I've been trying to get mod_ldap to do basic auth to multiple (failover)
servers, via ldaps, and non standard ports. Trying to do this under
apache2, I was able to do it after several fixes, which not being a
programmer, I figure I run this thru the list for comments:
My setup are three ldap servers (Sun Directory 5.2), accepting secure
connections in non-standard ports. Also, our base dn is old format:
"o=My Organization, c=US"
Although the openldap libraries work fine for individual servers, I
could not get a string to work when supplying more than one ldap server,
and properly do failover.
With the Sun SDK, failover works, but if a host is down (instead of not
accepting connections) timeout takes forever, and by default you cannot
set your own. Also, the released Sun SDK (5.08) would not work, and I
was only able to use the mozilla version (5.16).
My fixes:
* mod-ldap is hardcoded to use the openldap libraries. To change this,
in srclib/par-util/include/apr_ldap.h.in
---BEGIN---
--- httpd-2.0.54.orig/srclib/apr-util/include/apr_ldap.h.in
2004-11-24 18:45:40.000000000 -0500
+++ httpd-2.0.54/srclib/apr-util/include/apr_ldap.h.in 2005-09-26
13:21:48.000000000 -0400
@@ -72,7 +72,8 @@
/* FIXME: remove this when above code works. Default to build with
* OpenLDAP until apu-conf.m4 support exists */
-#define APR_HAS_OPENLDAP_LDAPSDK 1
+#define APR_HAS_OPENLDAP_LDAPSDK 0
+#define APR_HAS_NETSCAPE_LDAPSDK 1
#define APR_HAS_LDAP_SSL 1
#endif /* APR_NOT_READY_YET */
----END---
* Timeout for the Sun SDK is defined by LDAP_X_OPT_CONNECT_TIMEOUT, so
in modules/experimental/util_ldap.c
---BEGIN---
--- httpd-2.0.54.orig/modules/experimental/util_ldap.c 2005-04-11
11:49:57.000000000 -0400
+++ httpd-2.0.54/modules/experimental/util_ldap.c 2005-09-26
13:20:46.000000000 -0400
@@ -1342,6 +1342,14 @@
return err;
}
+#ifdef LDAP_X_OPT_CONNECT_TIMEOUT
+ st->connectionTimeout = atol(ttl);
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
+ "[%d] ldap connection: Setting connection timeout
to %ld
seconds.",
+ getpid(), st->connectionTimeout);
+#else
+
#ifdef LDAP_OPT_NETWORK_TIMEOUT
st->connectionTimeout = atol(ttl);
@@ -1352,6 +1360,7 @@
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, cmd->server,
"LDAP: Connection timout option not supported by
the LDAP
SDK in use." );
#endif
+#endif
return NULL;
}
@@ -1644,6 +1653,21 @@
}
#endif
+#ifdef LDAP_X_OPT_CONNECT_TIMEOUT
+ if (st->connectionTimeout > 0) {
+ timeOut.tv_sec = st->connectionTimeout;
+ }
+
+ if (st->connectionTimeout >= 0) {
+ rc = ldap_set_option(NULL, LDAP_X_OPT_CONNECT_TIMEOUT, (void
*)&timeOut
);
+ if (APR_SUCCESS != rc) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "LDAP: Could not set the connection
timeout" );
+ }
+ }
+#endif
+
+
return(OK);
}
---END---
I beleive there are other patches for mod_ldap, so these should be
applied to them, provided they are ok.
--
°(((=((===°°°(((===========================================
begin:vcard fn:Ricardo Stella n:Stella;Ricardo org:Rider University adr;dom:;;2083 Lawrenceville Rd;Lawrenceville;NJ;08648 version:2.1 end:vcard
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|