DougR
What are you using for your LDAP server services?
gangaarutla
we are using for user authentication purpose.
DougR
Let me be more specific: what software are you using for your LDAP server? Active Directory? OpenLDAP? Other? Cheers.
gangaarutla
Hello DougR, thanks for reply. actually we have enabled HTTPs on subversion and enabled general LDAP configuration for users authentication. but for SSL. we can use LDAPs to be configured. so, we are looking into this to setup LDAPs for authentication purpose. Thanks,
DougR
LDAP for AuthN, got it. Still, my question stands: what software is providing your LDAP service? If, for example, it is Active Directory then it is already a given that it can support LDAP/S since AD requires certificates for its servers. OpenLDAP, on the other hand, could be run without a certificate and provide LDAP AuthN but could not provide LDAP/S AuthN until it was configured properly with a certificate. On the Subversion side, can I assume you're using Apache? Or? In general, converting over to use LDAP/S means that Apache (as a client of the LDAP service) needs to trust your LDAP server. Establishing that trust is normally the "hard part" and critically depends on the type and issuer of the certificate that the LDAP server/service is using. In addition to the above, do you know if your LDAP service is already configured to provide LDAP/S or not? If it is, do you know who issued its certificate?
gangaarutla
Thank you for your reply DougR. Yes we have setup LDAP for subversion and it is working fine for user authentication. but now we need to enable LDAPs for the same. and as you said we have placed LDAP certificate into \data\conf folder. but, here question is where we need to configure this cert location in httpd conf file. NOTE: this certificate was issued by our authorized CA,
DougR
Running Apache on Windows is problematic: manditory vs. advisory file locking will eventually burn you. That said, I am not familiar with configuring Apache on Windows.
gangaarutla
ok sure. Thank you for your response DougR.