HP OSMS Blueprint: Directory Services on HP ProLiant and HP Integrity Servers with RHEL5
Table Of Contents
- HP Open Source Middleware Stacks Blueprint:
- Table of Contents
- Introduction
- Typographic Conventions
- HP Encourages Your Comments
- Overview of HP Directory Services OSMS
- Installing and Configuring Symas CDS and Apache Modules
- Managing the Symas CDS Server
- Performing Backups and Recovery with Berkeley DB
- Configuring the Master-Slave Replication
- Integrating the Apache HTTP Server with the mod_authnz_ldap and mod_ldap Modules
- Setting up Security for the CDS Server
- Monitoring OpenLDAP with the HP OpenView Operations CDS Gallery SPIs
Figure 6 Log In Prompt
If the log in fails, the following message is displayed: Authorization Required
If the log in succeeds, the following message is displayed: The LDAP support worked!
Testing the Secure SSL-Enabled LDAP Connections
For this example, assume you need to restrict access to the directory
/var/www/html/ldapssltest and grant access to the directory for the user tomy with the
password tom.
1. Create an HTML file named /var/www/html/ldapssltest/index.html with the
following content:
<HTML>
<HEAD>
</HEAD>
<BODY DIR="LTR">
<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><FONT FACE="Times New Roman,serif">
<FONT SIZE=6>
The LDAP SSL support worked!</FONT></FONT></P>
</BODY>
</HTML>
2. Copy the Certificate Authority file from the CDS server to the /etc/httpd directory and
name it cacert.pem. See“Setting up Security for the CDS Server ” (page 22) for more
details about the secure CDS server configuration and Certificate Authority file generation.
3. Add the following contents to the file /etc/httpd/conf/httpd.conf:
LDAPTrustedGlobalCert CA_BASE64 /etc/httpd/cacert.pem
<Directory "/var/www/html/ldapssltest">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthType Basic
AuthName ldaptest
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldaps://<LDAP_SERVER_IP_ADDRESS>/dc=osm,dc=example,dc=com?uid??( objectclass=*)
require valid-user
AuthLDAPBindDN cn=Manager,dc=example,dc=com
AuthLDAPBindPassword secret
</Directory>
4. Restart the Apache HTTP server by entering the following command:
# /etc/init.d/httpd restart
Integrating the Apache HTTP Server with the mod_authnz_ldap and mod_ldap Modules 21