Hi David,I'm not an LDAP expert. I suggest now that it seems the compilation worked fine and ldao is in place, you start a new discussion thread about how to use ldap authentication.
Please provide your configuration and th below error messages when starting that discussion.
Regards, Rainer On 30.12.2010 18:10, David Long wrote:
Hi Rainer, I followed those two document and corrected my configuration. Now http started fine. But when I hit the restricted folder. I still got error. Here is my error_log, parser fine but ldap initialization failed. How do I test my apache ldap function? Or do I need to recompile my apr-util? [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(1010): [293] auth_ldap url parse: `ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)', Host: 128.1.10.243:389, Port: 389, DN: ou=people,dc=lynden,dc=com, attrib: uid, scope: subtree, filter: (objectClass=organizationalPerson), connection mode: not using SSL [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(403): [client 12.171.37.10] [293] auth_ldap authenticate: using URL ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson) [Wed Dec 29 15:37:12 2010] [info] [client 12.171.37.10] [293] auth_ldap authenticate: user dlong authentication failed; URI /EMU [LDAP: ldap initialization failed][Unknown error] Thanks David Long -----Original Message----- From: Rainer Jung [mailto:rainer.jung@xxxxxxxxxxx] Sent: Tuesday, December 28, 2010 1:19 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: FW: help on compile 2.2.17 with ldap support On 28.12.2010 20:15, David Long wrote:Hi Rainer, I downloaded apr 1.4.2 and apr-util 1.3.10 For apr 1.4.2, I did "configure --prefix=/www/apache2/apr-httpd/" For apr util 1.3.10, I did "configure --prefix=/www/apache2/apr-util-httpd/ --with-apr=/www/apache2/apr-httpd/ --with-ldap" For httpd-2.2.17 configure \ "--prefix=/www/apache2" \ "--with-apr=/www/apache2/apr-httpd/" \ "--with-apr-util=/www/apache2/apr-util-httpd/" \ "--enable-so" \ "--enable-proxy" \ "--enable-ssl" \ "--enable-deflate" \ "--enable-rewrite" \ "--enable-headers" \ "--enable-cgid" \ "--enable-ldap" \ "--enable-authnz-ldap" \ "$@" All compiled and installed fine. But I got error when I started http, # bin/apachectl start Syntax error on line 115 of /www/apache2/conf/sites-enabled/www.lynden.com.conf: Invalid command 'LDAP_Server', perhaps misspelled or defined by a module not included in the server configurationThat's true, there is no configuration directive named "LDAP_Server".I had line like "LDAP_Server 128.1.10.243" in config file.So that is a configuration error. See http://httpd.apache.org/docs/2.2/en/mod/mod_ldap.html and http://httpd.apache.org/docs/2.2/en/mod/mod_authnz_ldap.htmlI checked "util_ldap.c" is in the httpd -l listing # /www/apache2/bin/httpd -l Compiled in modules: core.c mod_authn_file.c mod_authn_default.c mod_authz_host.c mod_authz_groupfile.c mod_authz_user.c mod_authnz_ldap.c mod_authz_default.c mod_auth_basic.c mod_include.c mod_filter.c mod_deflate.c util_ldap.cCorrect. This is (unfortunately) the name of mod_ldap when compiled in statically.mod_log_config.c mod_env.c mod_headers.c mod_setenvif.c mod_version.c mod_proxy.c mod_proxy_connect.c mod_proxy_ftp.c mod_proxy_http.c mod_proxy_scgi.c mod_proxy_ajp.c mod_proxy_balancer.c mod_ssl.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_cgid.c mod_negotiation.c mod_dir.c mod_actions.c mod_userdir.c mod_alias.c mod_rewrite.c mod_so.c But there is no mod_ldap.so module in apache libexec or modules directoriesCheck the timestamps of the files in the libexec directoy. I expect all of them are older than the installation and they do not belong to your new installation. You compiled the modules staticaly, so they are built into the httpd binary, not as separate loadable module files. By default Apache installs all modules into a directory named modules. The name "libexec" was used long ago only for Apache 1.3 (and older). The modules below are not for Apache 1.3 but might be left overs from some other Apche 2.0 installation (e.g. mod_perl and mod_auth_gs do not come bundled with Apache).# ls /www/apache2/libexec httpd.exp mod_dir.so mod_proxy.so mod_access.so mod_disk_cache.so mod_proxy_connect.so mod_actions.so mod_env.so mod_proxy_ftp.so mod_alias.so mod_expires.so mod_proxy_http.so mod_asis.so mod_ext_filter.so mod_rewrite.so mod_auth.so mod_file_cache.so mod_setenvif.so mod_auth_anon.so mod_headers.so mod_speling.so mod_auth_dbm.so mod_imap.so mod_ssl.so mod_auth_digest.so mod_include.so mod_status.so mod_auth_gss.so mod_info.so mod_suexec.so mod_autoindex.so mod_log_config.so mod_unique_id.so mod_cache.so mod_log_forensic.so mod_userdir.so mod_cern_meta.so mod_mem_cache.so mod_usertrack.so mod_cgi.so mod_mime.so mod_version.so mod_dav.so mod_mime_magic.so mod_vhost_alias.so mod_dav_fs.so mod_negotiation.so mod_deflate.so mod_perl.so Can you or someone tell me what is missing?I'd say nothing is missing, but your configuration is wrong. Regards, Rainer
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|