Re: [users@httpd] Mod_auth_ldap and Novell e-dir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Brad Nicholes offerd some thoughts yesterday that might help;

  I don't think that the work has been done to use the Novell LDAP SDK
  on any other platform other than NetWare.  Mainly because the OpenLDAP
  client SDK works just fine although it is correct that OpenLDAP does
  not support the DER cert format.  But this should not be a problem
  when connecting to an eDir server because the eDir server will support
  B64 as well.  The certificate just needs to be exported from eDir in
  B64 format so that it is compatible with OpenLDAP rather than DER
  format.

Craig L. Ching wrote:
Hi Bill,

Thanks much for your response!  Unfortunately, this is for a customer
and I need to get them up and running ASAP.  With 2.1, would I have
something that is stable enough for a simple CGI application?

Cheers,
Craig


-----Original Message-----
From: William A. Rowe, Jr. [mailto:wrowe@xxxxxxxxxxxxx] Sent: Thursday, September 01, 2005 3:34 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] Mod_auth_ldap and Novell e-dir

Craig - using only autodetection (don't force the .hnw file) - I would suggest you try using the 2.1.8 alpha release when it's announced in a few days. ldap was quite experimental on 2.2, and with ssl and starttls support, doubly so.

Bill

Craig L. Ching wrote:

Hi,

I'm trying to build an apache (2.0.54 on SunOS 7) that will

be able to
interface with Novell e-Directory to authenticate users using mod_auth_ldap. I have a build that works using the

OpenLDAP libraries
and normal ldap://, but when we try to do the same thing using ldaps://, I get errors that indicate that OpenLDAP doesn't

support the
DER encoding for the certificate.

So I was thinking of using the Novell LDAP SDK, but that doesn't appear to be straight-forward. Using the following options:

 --with-ldap=ldapsdk \



--with-ldap-include=/export/home/cching/novell/cldap_2005.07.18/includ

e
\
 --with-ldap-lib=/export/home/cching/novell/cldap_2005.07.18/lib \
 --enable-ldap=static \
 --enable-auth-ldap=static \

I get the following compile error:

"util_ldap.c", line 1568: undefined symbol:

LDAP_OPT_X_TLS_CACERTFILE

So, delving into this a bit further, I see a preprocessor macro:

APR_HAS_NOVELL_LDAPSDK

That looks interesting. AFAICT, the only way to turn this on is by using srclib/apr-util/include/apr_ldap.hnw for apr_ldap.h. Copying that over gets me further, except that I get these link errors:

ild: (undefined symbol) ldapssl_init -- referenced in the

text segment
of modules/experimental/.libs/mod_ldap.a(util_ldap.o)

So, has anyone gotten the Novell LDAP SDK to work? Any other hints for how I could go about making mod_auth_ldap work with

Novell e-Dir?

Thanks for any help!

Cheers,
Craig



---------------------------------------------------------------------

The official User-To-User support forum of the Apache HTTP

Server Project.

See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux