSL support worked!</FONT></FONT></P>
</BODY>
</HTML>
2. Copy the Certificate Authority file from the CDS server to the /etc/apache2 directory
and name it cacert.pem. See“Setting up Security for the CDS Server ” (page 22) for more
details about the secure CDS server configuration and Certificate Authority file generation.
3. Add the following contents to the file /etc/apache2/default-server.conf:
LDAPTrustedGlobalCert CA_BASE64 /etc/apache2/cacert.pem
<Directory "/srv/www/htdocs/ldapssltest">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthType Basic
AuthName ldaptest
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldaps://<LDAP_SERVER_IP_ADDRESS>/dc=osm,dc=example,dc=com?uid??( objectclass=*)
require valid-user
AuthLDAPBindDN cn=Manager,dc=example,dc=com
AuthLDAPBindPassword secret
</Directory>
4. Restart the Apache HTTP server by entering the following command:
# /etc/init.d/apache2 restart
Integrating the Apache HTTP Server with the mod_authnz_ldap and mod_ldap Modules 21