To define by user:
Launch the IBM Administration Server. Go to Access Permissions > General Access
and insert the LdapConfigFile (C:/Program Files/IBM HTTP Server/conf/ldap.prop) in the
LDAP: Configuration File field. This is a required file.
Enter the authentication realm name for the directory in the Authentication Realm Name field.
To define by group:
LDAPRequire group "group_name"
Example: LDAPRequire group "Administrative Users"
To define by filter:
LDAPRequire filter "ldap_search_filter"
Example: LDAPRequire filter "(&(objectclass=person)(cn=*)(ou=IHS)(o=IBM))"
Note: LDAPRequire only works if it is manually inserted into httpd.conf.
In order to use mod_ibm_ssl and mod_IBM_ldap when configuring
LDAP to use SSL for communicating with the LDAP server, both mod_IBM_ssl
and mod_IBM_ldap must use the same keyring file. If you allow
SSL connections to the Web server and are also using SSL as the transport
between the Web server and the LDAP server, the keyring files (which are
used for both modules) can merge into one keyring file. The configuration
of each module can specify a different default certificate.
When using SSL between the LDAP module and the LDAP Directory Server,
the key database file must have write permission. The key database file
contains the certificates which establish identity, and in a secure
environment, the LDAP server may require the Web server to provide a
certificate to query the LDAP server for authentication information.
The key database file must be writable by the UNIX user ID on which the Web
server is running. For example, if the Web server is running as UNIX
ID "user ID", then the key database file should be owned by user "user ID" and
must have write permission.
Certificates establish identity, so it is important to prevent your
certificates from being stolen or overwritten by other certificates.
If someone has read permission to the key database file, they can
retrieve the user's certificates and masquerade as that user. Read or write permission
should only be granted to the owner of the key database file.
The LDAP module requires the password to the user's key database, even
if a stash file exists. The user must use the ldapstash command
to create an LDAP stash file containing the key database file password.
To create an LDAP connection, provide information about the LDAP server being used.
Edit your ldap properties file (sample ldap.prop found in the HTTP Server conf directory)
and insert the applicable directives.
- Enter the Web server connection information.
- Enter client connection information.
- Enter timeout settings.
- Netscape Directory Server
- IBM SecureWay Directory Server
(Back to Top)