Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Users
mod_ldap SNI ? Google LDAP server ?
dtkacik at empowerededu
Apr 5, 2023, 6:19 AM
Post #1 of 3 (141 views)
Permalink
Hello :)

I’m running Apache/2.4.55 with mod_ldap.x86_64 2.4.55-1.amzn2

I’m trying to make to work the ldap over SSL to LDAP provided by Google. But unfortunately no success.
Via plain LDAP using stunnel all works as expected. But using SSL directly in httpd doesn’t work.

I think it may have something do with mod_ldap doesn’t support SNI yet as I’m not sure which version of OpenLDAP is compiled to mod_ldap ?
As wrote here: https://lists.apache.org/thread/tqr1xncnpsqjdy1ysbrzcvzw1om41rl7

Any ideas ? Can someone point me to the right direction ? Perhaps using a newer mod_ldap or using some directive which is not documented ?

Any help would be greatly appreciated !

Thanks !
David
Re: mod_ldap SNI ? Google LDAP server ? [ In reply to ]
covener at gmail
Apr 5, 2023, 6:28 AM
Post #2 of 3 (141 views)
Permalink
On Wed, Apr 5, 2023 at 9:19?AM David Tkacik
<dtkacik@empowerededu.org.invalid> wrote:
>
> Hello :)
>
> I’m running Apache/2.4.55 with mod_ldap.x86_64 2.4.55-1.amzn2
>
> I’m trying to make to work the ldap over SSL to LDAP provided by Google. But unfortunately no success.
> Via plain LDAP using stunnel all works as expected. But using SSL directly in httpd doesn’t work.
>
> I think it may have something do with mod_ldap doesn’t support SNI yet as I’m not sure which version of OpenLDAP is compiled to mod_ldap ?
> As wrote here: https://lists.apache.org/thread/tqr1xncnpsqjdy1ysbrzcvzw1om41rl7

At build time, an LDAP client library is detected and usually
dynamically linked.

If there is some LDAP_SET_OPTION that passes a server name separately,
or opts into the extension for this SDK, I think mod_ldap would need
to be patched to be aware of it

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: mod_ldap SNI ? Google LDAP server ? [ In reply to ]
covener at gmail
Apr 5, 2023, 6:28 AM
Post #3 of 3 (141 views)
Permalink
On Wed, Apr 5, 2023 at 9:28?AM Eric Covener <covener@gmail.com> wrote:
>
> On Wed, Apr 5, 2023 at 9:19?AM David Tkacik
> <dtkacik@empowerededu.org.invalid> wrote:
> >
> > Hello :)
> >
> > I’m running Apache/2.4.55 with mod_ldap.x86_64 2.4.55-1.amzn2
> >
> > I’m trying to make to work the ldap over SSL to LDAP provided by Google. But unfortunately no success.
> > Via plain LDAP using stunnel all works as expected. But using SSL directly in httpd doesn’t work.
> >
> > I think it may have something do with mod_ldap doesn’t support SNI yet as I’m not sure which version of OpenLDAP is compiled to mod_ldap ?
> > As wrote here: https://lists.apache.org/thread/tqr1xncnpsqjdy1ysbrzcvzw1om41rl7
>
> At build time, an LDAP client library is detected and usually
> dynamically linked.
>
> If there is some LDAP_SET_OPTION that passes a server name separately,
> or opts into the extension for this SDK, I think mod_ldap would need
> to be patched to be aware of it

It is also possible the SDK reads some external config where it could
be turned on.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal