[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: Re: FW: [users@httpd] help on compile 2.2.17 with ldap support
From: Rainer Jung <rainer.jung () kippdata ! de>
Date: 2010-12-30 20:09:29
Message-ID: 4D1CE6F9.7080802 () kippdata ! de
[Download RAW message or body]
Hi David,
I'm not an LDAP expert. I suggest now that it seems the compilation
worked fine and ldao is in place, you start a new discussion thread
about how to use ldap authentication.
Please provide your configuration and th below error messages when
starting that discussion.
Regards,
Rainer
On 30.12.2010 18:10, David Long wrote:
> Hi Rainer,
> I followed those two document and corrected my configuration.
> Now http started fine. But when I hit the restricted folder. I still got error.
> Here is my error_log, parser fine but ldap initialization failed. How do I test my \
> apache ldap function? Or do I need to recompile my apr-util?
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(1010): [293] auth_ldap url \
> parse: `ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)', \
> Host: 128.1.10.243:389, Port: 389, DN: ou=people,dc=lynden,dc=com, attrib: uid, \
> scope: subtree, filter: (objectClass=organizationalPerson), connection mode: not \
> using SSL
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(403): [client 12.171.37.10] \
> [293] auth_ldap authenticate: using URL \
> ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)
>
> [Wed Dec 29 15:37:12 2010] [info] [client 12.171.37.10] [293] auth_ldap \
> authenticate: user dlong authentication failed; URI /EMU [LDAP: ldap initialization \
> failed][Unknown error]
> Thanks
> David Long
>
> -----Original Message-----
> From: Rainer Jung [mailto:rainer.jung@kippdata.de]
> Sent: Tuesday, December 28, 2010 1:19 PM
> To: users@httpd.apache.org
> Subject: Re: FW: [users@httpd] help on compile 2.2.17 with ldap support
>
> On 28.12.2010 20:15, David Long wrote:
> > Hi Rainer,
> > I downloaded apr 1.4.2 and apr-util 1.3.10
> > For apr 1.4.2, I did "configure --prefix=/www/apache2/apr-httpd/"
> > For apr util 1.3.10, I did "configure --prefix=/www/apache2/apr-util-httpd/ \
> > --with-apr=/www/apache2/apr-httpd/ --with-ldap"
> > For httpd-2.2.17
> > configure \
> > "--prefix=/www/apache2" \
> > "--with-apr=/www/apache2/apr-httpd/" \
> > "--with-apr-util=/www/apache2/apr-util-httpd/" \
> > "--enable-so" \
> > "--enable-proxy" \
> > "--enable-ssl" \
> > "--enable-deflate" \
> > "--enable-rewrite" \
> > "--enable-headers" \
> > "--enable-cgid" \
> > "--enable-ldap" \
> > "--enable-authnz-ldap" \
> > "$@"
> >
> > All compiled and installed fine.
> >
> > But I got error when I started http,
> > # bin/apachectl start
> > Syntax error on line 115 of /www/apache2/conf/sites-enabled/www.lynden.com.conf:
> > Invalid command 'LDAP_Server', perhaps misspelled or defined by a module not \
> > included in the server configuration
>
> That's true, there is no configuration directive named "LDAP_Server".
>
> > I had line like "LDAP_Server 128.1.10.243" in config file.
>
> So that is a configuration error.
>
> See
>
> http://httpd.apache.org/docs/2.2/en/mod/mod_ldap.html
>
> and
>
> http://httpd.apache.org/docs/2.2/en/mod/mod_authnz_ldap.html
>
> > I checked "util_ldap.c" is in the httpd -l listing
> > # /www/apache2/bin/httpd -l
> > Compiled in modules:
> > core.c
> > mod_authn_file.c
> > mod_authn_default.c
> > mod_authz_host.c
> > mod_authz_groupfile.c
> > mod_authz_user.c
> > mod_authnz_ldap.c
> > mod_authz_default.c
> > mod_auth_basic.c
> > mod_include.c
> > mod_filter.c
> > mod_deflate.c
> > util_ldap.c
>
> Correct. This is (unfortunately) the name of mod_ldap when compiled in
> statically.
>
> > mod_log_config.c
> > mod_env.c
> > mod_headers.c
> > mod_setenvif.c
> > mod_version.c
> > mod_proxy.c
> > mod_proxy_connect.c
> > mod_proxy_ftp.c
> > mod_proxy_http.c
> > mod_proxy_scgi.c
> > mod_proxy_ajp.c
> > mod_proxy_balancer.c
> > mod_ssl.c
> > prefork.c
> > http_core.c
> > mod_mime.c
> > mod_status.c
> > mod_autoindex.c
> > mod_asis.c
> > mod_cgi.c
> > mod_cgid.c
> > mod_negotiation.c
> > mod_dir.c
> > mod_actions.c
> > mod_userdir.c
> > mod_alias.c
> > mod_rewrite.c
> > mod_so.c
> >
> > But there is no mod_ldap.so module in apache libexec or modules directories
>
> Check the timestamps of the files in the libexec directoy. I expect all
> of them are older than the installation and they do not belong to your
> new installation. You compiled the modules staticaly, so they are built
> into the httpd binary, not as separate loadable module files. By default
> Apache installs all modules into a directory named modules. The name
> "libexec" was used long ago only for Apache 1.3 (and older). The modules
> below are not for Apache 1.3 but might be left overs from some other
> Apche 2.0 installation (e.g. mod_perl and mod_auth_gs do not come
> bundled with Apache).
>
> > # ls /www/apache2/libexec
> > httpd.exp mod_dir.so mod_proxy.so
> > mod_access.so mod_disk_cache.so mod_proxy_connect.so
> > mod_actions.so mod_env.so mod_proxy_ftp.so
> > mod_alias.so mod_expires.so mod_proxy_http.so
> > mod_asis.so mod_ext_filter.so mod_rewrite.so
> > mod_auth.so mod_file_cache.so mod_setenvif.so
> > mod_auth_anon.so mod_headers.so mod_speling.so
> > mod_auth_dbm.so mod_imap.so mod_ssl.so
> > mod_auth_digest.so mod_include.so mod_status.so
> > mod_auth_gss.so mod_info.so mod_suexec.so
> > mod_autoindex.so mod_log_config.so mod_unique_id.so
> > mod_cache.so mod_log_forensic.so mod_userdir.so
> > mod_cern_meta.so mod_mem_cache.so mod_usertrack.so
> > mod_cgi.so mod_mime.so mod_version.so
> > mod_dav.so mod_mime_magic.so mod_vhost_alias.so
> > mod_dav_fs.so mod_negotiation.so
> > mod_deflate.so mod_perl.so
> >
> > Can you or someone tell me what is missing?
>
> I'd say nothing is missing, but your configuration is wrong.
>
> Regards,
>
> Rainer
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic