Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Precedence: bulk
Received-SPF: pass (asf.osuosl.org: local policy)
Message-Id: <4317206B.6720.00AC.0@novell.com>
Date: Thu, 01 Sep 2005 15:39:20 -0600
From: "Brad Nicholes" <BNICHOLES@novell.com>
To: <dev@apr.apache.org>,"Jr. William A. Rowe" <wrowe@rowe-clan.net>
Subject: Re: [Fwd: [users@httpd] Mod_auth_ldap and Novell e-dir]
References: <43176621.6080300@rowe-clan.net>
In-Reply-To: <43176621.6080300@rowe-clan.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

   I don't think that the work has been done to use the Novell LDAP SDK
on any other platform other than NetWare.  Mainly because the OpenLDAP
client SDK works just fine although it is correct that OpenLDAP does not
support the DER cert format.  But this should not be a problem when
connecting to an eDir server because the eDir server will support B64 as
well.  The certificate just needs to be exported from eDir in B64 format
so that it is compatible with OpenLDAP rather than DER format.

Brad

>>> On Thursday, September 01, 2005 at 2:35 pm, in message
<43176621.6080300@rowe-clan.net>, "William A. Rowe, Jr."
<wrowe@rowe-clan.net>
wrote:
> Question; is the toolkit detection actually working now in trunk?
> 
> Sure sounds like something we need to fix.  I'm getting really tired
> of bubblegum and bailing wire added to our AutoConf scripts, just to
> hack through some new, desired feature.  Either the detection needs
> to be correct, or we gotta start vetoing some new proposed features.
> 
> Bill
> 
> -------- Original Message --------
> Subject: [users@httpd] Mod_auth_ldap and Novell e-dir
> Date: Thu, 1 Sep 2005 14:20:50 -0500
> From: Craig L. Ching <cching@mqsoftware.com>
> Reply-To: users@httpd.apache.org 
> To: <users@httpd.apache.org>
> 
> Hi,
> 
> I'm trying to build an apache (2.0.54 on SunOS 7) that will be able
to
> interface with Novell e-Directory to authenticate users using
> mod_auth_ldap.  I have a build that works using the OpenLDAP
libraries
> and normal ldap://, but when we try to do the same thing using
ldaps://,
> I get errors that indicate that OpenLDAP doesn't support the DER
> encoding for the certificate.
> 
> So I was thinking of using the Novell LDAP SDK, but that doesn't
appear
> to be straight-forward.  Using the following options:
> 
>    --with-ldap=ldapsdk \
> 
>
--with-ldap-include=/export/home/cching/novell/cldap_2005.07.18/include
> \
>    --with-ldap-lib=/export/home/cching/novell/cldap_2005.07.18/lib \
>    --enable-ldap=static \
>    --enable-auth-ldap=static \
> 
> I get the following compile error:
> 
> "util_ldap.c", line 1568: undefined symbol:
LDAP_OPT_X_TLS_CACERTFILE
> 
> So, delving into this a bit further, I see a preprocessor macro:
> 
> APR_HAS_NOVELL_LDAPSDK
> 
> That looks interesting.  AFAICT, the only way to turn this on is by
> using srclib/apr-util/include/apr_ldap.hnw for apr_ldap.h.  Copying
that
> over gets me further, except that I get these link errors:
> 
> ild: (undefined symbol) ldapssl_init -- referenced in the text
segment
> of modules/experimental/.libs/mod_ldap.a(util_ldap.o)
> 
> So, has anyone gotten the Novell LDAP SDK to work?  Any other hints
for
> how I could go about making mod_auth_ldap work with Novell e-Dir?
> 
> Thanks for any help!
> 
> Cheers,
> Craig
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org 
>     "   from the digest: users-digest-unsubscribe@httpd.apache.org 
> For additional commands, e-mail: users-help@httpd.apache.org