Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: neutral (asf.osuosl.org: local policy)
Message-ID: <43189029.9000005@rowe-clan.net>
Date: Fri, 02 Sep 2005 12:47:21 -0500
From: "William A. Rowe, Jr." <wrowe@rowe-clan.net>
User-Agent: Mozilla Thunderbird 1.0.6-1.1.fc3 (X11/20050720)
MIME-Version: 1.0
To: users@httpd.apache.org
References: 
 <3C05BBBA1B54ED43B1A6827E620EF1CD0148A1E6@mailservermn.mqsoftware.com>
In-Reply-To: 
 <3C05BBBA1B54ED43B1A6827E620EF1CD0148A1E6@mailservermn.mqsoftware.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [users@httpd] Mod_auth_ldap and Novell e-dir

Brad Nicholes offerd some thoughts yesterday that might help;

   I don't think that the work has been done to use the Novell LDAP SDK
   on any other platform other than NetWare.  Mainly because the OpenLDAP
   client SDK works just fine although it is correct that OpenLDAP does
   not support the DER cert format.  But this should not be a problem
   when connecting to an eDir server because the eDir server will support
   B64 as well.  The certificate just needs to be exported from eDir in
   B64 format so that it is compatible with OpenLDAP rather than DER
   format.

Craig L. Ching wrote:
> Hi Bill,
> 
> Thanks much for your response!  Unfortunately, this is for a customer
> and I need to get them up and running ASAP.  With 2.1, would I have
> something that is stable enough for a simple CGI application?
> 
> Cheers,
> Craig
> 
> 
>>-----Original Message-----
>>From: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net] 
>>Sent: Thursday, September 01, 2005 3:34 PM
>>To: users@httpd.apache.org
>>Subject: Re: [users@httpd] Mod_auth_ldap and Novell e-dir
>>
>>Craig - using only autodetection (don't force the .hnw file) 
>>- I would suggest you try using the 2.1.8 alpha release when 
>>it's announced in a few days.  ldap was quite experimental on 
>>2.2, and with ssl and starttls support, doubly so.
>>
>>Bill
>>
>>Craig L. Ching wrote:
>>
>>>Hi,
>>>
>>>I'm trying to build an apache (2.0.54 on SunOS 7) that will 
>>
>>be able to 
>>
>>>interface with Novell e-Directory to authenticate users using 
>>>mod_auth_ldap.  I have a build that works using the 
>>
>>OpenLDAP libraries 
>>
>>>and normal ldap://, but when we try to do the same thing using 
>>>ldaps://, I get errors that indicate that OpenLDAP doesn't 
>>
>>support the 
>>
>>>DER encoding for the certificate.
>>>
>>>So I was thinking of using the Novell LDAP SDK, but that doesn't 
>>>appear to be straight-forward.  Using the following options:
>>>
>>>  --with-ldap=ldapsdk \
>>> 
>>>
>>
>>--with-ldap-include=/export/home/cching/novell/cldap_2005.07.18/includ
>>
>>>e
>>>\
>>>  --with-ldap-lib=/export/home/cching/novell/cldap_2005.07.18/lib \
>>>  --enable-ldap=static \
>>>  --enable-auth-ldap=static \
>>>
>>>I get the following compile error:
>>>
>>>"util_ldap.c", line 1568: undefined symbol: 
>>
>>LDAP_OPT_X_TLS_CACERTFILE
>>
>>>So, delving into this a bit further, I see a preprocessor macro:
>>>
>>>APR_HAS_NOVELL_LDAPSDK
>>>
>>>That looks interesting.  AFAICT, the only way to turn this on is by 
>>>using srclib/apr-util/include/apr_ldap.hnw for apr_ldap.h.  Copying 
>>>that over gets me further, except that I get these link errors:
>>>
>>>ild: (undefined symbol) ldapssl_init -- referenced in the 
>>
>>text segment 
>>
>>>of modules/experimental/.libs/mod_ldap.a(util_ldap.o)
>>>
>>>So, has anyone gotten the Novell LDAP SDK to work?  Any other hints 
>>>for how I could go about making mod_auth_ldap work with 
>>
>>Novell e-Dir?
>>
>>>Thanks for any help!
>>>
>>>Cheers,
>>>Craig
>>>
>>>
>>
>>---------------------------------------------------------------------
>>
>>>The official User-To-User support forum of the Apache HTTP 
>>
>>Server Project.
>>
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP 
>>Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org