[Auth_ldap] 1.6.1 woes

Jon Landis jjjhhhlll at gmail.com
Thu Jan 26 11:34:29 PST 2006 

Hi, I'm working on upgrading my auth_ldap setup to use 1.6.1 to patch the
security problems.

I could not get it to work for a while without patching the sources.

I'm running apache 1.3.34 and I build openldap statically 2.3.17. it is only
used to link to auth_ldap.  This worked fine in the past, but when I updated
my build scripts to use auth_ldap-1.6.1 I got the following error whenever I
tried to
do ldap stuff.

Thu Jan 26 18:52:26 2006] [error] [client 172.16.34.198] Could not connect
to LDAP server: No such file or directory

It seems that openldap is looking for /usr/local/etc/openldap/ldap.conf.  I
tried putting that file in place, but it still failed with this error
without it.  it also looks for ldaprc, etc... one of them is failing and
somehow that error is propagating up.  maybe this is an openldap problem,
but I found that using the simpler ldap connect api works just as well.  I
don't want to use ldap.conf anyways, since my config is in the apache
httpd.conf.

here is the patch to fix.  basically I removed the conditional that compiles
so it won't try to use ldap_intialize and instead uses good old ldap_init
(which still exists in the openldap api).  I looked at ldap_initialize vs
ldap_init and it seems like the former just adds the config file stuff that
I didn't want anyways.

--- build/auth_ldap-1.6.1/auth_ldap.c   Mon Jan  9 18:08:56 2006
+++ build/auth_ldap-1.6.1/auth_ldap.c   Thu Jan 26 18:54:28 2006
@@ -168,11 +168,7 @@
     ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
                  "{%d} LDAP OP: init", (int)getpid());

-#if defined(WITH_OPENLDAP) && LDAP_VENDOR_VERSION >= 20000
-    if ((ldap_initialize(&(sec->ldc->ldap), (sec->url))) != LDAP_SUCCESS) {
-#else
     if ((sec->ldc->ldap = ldap_init(sec->host, sec->port)) == NULL) {
-#endif
       extern int errno;
       auth_ldap_log_reason(r, "Could not connect to LDAP server: %s",
strerror(errno));
       return 0;

Perhaps someone more knowledgable than I can comment on why we should be
using ldap_intialize from auth_ldap?

Thanks,
Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.rudedog.org/pipermail/auth_ldap/attachments/20060126/7fea7cc9/attachment.htm

More information about the Auth_ldap mailing list