This file contains quick notes to get you going. I'll integrate everything in one document as soon as get some time. Please look at the ChangeLog section. The module name is changed to mm_auth_ldap_module. The source file name is also changed to mm_mod_auth_ldap.c The name of shared object is: mm_mod_auth_ldap.so in Unix and mm_mod_auth_ldap.dll in Windows. I did that because Apache 2.x has a ldap module and it is named same as mine. So keep a note of it if you're adding LoadModule line in httpd.conf file by hand. Example: In Unix: # apache 1.3.x LoadModule mm_auth_ldap_module libexec/mm_mod_auth_ldap.so # apache 2.x LoadModule mm_auth_ldap_module modules/mm_mod_auth_ldap.so In Windows: LoadModule mm_auth_ldap_module modules/mm_mod_auth_ldap.dll # For apache 1.3.x AddModule mm_mod_auth_ldap.c Compile (Unix) ============== Apache 1.3.x example: $ ./configure --with-mem-cache \ --with-apache-dir=/usr/local/apache1 \ --with-ldap-dir=/usr/local/openldap \ --with-apxs \ --with-apache-ver=1 \ --with-ssl=yes Apache 2.x example: $ ./configure --with-mem-cache \ --with-apache-dir=/usr/local/apache1 \ --with-ldap-dir=/usr/local/openldap \ --with-apxs \ --with-apache-ver=2 \ --with-ssl=yes ./configure --help for more info o if your LDAP sdk is not contained in one directory, use the options --with-ldap-includes and --with-ldap-libraries to specify the path of ldap header files and libraries respectively. Look at: For directives etc: http://muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap_apache2.html For Caching and related directives: http://muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap_apache2.html For SSL/TLS: http://muquit.com/muquit/software/mod_auth_ldap/ssl_tls.html Look at example httpd.conf file. ChangeLog ========= v3.07 - configure was not working for Apache 2.x (Nov-03-2005) - 2 debug messages were written to log even if debugging was set to off. (Oct-23-2005) v3.06 - Source file is renamed to mm_auth_ldap.c to avoid conflict with Apache2's own ldap module. (Sep-30-2005) - New configuration directive Extra_SearchFilter. By default this filter is (objectclass=*). Example: Uid_Attr CN Extra_SearchFilter "(objectclass=inetOrgPerson)" So, during authentication if the user enter John Doe as user id, the filter (&(objectclass=inetOrgPerson)(CN=John Doe)) will be constructed during the search. Suggested by Jason Lewis. (Sep-30-2005) v3.05 - LDAP_Deref, AuthOnBind,Sub_Dn directives were missing from code for Apache 1.3.x (Mar-17-2005) - auth_on_bind was mistakenly a pointer to char, it should have be an int. (Mar-17-2005) v3.04 * Support for OpenDLAP ldaps:// is added. Turn it on with LDAP_OpenLDAP_Initialize On. If you do that, you must specify the LDAP_server as: LDAP_Server ldaps://ldap.foo.com:636 Also the ldap server name has to be the same fqdn as specified in the server's certificate (look at CN in the Subject in the certificate). It's added as some people run their LDAP server that way. It doesn't give any extra security. Better yet, you can use LDAP_StartTLS On and don't have to modify LDAP_Server. ** Note about SSL with StartTLS and ldaps:// For security perspective, there's no difference. If you start the openldap server with ldaps://, It'll accept connection to a SSL port. On the ther hand with StartTLS, encryption is negotiated over the same standard ldap port, that means you can run plain text and encrypted sessions over the same ldap port. ldaps:// is a hack and not a standard, StartTLS is part of LDAPv3. Reference: http://www.openldap.org/lists/openldap-software/200201/msg00042.html http://www.openldap.org/lists/openldap-software/200206/msg00387.html - If compiled with OpenLDAP and if OpenLDAP SDK is compiled with SSL/TLS support, SSL connection can be made initialized to LDAP with the directive 'LDAP_OpenLDAP_Initialize On'. Thanks to Lars Bohn. (Mar-12-2005) - Added support for Novell C LDAP SDK. configure will detect it automatically. SSL support for Novell SDK is not added yet. (Mar-12-2005) - Filter size is increased to 512 bytes from 256 bytes. (Mar-12-2005)