AW: Can't activate LDAPS support in my OpenSSL 1.0.2g/OpenLDAP 2.4.44/Apache 2.4.18/PHP 5.6.20 combination
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: "users@xxxxxxxxxxxxxxxx" <users@xxxxxxxxxxxxxxxx>
- Subject: AW: Can't activate LDAPS support in my OpenSSL 1.0.2g/OpenLDAP 2.4.44/Apache 2.4.18/PHP 5.6.20 combination
- From: "Poggenpohl, Daniel" <daniel.poggenpohl@xxxxxxxxxxxxxxxx>
- Date: Fri, 15 Apr 2016 13:06:59 +0000
- Accept-language: de-DE, en-US
- In-reply-to: <18A3A75A149A1C4F89705973ED81137911D3DADF@Ymir.buerokommunikation.fernuni-hagen.de>
- Ironport-phdr: 9a23:b0lcNRLv8Lvsfh8ZbtmcpTZWNBhigK39O0sv0rFitYgUI/7xwZ3uMQTl6Ol3ixeRBMOAu6IC1rWd6vG8EUU7or+/81k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i760zceF13FOBZvIaytQ8iJ35Txir/5osyPKyxzxxODIppKZC2sqgvQssREyaBDEY0WjiXzn31TZu5NznlpL1/A1zz158O34YIxu38I46FppIZ8VvCwYr81V6dwDCg6K2xz7dXivhnOCwyV6TFUBngNnwBTKwjZ8An2GJ7puyD6u6x6wibMbuPsSrVhEwyl4KhmTgfviCNDfxIw9mDajoY42K5SphOso1pnxIHbbYeNM/p6Vq3QZ9UHQ2sEXs9eWioHDo7qPNhHNPYIIesN99q1nFAJtxbrXQQ=
- Reply-to: users@xxxxxxxxxxxxxxxx
- Thread-index: AdGWWRQCIM2pEhRzRySUSRAnrab5cgADKYuAAAWl0PsAACM+a///4fsAgAADfgD//xhiMP/+EoPA//vidTA=
- Thread-topic: Can't activate LDAPS support in my OpenSSL 1.0.2g/OpenLDAP 2.4.44/Apache 2.4.18/PHP 5.6.20 combination
Hello again,
To use OpenLDAP instead of the Solaris implementation I just had to configure curl like this:
CURLDIR=/moodle/curl/7.48.0 \
OPENSSLDIR=/moodle/openssl/1.0.2g \
OPENLDAPDIR=/moodle/openldap/2.4.44 \
; \
export \
CFLAGS= \
CPPFLAGS="-I$OPENLDAPDIR/include -I$OPENSSLDIR/include" \
LDFLAGS="-L$OPENLDAPDIR/lib -L$OPENSSLDIR/lib -R$OPENLDAPDIR/lib -R$OPENSSLDIR/lib" \
PKG_CONFIG_PATH="$OPENSSLDIR/lib/pkgconfig" \
; \
./configure --prefix=$CURLDIR \
>curl-7480-configure.out 2>&1
I didn't need any other switches from the "--with-ldap" ones.
I then had to recompile my PHP 5.6.20 using this configure to use my own curl (and ldap, openssl, and iconv because we need to be able to search for Umlauts):
APACHEDIR=/moodle/apache2/2.4.18 \
POSTGRESDIR=/usr/postgres/9.3-pgdg \
PHPDIR=/moodle/php/5.6.20 \
CURLDIR=/moodle/curl/7.48.0 \
OPENLDAPDIR=/moodle/openldap/2.4.44 \
OPENSSLDIR=/moodle/openssl/1.0.2g \
ICONVDIR=/usr/local
; \
export PKG_CONFIG_PATH=$OPENSSLDIR/lib/pkgconfig \
CFLAGS="-std=gnu99" \
CPPFLAGS="-I$CURLDIR/include -I$OPENLDAPDIR/include -I$OPENSSLDIR/include -I$ICONVDIR/include" \
LDFLAGS="-L$CURLDIR/lib -L$OPENLDAPDIR/lib -L$OPENSSLDIR/lib -L$ICONVDIR/lib -R$CURLDIR/lib -R$OPENLDAPDIR/lib -R$OPENSSLDIR/lib -R$ICONVDIR/lib" \
; \
./configure --prefix=$PHPDIR --with-config-file-path=$PHPDIR \
--enable-mbstring --enable-soap --enable-zip --enable-opcache \
--without-sqlite3 --without-pdo-sqlite \
--with-pgsql=$POSTGRESDIR --with-pdo-pgsql=$POSTGRESDIR \
--with-apxs2=$APACHEDIR/bin/apxs \
--with-gd --with-xmlrpc --with-zlib --with-mcrypt \
--with-curl=$CURLDIR \
--with-ldap=$OPENLDAPDIR \
--with-openssl=$OPENSSLDIR --with-jpeg-dir=$PHPDIR/jpeg \
--with-iconv=$ICONVDIR \
>php-5620-configure.out 2>&1
In the end, everything seems to work right now. If it doesn't crash and burn...
I'll think about installing everything I self-compile (apart from apache and php) to /usr/local, because somehow it seems that would make things a lot easier...
Any thoughts on that?
Regards,
Daniel P.
-----Ursprüngliche Nachricht-----
Von: Poggenpohl, Daniel [mailto:daniel.poggenpohl@xxxxxxxxxxxxxxxx]
Gesendet: Freitag, 15. April 2016 13:22
An: users@xxxxxxxxxxxxxxxx
Betreff: AW: Can't activate LDAPS support in my OpenSSL 1.0.2g/OpenLDAP 2.4.44/Apache 2.4.18/PHP 5.6.20 combination
Hello again,
after fixing the rpaths in my binaries/libraries for Postgres and the curl that was used during runtime (prepended /moodle/openssl/latest/lib), which wasn't /usr/bin/curl, but /usr/local/bin/curl... I could finally remove the OpenSSL path from LD_LIBRARY_PATH.
Doing the same with OpenLDAP however doesn't work because all involved binaries and libraries (php, libphp5.so, curl, libcurl, ...) point to libldap.so.5 (which seems to be Solaris specific).
When I put a softlink in my OpenLDAP libs dir libldap.so.5 ->libldap.so and ldd the binaries, the found library doesn't contain the defined Solaris SUNW5_1 interface definition, so I'd rather not use something that produces such errors/warnings.
So the next step is to try to make both programs point to OpenLDAP 2.4.44 instead of Solaris libldap.so.5 ...which, as far as I know, only works by recompiling.
Any thoughts?
Regards,
Daniel P.
-----Ursprüngliche Nachricht-----
Von: Poggenpohl, Daniel [mailto:daniel.poggenpohl@xxxxxxxxxxxxxxxx]
Gesendet: Freitag, 15. April 2016 08:53
An: users@xxxxxxxxxxxxxxxx; users@xxxxxxxxxxxxxxxx
Betreff: AW: Can't activate LDAPS support in my OpenSSL 1.0.2g/OpenLDAP 2.4.44/Apache 2.4.18/PHP 5.6.20 combination
Good Morning,
thanks, I will try out what you people have suggested. Will report back, hopefully...
Regards,
Daniel P.
-----Ursprüngliche Nachricht-----
Von: Rainer Jung [mailto:rainer.jung@xxxxxxxxxxx]
Gesendet: Donnerstag, 14. April 2016 21:04
An: users@xxxxxxxxxxxxxxxx
Betreff: Re: Can't activate LDAPS support in my OpenSSL 1.0.2g/OpenLDAP 2.4.44/Apache 2.4.18/PHP 5.6.20 combination
Am 14.04.2016 um 20:51 schrieb Rainer Jung:
> Am 14.04.2016 um 20:39 schrieb Poggenpohl, Daniel:
>> Hello,
>>
>> I just realized that this may not be the problem, but the plugin
>> architecture is. I would have to check all modules in Apache and all
>> extensions in PHP for dependencies to see all involved dependencies,
>> wouldn't I?
>
> On Solaris "pldd" is your friend. It works on a running process, so also
> shows shared objects loaded programattically via dlopen() etc. like
> Apache modules or PHP extensions.
And yet another debug attempt is looking at "man ld.so.1", setting
LD_DEBUG. The possible settings can be seen by running e.g.
LD_DEBUG=help ANYCOMMAND
in any shell that supports that way of setting an env var for a command
(like sh or ksh) and ANYCOMMAND can be anything that is not a shell
builtin (e.g. you can use again "sh").
Symbol resolution should be trackable with LD_DEBUG=symbols, but it will
give LOTS of output. Probably it helps to start Apache in single process
mode (-X). The output of the debug flag can be written to a file whose
name is given by the LD_DEBUG_OUTPUT env var (again see "man ld.so.1").
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
�B�KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB����[��X��ܚX�K��K[XZ[
��\�\��][��X��ܚX�P�����
�\�X��K�ܙ�B��܈�Y��]�[ۘ[����[X[�����K[XZ[
��\�\��Z�[�������
�\�X��K�ܙ�B
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
