<acronymtitle="LemonLDAP::NG">LL::NG</acronym> uses <ahref="http://httpd.apache.org/docs/current/mod/mod_ssl.html"class="urlextern"title="http://httpd.apache.org/docs/current/mod/mod_ssl.html"rel="nofollow">Apache SSL module</a>, like any other <ahref="../../documentation/2.0/authapache.html"class="wikilink1"title="documentation:2.0:authapache">Apache authentication module</a>, with extra features:
<h3><aname="enable_ssl_in_apache"id="enable_ssl_in_apache">Enable SSL in Apache</a></h3>
<divclass="level3">
<p>
You have to install mod_ssl for Apache.
</p>
<p>
For CentOS/RHEL:
</p>
<preclass="code shell">yum install mod_ssl</pre>
<p>
In Debian/Ubuntu mod_ssl is already shipped in <code>apache2.2-common</code> package.
</p>
<p>
<p><divclass="notetip">For CentOS/RHEL, We advice to disable the default <acronymtitle="Secure Sockets Layer">SSL</acronym> virtual host configured in /etc/httpd/conf.d/ssl.conf.
</div></p>
</p>
</div>
<!-- SECTION "Enable SSL in Apache" [422-758] -->
<h3><aname="apache_ssl_global_configuration"id="apache_ssl_global_configuration">Apache SSL global configuration</a></h3>
<divclass="level3">
<p>
You can then use this default <acronymtitle="Secure Sockets Layer">SSL</acronym> configuration, for example in the head of /etc/lemonldap-ng/portal-apache2.conf:
All <acronymtitle="Secure Sockets Layer">SSL</acronym> options are documented in <ahref="http://httpd.apache.org/docs/current/mod/mod_ssl.html"class="urlextern"title="http://httpd.apache.org/docs/current/mod/mod_ssl.html"rel="nofollow">Apache mod_ssl page</a>.
</p>
<p>
Here are the main options used by <acronymtitle="LemonLDAP::NG">LL::NG</acronym>:
<liclass="level1"><divclass="li"><strong>SSLVerifyClient</strong>: set to <code>optional</code> to allow user with a bad certificate to access to <acronymtitle="LemonLDAP::NG">LL::NG</acronym> portal page. To switch to another authentication backend, use the <ahref="../../documentation/2.0/authmulti.html"class="wikilink1"title="documentation:2.0:authmulti">Multi</a> module, for example: <code>Multi <acronymtitle="Secure Sockets Layer">SSL</acronym>;<acronymtitle="Lightweight Directory Access Protocol">LDAP</acronym></code></div>
<liclass="level1"><divclass="li"><strong>SSLOptions</strong>: set to <code>+StdEnvVars</code> to get certificate fields in environment variables</div>
</li>
<liclass="level1"><divclass="li"><strong>SSLUserName</strong> (optional): certificate field that will be used to identify user in <acronymtitle="LemonLDAP::NG">LL::NG</acronym> portal virtual host</div>
<h3><aname="configuration_of_lemonldapng"id="configuration_of_lemonldapng">Configuration of LemonLDAP::NG</a></h3>
<divclass="level3">
<p>
In Manager, go in <code>General Parameters</code>><code>Authentication modules</code> and choose <acronymtitle="Secure Sockets Layer">SSL</acronym> for authentication.
</p>
<p>
<p><divclass="notetip">You can then choose any other module for users and password.
</div></p>
</p>
<p>
Then, go in <code><acronymtitle="Secure Sockets Layer">SSL</acronym> parameters</code>:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Authentication level</strong>: authentication level for this module</div>
</li>
<liclass="level1"><divclass="li"><strong>Extracted certificate field</strong>: field of the certificate affected to $user internal variable</div>