![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
mod_ibm_ldap에서 mod_ldap로 지시문 변환
LDAP 구성을 위한 지속적인 IBM® HTTP Server 지원을 보장하려면 mod_ibm_ldap 모듈을 사용하는 지시문을 mod_ldap Apache 모듈을 사용하도록 변환하십시오.
시작하기 전에
다음 단계를 완료하여 지시문을 변환하십시오.
프로시저
mod_ldap SSL 구성
다음 구성 지시문은 샘플 SSL 사용 LDAP 구성을 보여줍니다. 일부 지시문은 기본값을 지정하며 일반적으로는 지정될 필요가 없지만, 컨텍스트를 제공하기 위해 보유됩니다. 해당 지시문은 포함되지만 '##" 기호로 주석 처리됩니다.
##LDAPReferrals On
##LDAPReferralHopLimit 5
LDAPTrustedGlobalCert CMS_KEYFILE /full/path/to/ldap_client.kdb clientkdbPassword
#default cert in this kdb is my_cert1
# Alternatively, you can specify a SAF-based keyring, on systems that support it, as follows:
#LDAPTrustedGlobalCert SAF saf_keyring
<VirtualHost *>
ServerAdmin admin@my.address.com
DocumentRoot /path/to/htdocs
# Ignored because LDAP URLs use ldaps:, where needed
##LDAPTrustedMode SSL
<Directory /minimal_ldap_config>
AuthBasicProvider ldap
AuthLDAPURL ldap://our_ldap.server.org/o=OurOrg,c=US
AuthName "Private root access"
require valid-user
</Directory>
<Directory /path/to/htdocs>
##AuthzLDAPAuthoritative on
AuthBasicProvider ldap
# This LDAPTrustedClientCert is required to use a different certificate
# than the default
LDAPTrustedClientCert CMS_LABEL my_cert2
AuthLDAPURL ldaps://our_ldap.server.org:636/o=OurOrg,c=US?cn?sub? (objectclass=person)
AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US"
AuthLDAPBindPassword mypassword AuthName "Private root access"
require ldap-group cn=OurDepartment,o=OurOrg,c=us
</Directory>
<Directory "/path/to/htdocs/employee_of_the_month">
##AuthzLDAPAuthoritative on
AuthBasicProvider ldap
#Uses default cert (my_cert1)
##LDAPTrustedClientCert CMS_LABEL my_cert1
AuthLDAPURL ldaps://our_ldap.server.org:636/o=OurOrg,c=US?cn?sub?(objectclass=person)
AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US"
AuthLDAPBindPassword mypassword AuthName "Employee of the month login"
require ldap-attribute description="Employee of the Month."
</Directory>
<Directory "/path/to/htdocs/development_groups">
#These are the default values for the subgroup-related directives and only need to be
#specified when the LDAP structure differs.
##AuthzLDAPAuthoritative on
AuthBasicProvider ldap
# This LDAPTrustedClientCert is required to use a different certificate
# than the default LDAPTrustedClientCert CMS_LABEL my_cert3
AuthLDAPURL ldaps://groups_ldap.server.org:636/o=OurOrg,c=US?cn?sub?
(|(objectclass=groupofnames)(object class=groupo1 funiquenames))
AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US"
AuthLDAPBindPassword mypassword AuthName "Developer Access"
AuthLDAPGroupAttribute member
AuthLDAPMaxSubGroupDepth 2
AuthLDAPSubGroupClass groupOfUniqueNames ##AuthLDAPSubGroupClass groupOfNames
##AuthLDAPSubGroupAttribute uniqueMember
##AuthLDAPSubGroupAttribute member
require ldap-group cn=Developers_group,o=OurOrg,c=us
</Directory>
</VirtualHost>
LDAPTrustedMode None