Update: Forget following post. It seems that openssl hangs when used like this (why?) and that much simplier solution is to just add:
AuthLDAPStartTLS on
So, you tried to change your AuthLDAPURL ldap://ldap.example.com to ldaps://ldap.example.com and got following message:
.htaccess: Secure LDAP (ldaps://) not supported. Rebuild auth_ldap
However, you don't want to rebuild auth_ldap today, so...
- create wrapper script like this: /usr/local/sbin/ldaps-tunnel
#!/bin/sh
exec /usr/bin/openssl s_client -connect ldap.example.com:636 -quiet 2>/dev/null
- edit your /etc/inetd.conf to include:
ldap stream tcp nowait.9999 nobody /usr/sbin/tcpd /usr/local/sbin/ldaps-tunnel
- protect that only localhost can connect without ssl by adding following restriction to /etc/hosts.allow:
ldaps-tunnel: LOCAL