Feature #2190
open
Apache (and PHP) compliation against OpenLDAP libraries
0%
Description
Hi,
Current (Solaris) LDAP libraries are preventing use of LDAP functionality from both Apache (mod_ldap) and PHP (ldap_* functions) IF SSL is required (BTW, curl libraries needed for PHP compilation are also using old/obsolete LDAP library).
More over, ALL ldap libraries are located in same directory:
ls -al /usr/lib{/amd64,/}/*libldap*
lrwxrwxrwx 1 root root 22 2011-03-04 15:30 /usr/lib//libldap_r-2.4.so -> libldap_r-2.4.so.2.5.4
lrwxrwxrwx 1 root root 22 2011-03-04 15:30 /usr/lib//libldap_r-2.4.so.2 -> libldap_r-2.4.so.2.5.4
-r-xr-xr-x 1 root bin 306K 2012-02-14 10:15 /usr/lib//libldap_r-2.4.so.2.5.4
lrwxrwxrwx 1 root root 20 2011-03-04 15:30 /usr/lib//libldap-2.4.so -> libldap-2.4.so.2.5.4
lrwxrwxrwx 1 root root 20 2011-03-04 15:30 /usr/lib//libldap-2.4.so.2 -> libldap-2.4.so.2.5.4
-r-xr-xr-x 1 root bin 279K 2012-02-14 10:15 /usr/lib//libldap-2.4.so.2.5.4
lrwxrwxrwx 1 root root 12 2012-01-18 09:35 /usr/lib//libldap.so -> libldap.so.5
-rwxr-xr-x 1 root bin 212K 2012-02-14 10:15 /usr/lib//libldap.so.4
-rwxr-xr-x 1 root bin 363K 2012-02-14 10:15 /usr/lib//libldap.so.5
lrwxrwxrwx 1 root root 12 2011-03-02 12:13 /usr/lib//libldap50.so -> libldap.so.5
lrwxrwxrwx 1 root root 14 2011-03-02 12:13 /usr/lib//libldap60.so -> libldap60.so.1
-rwxr-xr-x 1 root bin 241K 2012-02-14 10:16 /usr/lib//libldap60.so.1
lrwxrwxrwx 1 root root 22 2011-03-04 15:30 /usr/lib/amd64/libldap_r-2.4.so -> libldap_r-2.4.so.2.5.4
lrwxrwxrwx 1 root root 22 2011-03-04 15:30 /usr/lib/amd64/libldap_r-2.4.so.2 -> libldap_r-2.4.so.2.5.4
-r-xr-xr-x 1 root bin 385K 2012-02-14 10:15 /usr/lib/amd64/libldap_r-2.4.so.2.5.4
lrwxrwxrwx 1 root root 20 2011-03-04 15:30 /usr/lib/amd64/libldap-2.4.so -> libldap-2.4.so.2.5.4
lrwxrwxrwx 1 root root 20 2011-03-04 15:30 /usr/lib/amd64/libldap-2.4.so.2 -> libldap-2.4.so.2.5.4
-r-xr-xr-x 1 root bin 352K 2012-02-14 10:15 /usr/lib/amd64/libldap-2.4.so.2.5.4
lrwxrwxrwx 1 root root 12 2011-03-02 12:13 /usr/lib/amd64/libldap.so -> libldap.so.5
-rwxr-xr-x 1 root bin 264K 2012-02-14 10:14 /usr/lib/amd64/libldap.so.4
-rwxr-xr-x 1 root bin 446K 2012-02-14 10:14 /usr/lib/amd64/libldap.so.5
lrwxrwxrwx 1 root root 14 2011-03-02 12:13 /usr/lib/amd64/libldap60.so -> libldap60.so.1
-rwxr-xr-x 1 root bin 298K 2012-02-14 10:16 /usr/lib/amd64/libldap60.so.1
From http://httpd.apache.org/docs/2.2/mod/mod_ldap.html#usingssltls:
Solaris SDK SSL/TLS for the native Solaris LDAP libraries is not yet supported. If required, install and use the OpenLDAP libraries instead.
So, i have few questions:
a) is this proper place to ask for this?
b) if yes, can we count of this feature in the future?
c) if no, what would be proper way to have this on Illumos based distribution (OpenIndiana for example)?
Thanks and best regards.
Updated by Milan Jurik over 9 years ago
Few notes:
1) Solaris LDAP SDK (libldap.so.5) does not support StartTLS, but SSL is supported
2) but Apache apr contains bug in initialization of SSL layer with non-OpenLDAP SDK
So even if Solaris LDAP SDK will merge code from Mozilla LDAP (libldap60.so), it will not work. The best solution is to link Apache with OpenLDAP (libldap-2.4.so) as it is the only one currently really maintained by Apache.