Hi Bill (and Brad), That's great news, thanks a lot! As you can tell, I know very little about Novell e-Dir ;-) Thanks much for the help! Cheers, Craig > -----Original Message----- > From: William A. Rowe, Jr. [mailto:wrowe@xxxxxxxxxxxxx] > Sent: Friday, September 02, 2005 12:47 PM > To: users@xxxxxxxxxxxxxxxx > Subject: Re: [users@httpd] Mod_auth_ldap and Novell e-dir > > Brad Nicholes offerd some thoughts yesterday that might help; > > I don't think that the work has been done to use the > Novell LDAP SDK > on any other platform other than NetWare. Mainly because > the OpenLDAP > client SDK works just fine although it is correct that > OpenLDAP does > not support the DER cert format. But this should not be a problem > when connecting to an eDir server because the eDir server > will support > B64 as well. The certificate just needs to be exported > from eDir in > B64 format so that it is compatible with OpenLDAP rather than DER > format. > > Craig L. Ching wrote: > > Hi Bill, > > > > Thanks much for your response! Unfortunately, this is for > a customer > > and I need to get them up and running ASAP. With 2.1, would I have > > something that is stable enough for a simple CGI application? > > > > Cheers, > > Craig > > > > > >>-----Original Message----- > >>From: William A. Rowe, Jr. [mailto:wrowe@xxxxxxxxxxxxx] > >>Sent: Thursday, September 01, 2005 3:34 PM > >>To: users@xxxxxxxxxxxxxxxx > >>Subject: Re: [users@httpd] Mod_auth_ldap and Novell e-dir > >> > >>Craig - using only autodetection (don't force the .hnw file) > >>- I would suggest you try using the 2.1.8 alpha release when it's > >>announced in a few days. ldap was quite experimental on > 2.2, and with > >>ssl and starttls support, doubly so. > >> > >>Bill > >> > >>Craig L. Ching wrote: > >> > >>>Hi, > >>> > >>>I'm trying to build an apache (2.0.54 on SunOS 7) that will > >> > >>be able to > >> > >>>interface with Novell e-Directory to authenticate users using > >>>mod_auth_ldap. I have a build that works using the > >> > >>OpenLDAP libraries > >> > >>>and normal ldap://, but when we try to do the same thing using > >>>ldaps://, I get errors that indicate that OpenLDAP doesn't > >> > >>support the > >> > >>>DER encoding for the certificate. > >>> > >>>So I was thinking of using the Novell LDAP SDK, but that doesn't > >>>appear to be straight-forward. Using the following options: > >>> > >>> --with-ldap=ldapsdk \ > >>> > >>> > >> > >>--with-ldap-include=/export/home/cching/novell/cldap_2005.07 > .18/includ > >> > >>>e > >>>\ > >>> --with-ldap-lib=/export/home/cching/novell/cldap_2005.07.18/lib \ > >>> --enable-ldap=static \ > >>> --enable-auth-ldap=static \ > >>> > >>>I get the following compile error: > >>> > >>>"util_ldap.c", line 1568: undefined symbol: > >> > >>LDAP_OPT_X_TLS_CACERTFILE > >> > >>>So, delving into this a bit further, I see a preprocessor macro: > >>> > >>>APR_HAS_NOVELL_LDAPSDK > >>> > >>>That looks interesting. AFAICT, the only way to turn this > on is by > >>>using srclib/apr-util/include/apr_ldap.hnw for apr_ldap.h. > Copying > >>>that over gets me further, except that I get these link errors: > >>> > >>>ild: (undefined symbol) ldapssl_init -- referenced in the > >> > >>text segment > >> > >>>of modules/experimental/.libs/mod_ldap.a(util_ldap.o) > >>> > >>>So, has anyone gotten the Novell LDAP SDK to work? Any > other hints > >>>for how I could go about making mod_auth_ldap work with > >> > >>Novell e-Dir? > >> > >>>Thanks for any help! > >>> > >>>Cheers, > >>>Craig > >>> > >>> > >> > >>------------------------------------------------------------ > --------- > >> > >>>The official User-To-User support forum of the Apache HTTP > >> > >>Server Project. > >> > >>>See <URL:http://httpd.apache.org/userslist.html> for more info. > >>>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > >>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > >>>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > >>> > >>> > >>> > >> > >>------------------------------------------------------------ > --------- > >>The official User-To-User support forum of the Apache HTTP Server > >>Project. > >>See <URL:http://httpd.apache.org/userslist.html> for more info. > >>To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > >>For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > >> > >> > >> > > > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP > Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|