[users@httpd] SSL Accelerator and LDAP Auth Question

Sat, 17 Apr 2010 08:00:33 -0700 


Hello,
I am trying to configure Apache 2.2 to allow act as an SSL accelerator with 
LDAP authentication and I'm having two issues.  
My first issue is I cannot get Apache to work as an SSL accelerator.  My 
current configuration:
NameVirtualHost site.system.com:443
<VirtualHost site.system.com:443>
    DocumentRoot "/mnt/data/remote"    ServerName site.system.com 
    SSLEngine On    SSLCertificateFile /etc/key/cert.crt    
SSLCertificateKeyFile /etc/key/cert.key        ProxyPass           /app1/       
http://srv1.system.com/app1/    ProxyPassReverse    /app1/       
http://srv1.system.com/app1/    ProxyHTMLURLMap     http://srv1.system.com/app1 
/app1</VirtualHost>
The above configuration works perfectly when it it is configured as a non-ssl 
site, and the reverse proxy works exactly as expected.  When SSL is enabled as 
it is above, the links within pages for app1 are not re-written to be https:// 
and therefore it does not work.  I have tried fiddling with the ProxyHTMLURLMap 
to no avail.  Can anyone suggest where I am going wrong?
My second question is with AuthLdap, and I think is a simple one.  I'd like to 
secure my SSL accelerator using LDAP against Active Directory.  This works as 
expected, but I was wondering if there was a way to specify authentication for 
the entire virtual host rather that repeating the same configuration in the 
directory and location blocks. Below is what hopefully  my final configuration 
would look like once I figure out the SSL accelerator with reverse proxy issue 
above
NameVirtualHost site.system.com:443
<VirtualHost site.system.com:443>    DocumentRoot "/opt/site"    ServerName 
site.system.com
    SSLEngine On    SSLCertificateKeyFile /etc/key/file.key    
SSLCertificateChainFile /etc/key/file.crt
    ErrorLog /var/log/apache2/remote/error.log    CustomLog 
/var/log/apache2/remote/access.log common
    Options -Indexes
    <Directory /*>            AuthBasicProvider ldap            AuthType Basic  
          AuthzLDAPAuthoritative off            AuthName "site.system.com"      
      AuthLDAPURL 
"ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)"
 NONE            AuthLDAPBindDN "u...@system.com"            
AuthLDAPBindPassword password            require ldap-group DC=site,DC=com    
</Directory>
    #RewriteRule ^/app1$ app1/ [R]    <Location /app1/>        ProxyPass 
http://srv1/app1/        ProxyPassReverse http://srv1/app1/        
#ProxyHTMLEnable On        ProxyHTMLURLMap http://srv1/app1 /app1    </Location>
    #RewriteRule ^/app2$ app2/ [R]    <Location /app2>            
AuthBasicProvider ldap            AuthType Basic            
AuthzLDAPAuthoritative off            AuthName "site.system.com"            
AuthLDAPURL 
"ldap://site.system.com:3268/dc=system,dc=com?sAMAccountName?sub?(objectClass=*)"
 NONE            AuthLDAPBindDN "u...@system.com"            
AuthLDAPBindPassword password            require ldap-group DC=site,DC=com
        ProxyPass http://srv2/app2/        ProxyPassReverse http://srv2/app2/   
     #ProxyHTMLURLMap http://srv2/app2/ /app2/        #ProxyHTMLURLMap 
http://srv2/app2 /app2    </Location>

</VirtualHost>
Any suggestions are appreciated.
Simon                                     
_________________________________________________________________
Got a phone? Get Hotmail & Messenger for mobile!
http://go.microsoft.com/?linkid=9724464

Reply via email to