Apache auth_ldap and SSL

Update: Forget following post. It seems that openssl hangs when used like this (why?) and that much simplier solution is to just add:

AuthLDAPStartTLS on

So, you tried to change your AuthLDAPURL ldap://ldap.example.com to ldaps://ldap.example.com and got following message:

.htaccess: Secure LDAP (ldaps://) not supported. Rebuild auth_ldap

However, you don't want to rebuild auth_ldap today, so...

  1. create wrapper script like this: /usr/local/sbin/ldaps-tunnel

    exec /usr/bin/openssl s_client -connect ldap.example.com:636 -quiet 2>/dev/null

  2. edit your /etc/inetd.conf to include:

    ldap stream tcp nowait.9999 nobody /usr/sbin/tcpd /usr/local/sbin/ldaps-tunnel

  3. protect that only localhost can connect without ssl by adding following restriction to /etc/hosts.allow:

    ldaps-tunnel: LOCAL