I'm assuming this works in specific environments, perhaps Windows using a Windows AD.  I have been unsuccessful creating an SSL connection at all against either Novell Edir's LDAP connector, or against an OpenLDAP directory running on Linux (although a native compile on the Linux box works fine with the same OpenLDAP server).

The patch *does* assist in that it provides a consistent error message across XP, Windows 2000, and Windows Server 2003.

Thx... HH

On Sun, Mar 23, 2008 at 4:00 PM, Victor <victorjss@gmail.com> wrote:
On Sun, Mar 23, 2008 at 6:36 PM, Graham Leggett <minfrin@sharp.fm> wrote:

Can you confirm that it works for you? It seems a straightforward change.

Yes, the new code works for me, but I didn't pass any test included in the APR project (if they exist). I simply compiled the new code, and tested the connection, not only with ldaps, but also with simple ldap. I also track the TCP packets with WireShark and checked that SSL handshake was made with ldaps and no plain text password was sent over the wire.

I tested the result in Windows XP and Windows 2000 Server (different wldap32.dll versions), but I think more intensive testing is needed. It is important the user that launches the Apache service and/or the Windows certificate store where we must put the CA certificate (intrinsics of this API).



Harry Holt, PMP