LDAP over SSL on Win32

Tue, 26 Feb 2008 12:57:28 -0800 

Sorry if this is the wrong list for this question.  I have not been able to
find an answer and someone suggested I try this list.

It seems with the binary distribution of Apache 2.2 for Win32, (with the
Microsoft LDAP SDK compiled into apr-util) it is not possible to initialize
an SSL connection to an LDAP server using mod_ldap and mod_authnz_ldap.

During startup I get:

[info] LDAP: SSL support unavailable: LDAP: CA certificates cannot be set
using this method, as they are stored in the registry instead.

And if I try to initiate an SSL connection with an LDAP server I get:

[warn] [client 127.0.0.1] [8048] auth_ldap authenticate: user vec02
authentication failed; URI /svn [LDAP: an attempt to set LDAP_OPT_SSL on
failed.][Parameter Error]

So, my questions:

Am I crazy or is LDAP over SSL just not supported for this distribution?
and

If I'm not crazy, is there a binary distribution of aprutil-1.dll that will
support this (that anyone knows of) or will I have to figure out how to
compile it myself?

This is running on a Windows 2000 Server box (Service pack 4 + updates), and
I'm attempting to connect to a remote Novell LDAP Agent for eDirectory
version 8.7.3.9.

Everything works perfectly if don't try to use SSL (plain text over 389 is
fine).

Relevant Apache config (very basic):
---------------------------------------------------------------------------------------------------------------------------
ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2"
Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule ssl_module modules/mod_ssl.so

LogLevel debug

DocumentRoot "D:/wwwroot/htdocs"

<Directory "D:/wwwroot/htdocs">
        AllowOverride All
        Options FollowSymLinks Includes
        Order allow,deny
        Allow from all
</Directory>

<Location "/">
      AuthzLDAPAuthoritative OFF

      AuthLDAPUrl ldaps://ldap.intranet.mysite/o=myorg?uid SSL

      AuthType Basic
      AuthName "TEST Root directory"
      AuthBasicProvider ldap
      Require valid-user
</Location>
---------------------------------------------------------------------------------------------------------------------------


I appreciate any info and pointers.


Thx... HH

-- 
Harry Holt, PMP

Reply via email to