Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 41183 - apache2 mod_auth_ldap doesn't have SSL support
Summary: apache2 mod_auth_ldap doesn't have SSL support
Status: VERIFIED LATER
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Apache Team - Bugzilla Reports
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-02-10 17:10 UTC by Pablos
Modified: 2005-04-23 19:44 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pablos 2004-02-10 17:10:29 UTC
According to the mod_auth_ldap documentation, this module should support LDAP SSL connections if openldap is built with SSL support.  I have used USE="ssl" when emerging both openssl & apache.  Still, when I start up apache, I get these log entries: 
[notice] LDAP: Built with OpenLDAP LDAP SDK
[notice] LDAP: SSL support unavailable

Here's some info on building mod_auth_ldap:
http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap_apache2.html


Reproducible: Always
Steps to Reproduce:
1. emerge openldap apache (make sure to use apache2)
2. set APACHE2_OPTS="-D SSL -D LDAP" in /etc/conf.d/apache2
3. /etc/init.d/apache2 start && tail /var/log/apache/error_log

Actual Results:  
You'll see that apache2 reports no SSL support for LDAP, even though it should 
be there.  Indeed, it doesn't work! 

Expected Results:  
No error should be logged, and the "LDAP_StartTLS on" directive should work.
Comment 1 Thomas Beutin 2004-02-24 05:40:04 UTC
AFAIK the current net-www/mod_auth_ldap ebuild is the 2.4.1 version for mod_auth_ldap and is not intended to be used with apache2. You should use the version 2.12 instead (unfortunally not in portage tree but released in May 2002 and updated in Sept. 2003).
Comment 2 Chuck Short (RETIRED) gentoo-dev 2004-04-13 15:42:57 UTC
mod_auth_ldap is not supposed to work with apache2. It only works with apache1. I have added ssl support to the module. Thanks for the bug report.
Comment 3 Benjamin Smee (strerror) (RETIRED) gentoo-dev 2004-05-28 13:23:31 UTC
this problem is not related to the separate ebuild mod_auth_ldap. There is a mod_auth_ldap that comes WITH apache2 and that is not picking up the USE="ssl" for the ldap as I can reproduce this bug. Simply USE="ssl" emerge apache2 should build the mod_auth_ldap with ssl support.
Comment 4 Ciaran McCreesh 2004-05-30 08:39:55 UTC
reopening at strerror's request
Comment 5 Benjamin Smee (strerror) (RETIRED) gentoo-dev 2004-05-30 08:42:50 UTC
Basically the issue is that apache2 comes with it's own mod_auth_ldap and mod_ldap, which can be activated with -D AUTH_LDAP and -D LDAP respectively in /etc/conf.d/apache2. The problem is that these modules are not honouring the USE flags at all and are consequently not compiling against ssl even when USE="ssl". NOTE that this has nothing to do with the separate ebuilds that are floating around for ldap authentication.
Comment 6 Alwyn Schoeman 2004-10-03 23:39:27 UTC
It appears that the code in the ebuild that adds ldap support, overwrites ${myconf} instead of appending to it.

I don't know if it breaks the ldap support, but it seems that it will remove the support for berkdb in the least.
Comment 7 Mark Dierolf (RETIRED) gentoo-dev 2004-10-07 09:58:46 UTC
I committed a fix to the overlay the #gentoo-apache herd is building for Apache 2.0.52.

We will be merging this overlay into mainline portage in a week or two, fixing the bug.
Comment 8 Rémi Cardona gentoo-dev 2004-10-30 15:46:43 UTC
mark,

could you please post a patch or a link to it or a ML thread? I would really appreciate it since it's been 3 weeks since this bug was closed and the ebuild still doesn't have the fix.

R
Comment 9 Rémi Cardona gentoo-dev 2004-10-30 15:46:43 UTC
mark,

could you please post a patch or a link to it or a ML thread? I would really appreciate it since it's been 3 weeks since this bug was closed and the ebuild still doesn't have the fix.

Rémi
Comment 10 Michael Tindal (RETIRED) gentoo-dev 2004-10-30 15:49:46 UTC
It isnt closed, its simply resolved as "LATER".  This is because the fix is in our overlay, http://svn.northnitch.com/gentoo/apache-overlay, but it has not made it into mainline portage yet.  One of immediate concerns is moving the overlay into the main portage tree, so you can look forward to it soon, or you can use our overlay.
Comment 11 Elfyn McBratney (beu) (RETIRED) gentoo-dev 2005-04-23 19:44:40 UTC
Fixed in CVS since early this year, closing.  Please re-open if there are still issues.