httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Holt" <>
Subject LDAP over SSL on Win32
Date Tue, 26 Feb 2008 20:56:58 GMT
Sorry if this is the wrong list for this question.  I have not been able to
find an answer and someone suggested I try this list.

It seems with the binary distribution of Apache 2.2 for Win32, (with the
Microsoft LDAP SDK compiled into apr-util) it is not possible to initialize
an SSL connection to an LDAP server using mod_ldap and mod_authnz_ldap.

During startup I get:

[info] LDAP: SSL support unavailable: LDAP: CA certificates cannot be set
using this method, as they are stored in the registry instead.

And if I try to initiate an SSL connection with an LDAP server I get:

[warn] [client] [8048] auth_ldap authenticate: user vec02
authentication failed; URI /svn [LDAP: an attempt to set LDAP_OPT_SSL on
failed.][Parameter Error]

So, my questions:

Am I crazy or is LDAP over SSL just not supported for this distribution?

If I'm not crazy, is there a binary distribution of aprutil-1.dll that will
support this (that anyone knows of) or will I have to figure out how to
compile it myself?

This is running on a Windows 2000 Server box (Service pack 4 + updates), and
I'm attempting to connect to a remote Novell LDAP Agent for eDirectory

Everything works perfectly if don't try to use SSL (plain text over 389 is

Relevant Apache config (very basic):
ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2"
Listen 80
LoadModule auth_basic_module modules/
LoadModule authn_default_module modules/
LoadModule authn_file_module modules/
LoadModule authnz_ldap_module modules/
LoadModule authz_dbm_module modules/
LoadModule authz_default_module modules/
LoadModule authz_groupfile_module modules/
LoadModule authz_host_module modules/
LoadModule authz_owner_module modules/
LoadModule authz_user_module modules/
LoadModule ldap_module modules/
LoadModule ssl_module modules/

LogLevel debug

DocumentRoot "D:/wwwroot/htdocs"

<Directory "D:/wwwroot/htdocs">
        AllowOverride All
        Options FollowSymLinks Includes
        Order allow,deny
        Allow from all

<Location "/">
      AuthzLDAPAuthoritative OFF

      AuthLDAPUrl ldaps://ldap.intranet.mysite/o=myorg?uid SSL

      AuthType Basic
      AuthName "TEST Root directory"
      AuthBasicProvider ldap
      Require valid-user

I appreciate any info and pointers.

Thx... HH

Harry Holt, PMP

View raw message