Convert directives that use the mod_ibm_ldap module to use the mod_ldap Apache module to ensure continued IBM® HTTP Server support for your LDAP configuration.
Complete these steps to convert your directives.
The following configuration directives show a sample SSL-enabled LDAP configuration. Some of the directives specify default values and would not typically need to be specified, but are retained to provide context. Those directives are included, but are commented out with '##" symbols.
##LDAPReferrals On ##LDAPReferralHopLimit 5 LDAPTrustedGlobalCert CMS_KEYFILE /full/path/to/ldap_client.kdb clientkdbPassword #default cert in this kdb is my_cert1 # Alternatively, you can specify a SAF-based keyring, on systems that support it, as follows: #LDAPTrustedGlobalCert SAF saf_keyring <VirtualHost *> ServerAdmin admin@my.address.com DocumentRoot /path/to/htdocs # Ignored because LDAP URLs use ldaps:, where needed ##LDAPTrustedMode SSL <Directory /minimal_ldap_config> AuthBasicProvider ldap AuthLDAPURL ldap://our_ldap.server.org/o=OurOrg,c=US AuthName "Private root access" require valid-user </Directory> <Directory /path/to/htdocs> ##AuthzLDAPAuthoritative on AuthBasicProvider ldap # This LDAPTrustedClientCert is required to use a different certificate # than the default LDAPTrustedClientCert CMS_LABEL my_cert2 AuthLDAPURL ldaps://our_ldap.server.org:636/o=OurOrg,c=US?cn?sub? (objectclass=person) AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US" AuthLDAPBindPassword mypassword AuthName "Private root access" require ldap-group cn=OurDepartment,o=OurOrg,c=us </Directory> <Directory "/path/to/htdocs/employee_of_the_month"> ##AuthzLDAPAuthoritative on AuthBasicProvider ldap #Uses default cert (my_cert1) ##LDAPTrustedClientCert CMS_LABEL my_cert1 AuthLDAPURL ldaps://our_ldap.server.org:636/o=OurOrg,c=US?cn?sub?(objectclass=person) AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US" AuthLDAPBindPassword mypassword AuthName "Employee of the month login" require ldap-attribute description="Employee of the Month." </Directory> <Directory "/path/to/htdocs/development_groups"> #These are the default values for the subgroup-related directives and only need to be #specified when the LDAP structure differs. ##AuthzLDAPAuthoritative on AuthBasicProvider ldap # This LDAPTrustedClientCert is required to use a different certificate # than the default LDAPTrustedClientCert CMS_LABEL my_cert3 AuthLDAPURL ldaps://groups_ldap.server.org:636/o=OurOrg,c=US?cn?sub? (|(objectclass=groupofnames)(object class=groupo1 funiquenames)) AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US" AuthLDAPBindPassword mypassword AuthName "Developer Access" AuthLDAPGroupAttribute member AuthLDAPMaxSubGroupDepth 2 AuthLDAPSubGroupClass groupOfUniqueNames ##AuthLDAPSubGroupClass groupOfNames ##AuthLDAPSubGroupAttribute uniqueMember ##AuthLDAPSubGroupAttribute member require ldap-group cn=Developers_group,o=OurOrg,c=us </Directory> </VirtualHost> LDAPTrustedMode None