Bug 65633 - mod_authnz_ldap doesn't support SASL EXTERNAL bind to ldap
Summary: mod_authnz_ldap doesn't support SASL EXTERNAL bind to ldap
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authnz_ldap (show other bugs)
Version: 2.5-HEAD
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2021-10-14 22:16 UTC by Chris Hecker
Modified: 2021-10-14 22:16 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Chris Hecker 2021-10-14 22:16:36 UTC
Hi, mod_authnz_ldap doesn't support httpd connecting to LDAP servers that require SASL EXTERNAL authentication using certificates (which provide the binddn implicitly).  If there's a binddn specified with AuthLDAPBindDN it tries to use a password, if no binddn it tries anonymous.  

There are a couple related very old bug reports:

This is on the mod_auth_ldap module, and had the problem of using the _s synchronous sasl bind function.

This one is about allowing clients to use certificates, not httpd using certs to connect.

I'm thinking about adding this to my local version of mod_authnz_ldap to support some features on my site using ldap-attribute queries.  If you guys are interested in a patch to add this long-requested-but-obviously-not-that-high-priority feature, I can do it "right," if not I'll probably hack it a bit since it'll just be for me.  Let me know!