'Re: FW: [users@httpd] help on compile 2.2.17 with ldap support'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-users
Subject:    Re: FW: [users@httpd] help on compile 2.2.17 with ldap support
From:       Rainer Jung <rainer.jung () kippdata ! de>
Date:       2010-12-30 20:09:29
Message-ID: 4D1CE6F9.7080802 () kippdata ! de
[Download RAW message or body]

Hi David,

I'm not an LDAP expert. I suggest now that it seems the compilation 
worked fine and ldao is in place, you start a new discussion thread 
about how to use ldap authentication.

Please provide your configuration and th below error messages when 
starting that discussion.

Regards,

Rainer

On 30.12.2010 18:10, David Long wrote:
> Hi Rainer,
> I followed those two document and corrected my configuration.
> Now http started fine. But when I hit the restricted folder. I still got error.
> Here is my error_log, parser fine but ldap initialization failed. How do I test my \
> apache ldap function? Or do I need to recompile my apr-util? 
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(1010): [293] auth_ldap url \
> parse: `ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)', \
> Host: 128.1.10.243:389, Port: 389, DN: ou=people,dc=lynden,dc=com, attrib: uid, \
> scope: subtree, filter: (objectClass=organizationalPerson), connection mode: not \
>                 using SSL
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(403): [client 12.171.37.10] \
> [293] auth_ldap authenticate: using URL \
> ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)
>                 
> [Wed Dec 29 15:37:12 2010] [info] [client 12.171.37.10] [293] auth_ldap \
> authenticate: user dlong authentication failed; URI /EMU [LDAP: ldap initialization \
> failed][Unknown error] 
> Thanks
> David Long
> 
> -----Original Message-----
> From: Rainer Jung [mailto:rainer.jung@kippdata.de]
> Sent: Tuesday, December 28, 2010 1:19 PM
> To: users@httpd.apache.org
> Subject: Re: FW: [users@httpd] help on compile 2.2.17 with ldap support
> 
> On 28.12.2010 20:15, David Long wrote:
> > Hi Rainer,
> > I downloaded apr 1.4.2 and apr-util 1.3.10
> > For apr 1.4.2, I did "configure --prefix=/www/apache2/apr-httpd/"
> > For apr util 1.3.10, I did "configure --prefix=/www/apache2/apr-util-httpd/ \
> > --with-apr=/www/apache2/apr-httpd/ --with-ldap" 
> > For httpd-2.2.17
> > configure \
> > "--prefix=/www/apache2" \
> > "--with-apr=/www/apache2/apr-httpd/" \
> > "--with-apr-util=/www/apache2/apr-util-httpd/" \
> > "--enable-so" \
> > "--enable-proxy" \
> > "--enable-ssl" \
> > "--enable-deflate" \
> > "--enable-rewrite" \
> > "--enable-headers" \
> > "--enable-cgid" \
> > "--enable-ldap" \
> > "--enable-authnz-ldap" \
> > "$@"
> > 
> > All compiled and installed fine.
> > 
> > But I got error when I started http,
> > # bin/apachectl start
> > Syntax error on line 115 of /www/apache2/conf/sites-enabled/www.lynden.com.conf:
> > Invalid command 'LDAP_Server', perhaps misspelled or defined by a module not \
> > included in the server configuration
> 
> That's true, there is no configuration directive named "LDAP_Server".
> 
> > I had line like "LDAP_Server 128.1.10.243" in config file.
> 
> So that is a configuration error.
> 
> See
> 
> http://httpd.apache.org/docs/2.2/en/mod/mod_ldap.html
> 
> and
> 
> http://httpd.apache.org/docs/2.2/en/mod/mod_authnz_ldap.html
> 
> > I checked "util_ldap.c" is in the httpd -l listing
> > # /www/apache2/bin/httpd -l
> > Compiled in modules:
> > core.c
> > mod_authn_file.c
> > mod_authn_default.c
> > mod_authz_host.c
> > mod_authz_groupfile.c
> > mod_authz_user.c
> > mod_authnz_ldap.c
> > mod_authz_default.c
> > mod_auth_basic.c
> > mod_include.c
> > mod_filter.c
> > mod_deflate.c
> > util_ldap.c
> 
> Correct. This is (unfortunately) the name of mod_ldap when compiled in
> statically.
> 
> > mod_log_config.c
> > mod_env.c
> > mod_headers.c
> > mod_setenvif.c
> > mod_version.c
> > mod_proxy.c
> > mod_proxy_connect.c
> > mod_proxy_ftp.c
> > mod_proxy_http.c
> > mod_proxy_scgi.c
> > mod_proxy_ajp.c
> > mod_proxy_balancer.c
> > mod_ssl.c
> > prefork.c
> > http_core.c
> > mod_mime.c
> > mod_status.c
> > mod_autoindex.c
> > mod_asis.c
> > mod_cgi.c
> > mod_cgid.c
> > mod_negotiation.c
> > mod_dir.c
> > mod_actions.c
> > mod_userdir.c
> > mod_alias.c
> > mod_rewrite.c
> > mod_so.c
> > 
> > But there is no mod_ldap.so module in apache libexec or modules directories
> 
> Check the timestamps of the files in the libexec directoy. I expect all
> of them are older than the installation and they do not belong to your
> new installation. You compiled the modules staticaly, so they are built
> into the httpd binary, not as separate loadable module files. By default
> Apache installs all modules into a directory named modules. The name
> "libexec" was used long ago only for Apache 1.3 (and older). The modules
> below are not for Apache 1.3 but might be left overs from some other
> Apche 2.0 installation (e.g. mod_perl and mod_auth_gs do not come
> bundled with Apache).
> 
> > # ls /www/apache2/libexec
> > httpd.exp             mod_dir.so            mod_proxy.so
> > mod_access.so         mod_disk_cache.so     mod_proxy_connect.so
> > mod_actions.so        mod_env.so            mod_proxy_ftp.so
> > mod_alias.so          mod_expires.so        mod_proxy_http.so
> > mod_asis.so           mod_ext_filter.so     mod_rewrite.so
> > mod_auth.so           mod_file_cache.so     mod_setenvif.so
> > mod_auth_anon.so      mod_headers.so        mod_speling.so
> > mod_auth_dbm.so       mod_imap.so           mod_ssl.so
> > mod_auth_digest.so    mod_include.so        mod_status.so
> > mod_auth_gss.so       mod_info.so           mod_suexec.so
> > mod_autoindex.so      mod_log_config.so     mod_unique_id.so
> > mod_cache.so          mod_log_forensic.so   mod_userdir.so
> > mod_cern_meta.so      mod_mem_cache.so      mod_usertrack.so
> > mod_cgi.so            mod_mime.so           mod_version.so
> > mod_dav.so            mod_mime_magic.so     mod_vhost_alias.so
> > mod_dav_fs.so         mod_negotiation.so
> > mod_deflate.so        mod_perl.so
> > 
> > Can you or someone tell me what is missing?
> 
> I'd say nothing is missing, but your configuration is wrong.
> 
> Regards,
> 
> Rainer

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic