Bug 65633

Summary: mod_authnz_ldap doesn't support SASL EXTERNAL bind to ldap
Product: Apache httpd-2 Reporter: Chris Hecker <checker>
Component: mod_authnz_ldapAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: enhancement    
Priority: P2    
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Chris Hecker 2021-10-14 22:16:36 UTC 
Hi, mod_authnz_ldap doesn't support httpd connecting to LDAP servers that require SASL EXTERNAL authentication using certificates (which provide the binddn implicitly).  If there's a binddn specified with AuthLDAPBindDN it tries to use a password, if no binddn it tries anonymous.  

There are a couple related very old bug reports:

https://bz.apache.org/bugzilla/show_bug.cgi?id=55178
This is on the mod_auth_ldap module, and had the problem of using the _s synchronous sasl bind function.

https://bz.apache.org/bugzilla/show_bug.cgi?id=48780
This one is about allowing clients to use certificates, not httpd using certs to connect.

I'm thinking about adding this to my local version of mod_authnz_ldap to support some features on my site using ldap-attribute queries.  If you guys are interested in a patch to add this long-requested-but-obviously-not-that-high-priority feature, I can do it "right," if not I'll probably hack it a bit since it'll just be for me.  Let me know!

Thanks,
Chris