Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Building httpd with ldap and ssl and using mod_authnz_ldap |
|
Author |
|
Shaggy1
Joined: 30 Jul 2020 Posts: 11
|
Posted: Thu 30 Jul '20 19:41 Post subject: Building httpd with ldap and ssl and using mod_authnz_ldap |
|
|
Hi
System info:
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.4 (Santiago)
uname -a
Linux lb-cam-bca-13 2.6.32-642.15.1.el6.x86_64 #1 SMP Fri Feb 24 14:31:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
httpd -version
Server version: Apache/2.4.25 (Unix)
Server built: Jun 27 2017 16:23:25
gcc --version
gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-17)
---------------------------------------------
I have installed a local version of apache 2.4 on my rhel 6 machine and is currently up and running fine.
However I now wish to enable ldap support on it and so initially tried to configure using the following:
./configure --prefix=/lb-cam-bca-13/usr/local/apache --with-included-apr --enable-ldap --enable-authnz-ldap --enable-ssl --enable-so --with-ldap
which seems to configure ok, but when I try to build I get the following errors:
gcc -std=gnu99 -g -O2 -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I. -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/os/unix -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/include -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr/include -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr-util/include -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/aaa -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/cache -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/core -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/database -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/filters -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/ldap -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/loggers -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/lua -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/proxy -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/session -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/ssl -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/test -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/server -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/arch/unix -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/dav/main -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/generators -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/mappers -c /lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/server/buildmark.c
/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr/libtool --silent --mode=link gcc -std=gnu99 -g -O2 -pthread -o httpd modules.lo buildmark.o -export-dynamic server/libmain.la modules/core/libmod_so.la modules/http/libmod_http.la server/mpm/event/libevent.la os/unix/libos.la -lpcre /lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr-util/libaprutil-1.la -lexpat /lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr/libapr-1.la -lrt -lcrypt -lpthread
server/.libs/libmain.a(exports.o).data+0x2758): undefined reference to `apr_ldap_ssl_init'
server/.libs/libmain.a(exports.o).data+0x2760): undefined reference to `apr_ldap_ssl_deinit'
server/.libs/libmain.a(exports.o).data+0x2768): undefined reference to `apr_ldap_init'
server/.libs/libmain.a(exports.o).data+0x2770): undefined reference to `apr_ldap_info'
server/.libs/libmain.a(exports.o).data+0x2778): undefined reference to `apr_ldap_get_option'
server/.libs/libmain.a(exports.o).data+0x2780): undefined reference to `apr_ldap_set_option'
server/.libs/libmain.a(exports.o).data+0x2788): undefined reference to `apr_ldap_rebind_init'
server/.libs/libmain.a(exports.o).data+0x2790): undefined reference to `apr_ldap_rebind_add'
server/.libs/libmain.a(exports.o).data+0x2798): undefined reference to `apr_ldap_rebind_remove'
server/.libs/libmain.a(exports.o).data+0x27a0): undefined reference to `apr_ldap_is_ldap_url'
server/.libs/libmain.a(exports.o).data+0x27a8): undefined reference to `apr_ldap_is_ldaps_url'
server/.libs/libmain.a(exports.o).data+0x27b0): undefined reference to `apr_ldap_is_ldapi_url'
server/.libs/libmain.a(exports.o).data+0x27b8): undefined reference to `apr_ldap_url_parse_ext'
server/.libs/libmain.a(exports.o).data+0x27c0): undefined reference to `apr_ldap_url_parse'
collect2: ld returned 1 exit status
make[1]: *** [httpd] Error 1
make[1]: Leaving directory `/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25'
make: *** [all-recursive] Error 1
Anyone know whether I should be able to build httpd with ldap and ssl using the included apr ? And if so what runes I need to dos ?
Thinking that may be the included apr either does not support ldap or is in someway not comptible with my version of gcc thought I'd try building apr and apr-util from scratch and use --with directives to include then in the httpd build. This seemed to build ok, but when trying to run apache I get a link error.
I did the following:
download and unpack apr-1.7.0
download and unpack apr-util-1.6.1
# confgire apr-1.7.0 and build it
Code: | $ cd apr/apr-1.7.0
./configure --prefix=/lb-cam-bca-13/usr/local/apache
make
make install |
# configure apr-util-1.6.1 and build it
Code: | $ ./configure --with-crypto --with-ldap=ldap --with-openssl --with-mysql --with-apr=../../apr/apr-1.7.0 --enable-so
make
make install |
# configure and build httpd
Code: | $ ./configure --prefix=/lb-cam-bca-13/usr/local/apache --with-apr=../apr/apr-1.7.0 --with-apr-util=../aprutil/apr-util-1.6.1 --with-ldap --enable-authnz-ldap --enable-so --enable-ssl --enable-md --enable-log-forensic
make install |
# enable load module in httpd.conf
LoadModule mod_authnz_ldap modules/mod_authnz_ldap.so
# ready to start apache
Code: | $ apachectl stop
# syntax error
httpd: Syntax error on line 74 of /lb-cam-bca-13/usr/local/apache/conf/httpd.conf: Can't locate API module structure `mod_authnz_ldap' in file /lb-cam-bca-13/usr/local/apache/modules/mod_authnz_ldap.so: /lb-cam-bca-13/usr/local/apache/modules/mod_authnz_ldap.so: undefined symbol: mod_authnz_ldap |
Anyone any idea why this link error is occuring? Does anyone know even where the symbol should be got from - I cannot seem to find it in the binaries or (as a function) in the source files ? |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7374 Location: Germany, Next to Hamburg
|
Posted: Fri 31 Jul '20 11:15 Post subject: |
|
|
I didn't compiled apache with ldap support so far before, but you need to set the path in the configure
e.g.
Code: |
--with-ldap-include=/opt/lib/openldap-2.4.45/include --with-ldap-lib=/opt/lib/openldap-2.4.45/lib --with-crypto --with-ldap --enable-authnz-ldap |
and you script doesn't find openssl lib. You can set that using export for the compiler flags.
Code: |
./buildconf
export LD_LIBRARY_PATH=~/apache24/httpd-2.4.43/srclib/apr:${LD_LIBRARY_PATH}
export LDFLAGS="-Wl,-rpath,/opt/openssl/lib"
./configure --prefix=/opt/apache2 --enable-pie ......
|
|
|
Back to top |
|
Shaggy1
Joined: 30 Jul 2020 Posts: 11
|
Posted: Wed 05 Aug '20 10:09 Post subject: |
|
|
Thank you for the reply.
I tried building a local version of ldap and openssl then explicitly specifying locations for ldap lib and include. Again all built fine, but I am still seeing the error. For completeness below is whta I did:
# openssl
Code: | $ cd openssl-1.0.2o
./configure --prefix=/lb-cam-bca-13/usr/local/apache
make
make install |
#ldap
Code: | $ cd ldap/openldap-2.4.50
./configure --prefix=/lb-cam-bca-13/usr/local/ldap --with-tls=openssl
make depend
make
make install |
# apr
Code: | $ cd apache/apr/apr-1.7.0
./configure --prefix=/lb-cam-bca-13/usr/local/apache
make
make install |
#apr-util
Code: | $ cd apache/aprutil/apr-util-1.6.1
./configure --with-crypto --with-ldap=ldap --with-openssl=/lb-cam-bca-13/usr/local/src/openssl-1.0.2o --with-mysql --with-apr=../../apr/apr-1.7.0 --with-ldap-include=/lb-cam-bca-13/usr/local/src/ldap/openldap-2.4.50/include --with-ldap-lib=/lb-cam-bca-13/usr/local/ldap/lib
make
make install |
# httpd
Code: | $ ./configure --prefix=/lb-cam-bca-13/usr/local/apache --with-openssl=/lb-cam-bca-13/usr/local/src/openssl-1.0.2o --with-apr=../apr/apr-1.7.0 --with-apr-util=../aprutil/apr-util-1.6.1 --with-ldap-include=/lb-cam-bca-13/usr/local/src/ldap/openldap-2.4.50/include --with-ldap-lib=/lb-cam-bca-13/usr/local/ldap/lib --enable-authnz-ldap --enable-so --enable-ssl --enable-md --enable-log-forensic
make
make install |
I have noticed during my searches that the error I am seeing is the same as one that is seen when the .so modules do not exist, which may mean that apache is not looking for the modules where I think it should be.
Does anyone know how I can get apache to output exactly where it is looking for the modules ?
Does anyone know where I can explicitly tell it where to look for the modules ? (As I understood it this was defined by the ServerRoot directive, but I guess that may not be the case, or maybe I have somehow inadvertently overridden it in my config file). |
|
Back to top |
|
Shaggy1
Joined: 30 Jul 2020 Posts: 11
|
Posted: Wed 05 Aug '20 11:12 Post subject: |
|
|
OK - it seems I was using the wrong name in the LoadModule directive.
The LoadModule line that I put in:
Code: | LoadModule mod_authnz_ldap modules/mod_authnz_ldap.so |
should be:
Code: | LoadModule authnz_ldap_module modules/mod_authnz_ldap.so |
Then it works. Clearly it was looking for mod_authnz_ldap in some table somewhere and not finding it.
Using the correct name it seems to be loading (though I have not tried actually using it) |
|
Back to top |
|
glsmith Moderator
Joined: 16 Oct 2007 Posts: 2268 Location: Sun Diego, USA
|
Posted: Wed 05 Aug '20 20:50 Post subject: |
|
|
Just a side note, when in doubt you can find these inside the module source itself, just look for
AP_DECLARE_MODULE(authnz_ldap)
and add _module at the end. |
|
Back to top |
|
|
|
|
|
|