Re: [users@httpd] Mod_auth_ldap and Novell e-dir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] Mod_auth_ldap and Novell e-dir
From: "William A. Rowe, Jr." <wrowe@xxxxxxxxxxxxx>
Date: Fri, 02 Sep 2005 12:47:21 -0500
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
In-reply-to: <3C05BBBA1B54ED43B1A6827E620EF1CD0148A1E6@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
References: <3C05BBBA1B54ED43B1A6827E620EF1CD0148A1E6@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.6-1.1.fc3 (X11/20050720)

Brad Nicholes offerd some thoughts yesterday that might help;

  I don't think that the work has been done to use the Novell LDAP SDK
  on any other platform other than NetWare.  Mainly because the OpenLDAP
  client SDK works just fine although it is correct that OpenLDAP does
  not support the DER cert format.  But this should not be a problem
  when connecting to an eDir server because the eDir server will support
  B64 as well.  The certificate just needs to be exported from eDir in
  B64 format so that it is compatible with OpenLDAP rather than DER
  format.

Craig L. Ching wrote:

Hi Bill,

Thanks much for your response!  Unfortunately, this is for a customer
and I need to get them up and running ASAP.  With 2.1, would I have
something that is stable enough for a simple CGI application?

Cheers,
Craig
-----Original Message-----
From: William A. Rowe, Jr. [mailto:wrowe@xxxxxxxxxxxxx]Sent: Thursday, September 01, 2005 3:34 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] Mod_auth_ldap and Novell e-dir
Craig - using only autodetection (don't force the .hnw file)- I would suggest you try using the 2.1.8 alpha release whenit's announced in a few days. ldap was quite experimental on2.2, and with ssl and starttls support, doubly so.
Bill

Craig L. Ching wrote:
Hi,
I'm trying to build an apache (2.0.54 on SunOS 7) that will
be able to
interface with Novell e-Directory to authenticate users usingmod_auth_ldap. I have a build that works using the
OpenLDAP libraries
and normal ldap://, but when we try to do the same thing usingldaps://, I get errors that indicate that OpenLDAP doesn't
support the
DER encoding for the certificate.
So I was thinking of using the Novell LDAP SDK, but that doesn'tappear to be straight-forward. Using the following options:
 --with-ldap=ldapsdk \
--with-ldap-include=/export/home/cching/novell/cldap_2005.07.18/includ
e
\
 --with-ldap-lib=/export/home/cching/novell/cldap_2005.07.18/lib \
 --enable-ldap=static \
 --enable-auth-ldap=static \

I get the following compile error:
"util_ldap.c", line 1568: undefined symbol:
LDAP_OPT_X_TLS_CACERTFILE
So, delving into this a bit further, I see a preprocessor macro:

APR_HAS_NOVELL_LDAPSDK
That looks interesting. AFAICT, the only way to turn this on is byusing srclib/apr-util/include/apr_ldap.hnw for apr_ldap.h. Copyingthat over gets me further, except that I get these link errors:
ild: (undefined symbol) ldapssl_init -- referenced in the
text segment
of modules/experimental/.libs/mod_ldap.a(util_ldap.o)
So, has anyone gotten the Novell LDAP SDK to work? Any other hintsfor how I could go about making mod_auth_ldap work with
Novell e-Dir?
Thanks for any help!

Cheers,
Craig
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTPServer Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

References:
- RE: [users@httpd] Mod_auth_ldap and Novell e-dir
  - From: Craig L. Ching

Prev by Date: Re: [users@httpd] Win32DisableAcceptEx
Next by Date: RE: [users@httpd] Mod_auth_ldap and Novell e-dir
Previous by thread: RE: [users@httpd] Mod_auth_ldap and Novell e-dir
Next by thread: RE: [users@httpd] Mod_auth_ldap and Novell e-dir
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]