httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Graham Leggett" <>
Subject Re: Auth LDAP ssl/tls differences
Date Wed, 05 Jan 2005 11:10:18 GMT
William A. Rowe, Jr. said:

> The correct scheme/port for STARTTLS LDAP connections is
> ldap:// with port 389 implicit.  We need a mechanism to clarify
> to mod_ldap that TLS security is desired.

I have just taught's apr-utils' apr_ldap_init() function to handle
STARTTLS in addition to SSL (or no encryption).

apr_ldap_init() supports an integer "secure", which presently takes the
values "0" for no encryption, and "1" for SSL. This now also takes the
values "2" for STARTTLS, "3" for STARTTLS allowed if the server requested
it, and "4" for optionally try STARTTLS. (All of this comes from OpenLDAP
symantics, which some googling seems to be the new standard method for
replacing deprecated legacy functions like ldap_start_tls_s()). This way
apr_ldap_init() is extended to support STARTTLS while maintaining
backwards compatibility.

The next task is to modify httpd's util_ldap so it knows about the above
extended behaviour.


View raw message