Jeff Trawick wrote: > (PHP, Apache, etc.) > > Is anyone familiar with this topic? Is anyone missing a feature because > the web stack components don't use OpenLDAP? Are the re compelling > reasons to use OpenLDAP instead of Solaris LDAP? > > Apache LDAP auth is a little more full-featured with OpenLDAP (STARTTLS > and possibly some certificate handling features work with OpenLDAP but > not with Solaris LDAP). > The clincher is apparently ldaps.
PHP? I don't know how to use ldaps with PHP + Solaris LDAP. From looking at the code (http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/php5/php-5.2.6/ext/ldap/ldap.c) PHP appears to rely on the client library interpreting the LDAP URL to enable ldaps. (That isn't supported with Solaris LDAP.) Apache? It crashes with Solaris LDAP at present but can presumably be fixed with an as-yet-unidentified patch. Lighttpd? Squid? MySQL? xxx? no idea; comments appreciated A migration concern with switching to OpenLDAP is that OpenLDAP and Solaris LDAP client libraries use different formats for SSL-related databases. If ldaps is actually working for anybody now, switching to OpenLDAP will likely require changing the database format (keytool, certutil, etc.) as well as any configuration directives that deal with that. (If ldaps isn't actually working with the web stack components, then the migration concern is obviously moot.)
