Hi,
I want to use PerLDAP with Netscape Directory SDK to connect to LDAP
server over SSL, perl scripts are running under mod_perl.
I'm getting into strange troubles because dbopen function from Netscape
Directory SDK (NDSDK) is marked as external/exportable and is
interferencing with other dbopen which is loaded from shared libs for
mod_rewrite, mod_auth_db or mod_php4. NDSDK is using dbopen from
*outside* and as result is unable to read content of cert7.db file.
I'm using this SW:
NDSDK: tested with netscape-ldap-sdk-3.0, netscape-ldap-sdk-4.1 always
with same results. 4.11 not tested because libraries have same md5sums
as 4.1.
Apache: apache_1.3.19rusPL30.4 (compiled by hand from source)
mod_perl: mod_perl-1.25 (compiled by hand from source)
perl: 5.6.0 (from unstable debian's package)
OS: Linux 2.4.3 on Intel
Code which I'm using to connect to LDAP server:
...
my $conn = new Mozilla::LDAP::Conn( "a hostname",
636,
undef,
undef,
"/usr/local/apache/conf/mozilla-ldap-cert.db");
...
(that mozilla-ldap-cert.db was created by Netscape Communicator
4.7x)
To see what is going on, I modified Mozilla::LDAP::Conn's code:
...
sub init
{
my ($self) = shift;
my ($ret, $ld);
return 0 unless (defined($self->{"host"}));
return 0 unless (defined($self->{"port"}));
if (defined($self->{"certdb"}) && ($self->{"certdb"} ne ""))
{
warn "ldapssl_client_init - begin \"$self->{certdb}\"";
$ret = ldapssl_client_init($self->{"certdb"}, 0);
warn "ldapssl_client_init - end (".sprintf("%x",$ret).":
".ldap_err2string($ret).")";
return 0 if ($ret < 0);
warn "ldapssl_init - begin";
$ld = ldapssl_init($self->{"host"}, $self->{"port"}, 1);
warn "ldapssl_init - end";
}
...
In first case I'm running apache with mod_rewrite, mod_auth*, mod_php4
and mod_perl loaded, I will in error_log see:
ldapssl_client_init - begin
"/usr/local/apache/conf/mozilla-ldap-cert.db" at
/usr/local/lib/perl/5.6.0/Mozilla/LDAP/Conn.pm line 122.
ldapssl_client_init - end (ffffe012) at
/usr/local/lib/perl/5.6.0/Mozilla/LDAP/Conn.pm line 124.
and strace will show:
open("/usr/local/apache/conf/mozilla-ldap-cert.db", O_RDONLY) = 8
fcntl64(0x8, 0x2, 0x1, 0) = 0
fstat64(8, {st_mode=S_IFREG|0640, st_size=188416, ...}) = 0
read(8, "\0\6\25a\0\0\0\2\0\0\4\322\0\0\20\0\0\0\0\f\0\0\1\0\0\0"...,
512) = 512
close(8) = 0
open("/usr/local/apache/conf/mozilla-ldap-cert.db/cert5.db", O_RDONLY) =
-1 ENOTDIR (Not a directory)
write(2, "ldapssl_client_init - end (ffffe"..., 97) = 97
So certificate was found, but ...
If I remove all named modules which need libdb and little bit modify
apache's makefiles to not link with libdb*.so it start works!
I'm getting crazy from that! I known where the problem is but I'm unable
to do nothing ... Please is here someone who have an idea how cheat
NDSDK to use it's own dbopen ... or is here some one who is able fixup
wrong linking of that library? Someone from Netscape Corp?
Thanks for any help
Jan Tomasek
