LDAP Authentication with Apache - SLES 11sp2

Have fresh install of SLES 11 sp2 (VMWare) and have installed Groupwise 8.0.3 WebAccess (will upgrade to 2012 in couple months). This runs fine - HTTP or HTTPS. Now, what I would really like to do is configure Apache for LDAP authentication against eDirectory running on NetWare 6.5 server. Eventually, we will have SLES 11 sp2 server with eDir and LDAP but for now it is still NetWare. I have reviewed a number of comments found with Google searches, but nothing I have tried appears to work. Rather than sharing with you the error messages and configurations I have tried, what I would like at this point is just a reference to a TID or some documentation that outlines all the necessary steps. So, what we want when all is said and done is 2 level authentication to get into GW WebAccess - first via LDAP and then via Groupwise. Thanks for any tips you might be able to provide.


I forgot to mention that LDAP queries against the NetWare server do work fine when using a LDAP browser (Softerra) - port 389 or 636 - so I don’t think anything has to be done with the NetWare server.

Here is my ldap-login.conf (my name for this) file that I include in my httpd.conf:

<Directory “/srv/www/htdocs/”>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from All
AuthName “Protected”
AuthType Basic
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
#AuthLDAPURL ldaps://
AuthLDAPURL ldap://
Require valid-user

httpd.conf file, by the way, is 100% generic except for the “include” line I added to include the above file. Have tried with both ldap and ldaps options - same result at this point. Now there are no error messages when I restart Apache2 - it appears happy (I did have to run “a2enmod ldap” and “a2enmod authnz_ldap” to eliminate all error messages). Seems pretty straightforward but when I browse to this server I do not get an ldap authentication window - it just goes straight in and loads the index.html file. That server ( is an LDAP server as tested with a standard LDAP browser. This is Apache2 2.2.12 running on SLES 11 sp2.

Any insight or tips would be appreciated. Thanks!

OK - it works now as configured above - it appears I just had to wait a bit or something. Looks like in order to get ldaps to work I would need to export a certificate from the ldap server itself and then reference this certificate with the LDAPTrustedCA directive.