httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig L. Ching" <cch...@mqsoftware.com>
Subject RE: [users@httpd] Mod_auth_ldap and Novell e-dir
Date Fri, 02 Sep 2005 18:29:20 GMT
Hi Bill (and Brad),

That's great news, thanks a lot!  As you can tell, I know very little
about Novell e-Dir ;-)

Thanks much for the help!

Cheers,
Craig 

> -----Original Message-----
> From: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net] 
> Sent: Friday, September 02, 2005 12:47 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Mod_auth_ldap and Novell e-dir
> 
> Brad Nicholes offerd some thoughts yesterday that might help;
> 
>    I don't think that the work has been done to use the 
> Novell LDAP SDK
>    on any other platform other than NetWare.  Mainly because 
> the OpenLDAP
>    client SDK works just fine although it is correct that 
> OpenLDAP does
>    not support the DER cert format.  But this should not be a problem
>    when connecting to an eDir server because the eDir server 
> will support
>    B64 as well.  The certificate just needs to be exported 
> from eDir in
>    B64 format so that it is compatible with OpenLDAP rather than DER
>    format.
> 
> Craig L. Ching wrote:
> > Hi Bill,
> > 
> > Thanks much for your response!  Unfortunately, this is for 
> a customer 
> > and I need to get them up and running ASAP.  With 2.1, would I have 
> > something that is stable enough for a simple CGI application?
> > 
> > Cheers,
> > Craig
> > 
> > 
> >>-----Original Message-----
> >>From: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net]
> >>Sent: Thursday, September 01, 2005 3:34 PM
> >>To: users@httpd.apache.org
> >>Subject: Re: [users@httpd] Mod_auth_ldap and Novell e-dir
> >>
> >>Craig - using only autodetection (don't force the .hnw file)
> >>- I would suggest you try using the 2.1.8 alpha release when it's 
> >>announced in a few days.  ldap was quite experimental on 
> 2.2, and with 
> >>ssl and starttls support, doubly so.
> >>
> >>Bill
> >>
> >>Craig L. Ching wrote:
> >>
> >>>Hi,
> >>>
> >>>I'm trying to build an apache (2.0.54 on SunOS 7) that will
> >>
> >>be able to
> >>
> >>>interface with Novell e-Directory to authenticate users using 
> >>>mod_auth_ldap.  I have a build that works using the
> >>
> >>OpenLDAP libraries
> >>
> >>>and normal ldap://, but when we try to do the same thing using 
> >>>ldaps://, I get errors that indicate that OpenLDAP doesn't
> >>
> >>support the
> >>
> >>>DER encoding for the certificate.
> >>>
> >>>So I was thinking of using the Novell LDAP SDK, but that doesn't 
> >>>appear to be straight-forward.  Using the following options:
> >>>
> >>>  --with-ldap=ldapsdk \
> >>> 
> >>>
> >>
> >>--with-ldap-include=/export/home/cching/novell/cldap_2005.07
> .18/includ
> >>
> >>>e
> >>>\
> >>>  --with-ldap-lib=/export/home/cching/novell/cldap_2005.07.18/lib \
> >>>  --enable-ldap=static \
> >>>  --enable-auth-ldap=static \
> >>>
> >>>I get the following compile error:
> >>>
> >>>"util_ldap.c", line 1568: undefined symbol: 
> >>
> >>LDAP_OPT_X_TLS_CACERTFILE
> >>
> >>>So, delving into this a bit further, I see a preprocessor macro:
> >>>
> >>>APR_HAS_NOVELL_LDAPSDK
> >>>
> >>>That looks interesting.  AFAICT, the only way to turn this 
> on is by 
> >>>using srclib/apr-util/include/apr_ldap.hnw for apr_ldap.h. 
>  Copying 
> >>>that over gets me further, except that I get these link errors:
> >>>
> >>>ild: (undefined symbol) ldapssl_init -- referenced in the
> >>
> >>text segment
> >>
> >>>of modules/experimental/.libs/mod_ldap.a(util_ldap.o)
> >>>
> >>>So, has anyone gotten the Novell LDAP SDK to work?  Any 
> other hints 
> >>>for how I could go about making mod_auth_ldap work with
> >>
> >>Novell e-Dir?
> >>
> >>>Thanks for any help!
> >>>
> >>>Cheers,
> >>>Craig
> >>>
> >>>
> >>
> >>------------------------------------------------------------
> ---------
> >>
> >>>The official User-To-User support forum of the Apache HTTP
> >>
> >>Server Project.
> >>
> >>>See <URL:http://httpd.apache.org/userslist.html> for more info.
> >>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >>>For additional commands, e-mail: users-help@httpd.apache.org
> >>>
> >>>
> >>>
> >>
> >>------------------------------------------------------------
> ---------
> >>The official User-To-User support forum of the Apache HTTP Server 
> >>Project.
> >>See <URL:http://httpd.apache.org/userslist.html> for more info.
> >>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >>For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >>
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP 
> Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> > 
> > 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message