According to the mod_auth_ldap documentation, this module should support LDAP SSL connections if openldap is built with SSL support. I have used USE="ssl" when emerging both openssl & apache. Still, when I start up apache, I get these log entries: [notice] LDAP: Built with OpenLDAP LDAP SDK [notice] LDAP: SSL support unavailable Here's some info on building mod_auth_ldap: http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap_apache2.html Reproducible: Always Steps to Reproduce: 1. emerge openldap apache (make sure to use apache2) 2. set APACHE2_OPTS="-D SSL -D LDAP" in /etc/conf.d/apache2 3. /etc/init.d/apache2 start && tail /var/log/apache/error_log Actual Results: You'll see that apache2 reports no SSL support for LDAP, even though it should be there. Indeed, it doesn't work! Expected Results: No error should be logged, and the "LDAP_StartTLS on" directive should work.
AFAIK the current net-www/mod_auth_ldap ebuild is the 2.4.1 version for mod_auth_ldap and is not intended to be used with apache2. You should use the version 2.12 instead (unfortunally not in portage tree but released in May 2002 and updated in Sept. 2003).
mod_auth_ldap is not supposed to work with apache2. It only works with apache1. I have added ssl support to the module. Thanks for the bug report.
this problem is not related to the separate ebuild mod_auth_ldap. There is a mod_auth_ldap that comes WITH apache2 and that is not picking up the USE="ssl" for the ldap as I can reproduce this bug. Simply USE="ssl" emerge apache2 should build the mod_auth_ldap with ssl support.
reopening at strerror's request
Basically the issue is that apache2 comes with it's own mod_auth_ldap and mod_ldap, which can be activated with -D AUTH_LDAP and -D LDAP respectively in /etc/conf.d/apache2. The problem is that these modules are not honouring the USE flags at all and are consequently not compiling against ssl even when USE="ssl". NOTE that this has nothing to do with the separate ebuilds that are floating around for ldap authentication.
It appears that the code in the ebuild that adds ldap support, overwrites ${myconf} instead of appending to it. I don't know if it breaks the ldap support, but it seems that it will remove the support for berkdb in the least.
I committed a fix to the overlay the #gentoo-apache herd is building for Apache 2.0.52. We will be merging this overlay into mainline portage in a week or two, fixing the bug.
mark, could you please post a patch or a link to it or a ML thread? I would really appreciate it since it's been 3 weeks since this bug was closed and the ebuild still doesn't have the fix. R
mark, could you please post a patch or a link to it or a ML thread? I would really appreciate it since it's been 3 weeks since this bug was closed and the ebuild still doesn't have the fix. Rémi
It isnt closed, its simply resolved as "LATER". This is because the fix is in our overlay, http://svn.northnitch.com/gentoo/apache-overlay, but it has not made it into mainline portage yet. One of immediate concerns is moving the overlay into the main portage tree, so you can look forward to it soon, or you can use our overlay.
Fixed in CVS since early this year, closing. Please re-open if there are still issues.