Apache with SSL encryption and LDAP/Radius authentication Howto
----------------------------------------------------------------------

04/17/00 frank.migge@amd.com
06/28/01 frank.migge@oracle.com
01/02/02 frank.migge@oracle.com

Apache's destination here is /opt/apache

1. get the all the required following packages:

apache_1.3.22.tar		(www.apache.org)
mm-1.1.3.tar			(www.engelschall.com/sw/mm)
mod_ssl-2.8.5-1.3.22.tar	(www.modssl.org)
openssl-0.9.6a.tar		(www.openssl.org)
mod_auth_ldap-0.5.1.tar		(www.nona.net)
mod_auth_radius.c		(www.freeradius.org/mod_auth_radius)
openldap-2.0.18.tar		(www.openldap.org)

2. './configure' and 'make' the external required packages in right order:

/tmp/mm-1.1.3: ./configure --prefix=/opt/mm-1.1.3 --disable-shared; make
/tmp/openssl-0.9.6a: ./config -fPIC --prefix=/opt/openssl-0.9.6a; make
/tmp/openldap-2.0.18: ./configure --prefix=/opt/openldap-2.0.18 \
                                  --disable-slapd --disable-slurpd \
                                  --disable-ldbm; make depend; make

3. put the modules in place and configure them:

cd /tmp/apache_1.3.22/src/modules; tar xvf mod_auth_ldap-0.5.1.tar
cd /tmp/apache_1.3.22/src/modules; tar xvf mod_auth_radius.tar
cd mod_auth_ldap; ./configure --prefix=/opt/apache

cd /tmp/mod_ssl-2.8.5-1.3.22
./configure --with-apache=../apache_1.3.22

4. configure and make the apache

setenv SSL_BASE ../openssl-0.9.6a
setenv EAPI_MM ../mm-1.1.3
setenv LIBS -L/tmp/openldap-2.0.18/libraries
setenv INCLUDES -I/tmp/openldap-2.0.18/include

cd /tmp/apache_1.3.22
./configure --enable-module=ssl --prefix=/opt/apache \
            --activate-module=src/modules/mod_auth_ldap/mod_auth_ldap.c \
	    --add-module=src/modules/mod_auth_radius.c \
	    --enable-module=most

make
make certificate
make install

5. Set up the apache and start it

cd /opt/apachehtdocs; make ldaptest
cd /opt/apache/conf

httpd.conf for ldap auth:

<Location "/ldaptest">
AuthName "very confidential ldap user group"
AuthType Basic
AuthLDAPHosts "ldapserver f30ws4:389"
AuthLDAPBindDN "cn=root,dc=fab30"
AuthLDAPBindPassword xxxxxxxx
AuthLDAPBaseDN "ou=People,dc=fab30"
AuthLDAPSearchScope onelevel
AuthLDAPUserKey uid
AuthLDAPPassKey userpassword
#AuthLDAPCryptPasswords off
AuthLDAPSchemePrefix on
# AuthLDAPGroupKey People
<Limit GET POST>
require user fmigge ssteidte
</Limit>
</Location>

httpd.conf for radius auth:

# load radius module
LoadModule radius_auth_module   libexec/mod_auth_radius.so
# just AFTER 'AddModule mod_auth.c add the module 'mod_auth_radius.c'
AddModule mod_auth_radius.c
<IfModule mod_auth_radius.c>
# AddRadiusAuth server[:port] <shared-secret> [ timeout ]
AddRadiusAuth localhost:1645 testing123 5

<Location "/radiustest">
AuthType Basic
AuthName "RADIUS authentication for localhost"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
require valid-user
</Location>

/opt/apache/bin/apachectl startssl