LDAP 구성을 위한 지속적인 IBM® HTTP Server 지원을 보장하려면 mod_ibm_ldap 모듈을 사용하는 지시문을 mod_ldap Apache 모듈을 사용하도록 변환하십시오.
다음 단계를 완료하여 지시문을 변환하십시오.
다음 구성 지시문은 샘플 SSL 사용 LDAP 구성을 보여줍니다. 일부 지시문은 기본값을 지정하며 일반적으로는 지정될 필요가 없지만, 컨텍스트를 제공하기 위해 보유됩니다. 해당 지시문은 포함되지만 '##" 기호로 주석 처리됩니다.
##LDAPReferrals On
##LDAPReferralHopLimit 5
LDAPTrustedGlobalCert CMS_KEYFILE /full/path/to/ldap_client.kdb clientkdbPassword
#default cert in this kdb is my_cert1
# Alternatively, you can specify a SAF-based keyring, on systems that support it, as follows:
#LDAPTrustedGlobalCert SAF saf_keyring
<VirtualHost *>
ServerAdmin admin@my.address.com
DocumentRoot /path/to/htdocs
# Ignored because LDAP URLs use ldaps:, where needed
##LDAPTrustedMode SSL
<Directory /minimal_ldap_config>
AuthBasicProvider ldap
AuthLDAPURL ldap://our_ldap.server.org/o=OurOrg,c=US
AuthName "Private root access"
require valid-user
</Directory>
<Directory /path/to/htdocs>
##AuthzLDAPAuthoritative on
AuthBasicProvider ldap
# This LDAPTrustedClientCert is required to use a different certificate
# than the default
LDAPTrustedClientCert CMS_LABEL my_cert2
AuthLDAPURL ldaps://our_ldap.server.org:636/o=OurOrg,c=US?cn?sub? (objectclass=person)
AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US"
AuthLDAPBindPassword mypassword AuthName "Private root access"
require ldap-group cn=OurDepartment,o=OurOrg,c=us
</Directory>
<Directory "/path/to/htdocs/employee_of_the_month">
##AuthzLDAPAuthoritative on
AuthBasicProvider ldap
#Uses default cert (my_cert1)
##LDAPTrustedClientCert CMS_LABEL my_cert1
AuthLDAPURL ldaps://our_ldap.server.org:636/o=OurOrg,c=US?cn?sub?(objectclass=person)
AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US"
AuthLDAPBindPassword mypassword AuthName "Employee of the month login"
require ldap-attribute description="Employee of the Month."
</Directory>
<Directory "/path/to/htdocs/development_groups">
#These are the default values for the subgroup-related directives and only need to be
#specified when the LDAP structure differs.
##AuthzLDAPAuthoritative on
AuthBasicProvider ldap
# This LDAPTrustedClientCert is required to use a different certificate
# than the default LDAPTrustedClientCert CMS_LABEL my_cert3
AuthLDAPURL ldaps://groups_ldap.server.org:636/o=OurOrg,c=US?cn?sub?
(|(objectclass=groupofnames)(object class=groupo1 funiquenames))
AuthLDAPBindDN "cn=ldapadm,ou=OurDirectory,o=OurCompany,c=US"
AuthLDAPBindPassword mypassword AuthName "Developer Access"
AuthLDAPGroupAttribute member
AuthLDAPMaxSubGroupDepth 2
AuthLDAPSubGroupClass groupOfUniqueNames ##AuthLDAPSubGroupClass groupOfNames
##AuthLDAPSubGroupAttribute uniqueMember
##AuthLDAPSubGroupAttribute member
require ldap-group cn=Developers_group,o=OurOrg,c=us
</Directory>
</VirtualHost>
LDAPTrustedMode None