Re: [users@httpd] Help building mod_auth_ldap.o against the netscape/mozilla SDK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Marc,

It's been a few weeks, so I'm going over my set of docs and hopefully I
didn't miss anything...

a) Make sure the SDK works if you compiled it.  I did compiled the
Mozilla SDK under RedHat but used a binary distribution for Solaris
(oddly enough made by RedHat - http://ftp.redhat.com/pub/redhat/ldapsdk/ )

b) Patch srclib/apr-util/includes/apr_ldap.h.in to enable Mozilla's SDK

c) Patch modules/experimental/util_ldap.c to implement TIMEOUT when
using the Mozilla SDK

d) Make sure you set up LD_LIBRARY_PATH or set up crle (under Solaris)
or ld.conf (linux) to include the SDK location (I use /usr/local/ldapsdk5)

e) Use the following config:

    ./configure --prefix=/usr/local/apache2 \
    --with-perl=/usr/local/bin/perl \
    --with-berkeley-db=/usr/local/BerkeleyDB.4.3 \
    --with-ssl=/usr/local/ssl -with-dbm=db43 \
    --with-ldap \
    --with-ldap-lib=/usr/local/ldapsdk5/lib \
    --with-ldap-include=/usr/local/ldapsdk5/include \
    --enable-auth-ldap --enable-ldap --enable-ssl \
    --enable-mods-shared=most

Adjust the above as needed (ie if you don't use Berkeley DB).  About the
warning, I also got it, but it still compiled. 
Note sure if you typed it back or you actually had a typo when running
configure:

    --with-ldap-lib=h-ldap-include=/usr/include/mozilla-1.7.12/ldap

Should be (besides the typo, check to make sure the libs are in ./lib
and headers in ./include):

    --with-ldap-lib=/usr/include/mozilla-1.7.12/ldap/lib \
    --with-ldap-include=/usr/include/mozilla-1.7.12/ldap/include

Note that there's a patch to util_ldap.c that was backported to v2.0.55,
but not sure if my patch for TIMEOUT or the other one to enable the SDK
would work.

Ricardo.

Marc Boorshtein wrote:

> Thanks Ricardo, I'm getting closer but am still having a problem. 
> I've tried compiling against netscape, sun and mozilla and every time
> I run configure I get the following warning:
>
> checking for ldap_init in -lldap... yes
>   setting APRUTIL_EXPORT_LIBS to "-lldap -llber"
>   setting APRUTIL_LIBS to "-lldap -llber"
> checking for ldapssl_install_routines in -lldap... no
> checking for ldap_start_tls_s in -lldap... yes
> checking for ber_init in -llber... yes
> checking lber.h usability... yes
> checking lber.h presence... yes
> checking for lber.h... yes
> checking for ldap.h... yes
> checking ldap_ssl.h usability... no
> checking ldap_ssl.h presence... yes
> configure: WARNING: ldap_ssl.h: present but cannot be compiled
> configure: WARNING: ldap_ssl.h:     check for missing prerequisite
> headers?
> configure: WARNING: ldap_ssl.h: see the Autoconf documentation
> configure: WARNING: ldap_ssl.h:     section "Present But Cannot Be
> Compiled"
> configure: WARNING: ldap_ssl.h: proceeding with the preprocessor's result
> configure: WARNING: ldap_ssl.h: in the future, the compiler will take
> precedence
> configure: WARNING:     ## ------------------------------------------ ##
> configure: WARNING:     ## Report this to the AC_PACKAGE_NAME lists.  ##
> configure: WARNING:     ## ------------------------------------------ ##
> checking for ldap_ssl.h... yes
>
> When I then try to compile I get an error about TLS not being
> present.  Is there something specific I need to do?  Here's my configure:
>
> ./configure --enable-mods-shared=all --with-ldap 
> --with-ldap-lib=h-ldap-include=/usr/include/mozilla-1.7.12/ldap
> --enable-ldap --enable-auth-ldap --with-ssl --enable-so
>
> Thanks
>
> Marc
>
> On 9/30/05, *Ricardo M. Stella* <stella@xxxxxxxxx
> <mailto:stella@xxxxxxxxx>> wrote:
>
>
>
>     > Hello all,
>     >
>     > I'm trying to build the mod_ldap and mod_auth_ldap modules on
>     fedora core
>     > 4
>     > and am running into some issues. These are the steps I took:
>     >
>     > 1. download and extract httpd-2.0.54 source
>     > 2. copy the netscape sdk to srclib/ldap
>     > 3; run "./configure --enable-ldap --enable-auth-ldap"
>     > 4. run "make"
>     >
>     > When it gets to the mod_ldap and mod_auth_ldap modules it looks
>     as if it
>     > can't find the netscape libraries. Here is the compilation command:
>     >
>
>     First, afaik, you need to give configure the '--with-ldap' option
>     or else
>     it won't even look into it...
>
>     There's a bug in the build of mod_ldap that never looks for the
>     netscape
>     SDK and only tries to build with openldap (hence it fails).
>
>     I just posted a fix for this to the list 3 days ago.  I also
>     included a
>     patch so TIMEOUT is also implemented when using the sdk.
>
>     Note that I had no luck with Sun's released SDK ( 5.06).  I did
>     compile
>     Mozilla's latest version (5.14 or 5.16 - can't remember) and it
>     works fine
>     (New version of Mozilla's sdk do include ssl functionality now).
>
>     Basically, to get it to use, look for:
>
>     srclib/apr-util/includes/arp_ldap.h.in
>
>     Search for:
>
>     /* FIXME: remove this when above code works.  Default to build with
>     * OpenLDAP until apu-conf.m4 support exists */
>     #define APR_HAS_OPENLDAP_LDAPSDK 1
>     #define APR_HAS_LDAP_SSL 1
>
>     And change it to:
>
>     /* FIXME: remove this when above code works.  Default to build with
>     * OpenLDAP until apu-conf.m4 support exists */
>     #define APR_HAS_OPENLDAP_LDAPSDK 0
>     #define APR_HAS_NETSCAPE_LDAPSDK 1
>     #define APR_HAS_LDAP_SSL 1
>
>     Building against the Netscape/Sun/Mozilla sdk, allows you to do
>     failover.
>     But you need to have the TIMEOUT patch in, or else if one of the ldap
>     servers is down (no response) it'll never failover...
>
>     There are other patches pending for next release 2.0.55 but these I
>     mention are not in (AFAIK).
>
>     Finally, try to give it a little bit of more options, to help it
>     find stuff:
>
>     ./configure --with-ldap \
>     --with-ldap-lib=/usr/local/ldapsdk5/lib \
>     --with-ldap-include=/usr/local/ldapsdk5/include \
>     --enable-auth-ldap \
>     --enable-ldap \
>     ...
>
>

-- 

°(((=((===°°°(((===========================================


begin:vcard
fn:Ricardo Stella
n:Stella;Ricardo
org:Rider University
adr;dom:;;2083 Lawrenceville Rd;Lawrenceville;NJ;08648
version:2.1
end:vcard



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux