logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: switching to LDAPS
Author
rldean10



Joined: 25 Jan 2022
Posts: 2

PostPosted: Tue 25 Jan '22 22:59    Post subject: switching to LDAPS Reply with quote

Apache version: 2.4.52 x64
operating system: Windows Server 2016
middleman: Java/Tomcat
backend: SQL 2016

Hello, I support an "Apache on Windows" configuration.

Myself, my boss, and our users have all noticed that authentication has recently been running horribly slow. We believe it is isolated to the mod_authn_ntlm module. If you're lucky enough to be authenticated, the the http request/response is quick and snappy.

Furthermore, we've discovered that our IT Department is moving over to LDAPS vs. LDAP. I have the port number and the server FQDN. Example: pool.domain.net:123. IT can supply a certificate, if needed.

My understanding is that the mod_authn_ntlm module is dependent on the mod_ldap component.

Do I need to tell Apache to use a specific server for LDAPS? How do I do this?

Do I configure that in mod_ldap? I don't see anywhere to do this in mod_authn_ntlm.

Also, the article (below) seems to imply that I could use <AuthnProviderAlias> to specify an alternative LDAPs endpoint?

Could you point me to the right documentation?


ref:
https://www.apachelounge.com/viewtopic.php?t=8623
https://github.com/TQsoft-GmbH/mod_authn_ntlm
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Wed 26 Jan '22 14:47    Post subject: Reply with quote

LDAPs works out of the box with mod_authn_ntlm
Back to top
rldean10



Joined: 25 Jan 2022
Posts: 2

PostPosted: Wed 26 Jan '22 18:48    Post subject: Reply with quote

So, I don't have to do anything? When IT cuts off port 389, I don't have to specify any other port, or their new endpoint?

The documentation for mod_authn_ntlm is sparse --- In what way does it use LDAP, and does it automatically detect if ports 389 or 636 are open?

I'm super-worried about this.... Confused Shocked
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Fri 28 Jan '22 15:30    Post subject: Reply with quote

AFAIK the port is 636 with TLS, not 389. Is that port open?
Back to top


Reply to topic   Topic: switching to LDAPS View previous topic :: View next topic
Post new topic   Forum Index -> Apache