Hi All,

I'm trying to establish an LDAP over SSL connection to a Windows SBS 2003 server for domain authentication within an Apache server, so that when Browsers connect to the apache pages they have to enter a Domain password/account.

I have the basic LDAP client authentication and binding working, but not over SSL.

I've tested LDAP(ssl) from a PC client to the server and that works ok.

I know from Wireshark traces that the bind is failing, because of a "Unknown CA" error showing in the capture. This should be because the SBS server is self-signed, and the RHLE5 won't have the Root CA listed as an authority anywhere.

So I know I need to add the Root CA to the RHEL5 server somewhere, but I'm not sure where. As this involves Apache and ApacheLDAP modules, where does it go? or is there a more generic place that RHEL5 stores root certs (like Windows does in the registry) ?

After I get that working, then I'll need to add a certifcate to Apache (signed by the SBS Root CA) so that the Browser <> RHEL5 Apache connection can also be done over SSL, securing the whole path. But one problem at a time..

Any help appreciated.

Theres no Samba config implemented for this yet, and I hope I don't have to..

Thanks,

Adrian

well this won't really affect apache itself afaik. you're calling the ldap modules and they they dissapear off into openssl land... http://gagravarr.org/writing/openssl-certs/others.shtml