![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
將您的指引從 mod_ibm_ldap 轉換成 mod_ldap
將使用 mod_ibm_ldap 模組的指引,轉換成使用 mod_ldap Apache 模組的指引,以確保 IBM® HTTP Server 能夠繼續支援您的 LDAP 配置。
開始之前
請完成下列步驟來轉換您的指引。
程序
mod_ldap SSL 配置
下列配置指引顯示啟用 SSL 的 LDAP 配置範例。有些指引會指定預設值,而且通常不需要指定,但會保留下來,以提供環境定義。那些指引包含在範例中,但沒有以 '##" 符號註銷。
##LDAPReferrals On
##LDAPReferralHopLimit 5
LDAPTrustedGlobalCert CMS_KEYFILE /full/path/to/ldap_client.kdb clientkdbPassword
#default cert in this kdb is my_cert1
# Alternatively, you can specify a SAF-based keyring, on systems that support it, as follows:
#LDAPTrustedGlobalCert SAF saf_keyring
<VirtualHost *>
ServerAdmin admin@my.address.com
DocumentRoot /path/to/htdocs
# Ignored because LDAP URLs use ldaps:, where needed
##LDAPTrustedMode SSL
<Directory /minimal_ldap_config>
AuthBasicProvider ldap
AuthLDAPURL ldap://our_ldap.server.org/o=OurOrg,c=US
AuthName "Private root access"
require valid-user
</Directory>
<Directory /path/to/htdocs>
##AuthzLDAPAuthoritative on
AuthBasicProvider ldap
# This LDAPTrustedClientCert is required to use a different certificate
# than the default
LDAPTrustedClientCert CMS_LABEL my_cert2
AuthLDAPURL ldaps://our_ldap.server.org:636/o=OurOrg,c=US?cn?sub? (objectclass=person)
AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US"
AuthLDAPBindPassword mypassword
AuthName "Private root access"
require ldap-group cn=OurDepartment,o=OurOrg,c=us
</Directory>
<Directory "/path/to/htdocs/employee_of_the_month">
##AuthzLDAPAuthoritative on
AuthBasicProvider ldap
#Uses default cert (my_cert1)
##LDAPTrustedClientCert CMS_LABEL my_cert1
AuthLDAPURL ldaps://our_ldap.server.org:636/o=OurOrg,c=US?cn?sub?(objectclass=person)
AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US"
AuthLDAPBindPassword mypassword
AuthName "Employee of the month login"
require ldap-attribute description="Employee of the Month."
</Directory>
<Directory "/path/to/htdocs/development_groups">
#These are the default values for the subgroup-related directives and only need to be
#specified when the LDAP structure differs.
##AuthzLDAPAuthoritative on
AuthBasicProvider ldap
# This LDAPTrustedClientCert is required to use a different certificate
# than the default LDAPTrustedClientCert CMS_LABEL my_cert3
AuthLDAPURL ldaps://groups_ldap.server.org:636/o=OurOrg,c=US?cn?sub?
(|(objectclass=groupofnames)(object class=groupo1 funiquenames))
AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US"
AuthLDAPBindPassword mypassword
AuthName "Developer Access"
AuthLDAPGroupAttribute member
AuthLDAPMaxSubGroupDepth 2
AuthLDAPSubGroupClass groupOfUniqueNames
##AuthLDAPSubGroupClass groupOfNames
##AuthLDAPSubGroupAttribute uniqueMember
##AuthLDAPSubGroupAttribute member
require ldap-group cn=Developers_group,o=OurOrg,c=us
</Directory>
</VirtualHost>
LDAPTrustedMode None