Project

General

Profile

Feature #2190

Apache (and PHP) compliation against OpenLDAP libraries

Added by Predrag Zečević over 8 years ago. Updated over 8 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2012-02-27
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

Hi,

Current (Solaris) LDAP libraries are preventing use of LDAP functionality from both Apache (mod_ldap) and PHP (ldap_* functions) IF SSL is required (BTW, curl libraries needed for PHP compilation are also using old/obsolete LDAP library).

More over, ALL ldap libraries are located in same directory:

ls -al /usr/lib{/amd64,/}/*libldap*
lrwxrwxrwx 1 root root   22 2011-03-04 15:30 /usr/lib//libldap_r-2.4.so -> libldap_r-2.4.so.2.5.4
lrwxrwxrwx 1 root root   22 2011-03-04 15:30 /usr/lib//libldap_r-2.4.so.2 -> libldap_r-2.4.so.2.5.4
-r-xr-xr-x 1 root bin  306K 2012-02-14 10:15 /usr/lib//libldap_r-2.4.so.2.5.4
lrwxrwxrwx 1 root root   20 2011-03-04 15:30 /usr/lib//libldap-2.4.so -> libldap-2.4.so.2.5.4
lrwxrwxrwx 1 root root   20 2011-03-04 15:30 /usr/lib//libldap-2.4.so.2 -> libldap-2.4.so.2.5.4
-r-xr-xr-x 1 root bin  279K 2012-02-14 10:15 /usr/lib//libldap-2.4.so.2.5.4
lrwxrwxrwx 1 root root   12 2012-01-18 09:35 /usr/lib//libldap.so -> libldap.so.5
-rwxr-xr-x 1 root bin  212K 2012-02-14 10:15 /usr/lib//libldap.so.4
-rwxr-xr-x 1 root bin  363K 2012-02-14 10:15 /usr/lib//libldap.so.5
lrwxrwxrwx 1 root root   12 2011-03-02 12:13 /usr/lib//libldap50.so -> libldap.so.5
lrwxrwxrwx 1 root root   14 2011-03-02 12:13 /usr/lib//libldap60.so -> libldap60.so.1
-rwxr-xr-x 1 root bin  241K 2012-02-14 10:16 /usr/lib//libldap60.so.1
lrwxrwxrwx 1 root root   22 2011-03-04 15:30 /usr/lib/amd64/libldap_r-2.4.so -> libldap_r-2.4.so.2.5.4
lrwxrwxrwx 1 root root   22 2011-03-04 15:30 /usr/lib/amd64/libldap_r-2.4.so.2 -> libldap_r-2.4.so.2.5.4
-r-xr-xr-x 1 root bin  385K 2012-02-14 10:15 /usr/lib/amd64/libldap_r-2.4.so.2.5.4
lrwxrwxrwx 1 root root   20 2011-03-04 15:30 /usr/lib/amd64/libldap-2.4.so -> libldap-2.4.so.2.5.4
lrwxrwxrwx 1 root root   20 2011-03-04 15:30 /usr/lib/amd64/libldap-2.4.so.2 -> libldap-2.4.so.2.5.4
-r-xr-xr-x 1 root bin  352K 2012-02-14 10:15 /usr/lib/amd64/libldap-2.4.so.2.5.4
lrwxrwxrwx 1 root root   12 2011-03-02 12:13 /usr/lib/amd64/libldap.so -> libldap.so.5
-rwxr-xr-x 1 root bin  264K 2012-02-14 10:14 /usr/lib/amd64/libldap.so.4
-rwxr-xr-x 1 root bin  446K 2012-02-14 10:14 /usr/lib/amd64/libldap.so.5
lrwxrwxrwx 1 root root   14 2011-03-02 12:13 /usr/lib/amd64/libldap60.so -> libldap60.so.1
-rwxr-xr-x 1 root bin  298K 2012-02-14 10:16 /usr/lib/amd64/libldap60.so.1

From http://httpd.apache.org/docs/2.2/mod/mod_ldap.html#usingssltls:

Solaris SDK

SSL/TLS for the native Solaris LDAP libraries is not yet supported. If required, install and use the OpenLDAP libraries instead.

So, i have few questions:
a) is this proper place to ask for this?
b) if yes, can we count of this feature in the future?
c) if no, what would be proper way to have this on Illumos based distribution (OpenIndiana for example)?

Thanks and best regards.

History

#1

Updated by Milan Jurik over 8 years ago

Few notes:

1) Solaris LDAP SDK (libldap.so.5) does not support StartTLS, but SSL is supported

2) but Apache apr contains bug in initialization of SSL layer with non-OpenLDAP SDK

So even if Solaris LDAP SDK will merge code from Mozilla LDAP (libldap60.so), it will not work. The best solution is to link Apache with OpenLDAP (libldap-2.4.so) as it is the only one currently really maintained by Apache.

Also available in: Atom PDF