Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: switching to LDAPS |
|
| Author |
|
rldean10
Joined: 25 Jan 2022
Posts: 2
|
 Posted: Tue 25 Jan '22 22:59 Post subject: switching to LDAPS |
 |
|
Apache version: 2.4.52 x64
operating system: Windows Server 2016
middleman: Java/Tomcat
backend: SQL 2016
Hello, I support an "Apache on Windows" configuration.
Myself, my boss, and our users have all noticed that authentication has recently been running horribly slow. We believe it is isolated to the mod_authn_ntlm module. If you're lucky enough to be authenticated, the the http request/response is quick and snappy.
Furthermore, we've discovered that our IT Department is moving over to LDAPS vs. LDAP. I have the port number and the server FQDN. Example: pool.domain.net:123. IT can supply a certificate, if needed.
My understanding is that the mod_authn_ntlm module is dependent on the mod_ldap component.
Do I need to tell Apache to use a specific server for LDAPS? How do I do this?
Do I configure that in mod_ldap? I don't see anywhere to do this in mod_authn_ntlm.
Also, the article (below) seems to imply that I could use <AuthnProviderAlias> to specify an alternative LDAPs endpoint?
Could you point me to the right documentation?
ref:
https://www.apachelounge.com/viewtopic.php?t=8623
https://github.com/TQsoft-GmbH/mod_authn_ntlm |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7294
Location: Germany, Next to Hamburg
|
| Posted: Wed 26 Jan '22 14:47 Post subject: |
|
|
| LDAPs works out of the box with mod_authn_ntlm |
|
| Back to top |
|
rldean10
Joined: 25 Jan 2022
Posts: 2
|
| Posted: Wed 26 Jan '22 18:48 Post subject: |
|
|
So, I don't have to do anything? When IT cuts off port 389, I don't have to specify any other port, or their new endpoint?
The documentation for mod_authn_ntlm is sparse --- In what way does it use LDAP, and does it automatically detect if ports 389 or 636 are open?
I'm super-worried about this....   |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7294
Location: Germany, Next to Hamburg
|
| Posted: Fri 28 Jan '22 15:30 Post subject: |
|
|
| AFAIK the port is 636 with TLS, not 389. Is that port open? |
|
| Back to top |
|
|
|
|
|
|
