RE: FW: help on compile 2.2.17 with ldap support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Rainer,
I will start a new discussion about ldap authentication.

David Long

-----Original Message-----
From: Rainer Jung [mailto:rainer.jung@xxxxxxxxxxx] 
Sent: Thursday, December 30, 2010 12:09 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: FW:  help on compile 2.2.17 with ldap support

Hi David,

I'm not an LDAP expert. I suggest now that it seems the compilation 
worked fine and ldao is in place, you start a new discussion thread 
about how to use ldap authentication.

Please provide your configuration and th below error messages when 
starting that discussion.

Regards,

Rainer

On 30.12.2010 18:10, David Long wrote:
> Hi Rainer,
> I followed those two document and corrected my configuration.
> Now http started fine. But when I hit the restricted folder. I still got error.
> Here is my error_log, parser fine but ldap initialization failed. How do I test my apache ldap function? Or do I need to recompile my apr-util?
>
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(1010): [293] auth_ldap url parse: `ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)', Host: 128.1.10.243:389, Port: 389, DN: ou=people,dc=lynden,dc=com, attrib: uid, scope: subtree, filter: (objectClass=organizationalPerson), connection mode: not using SSL
> [Wed Dec 29 15:37:12 2010] [debug] mod_authnz_ldap.c(403): [client 12.171.37.10] [293] auth_ldap authenticate: using URL ldap://128.1.10.243:389/ou=people,dc=lynden,dc=com?uid?sub?(objectClass=organizationalPerson)
> [Wed Dec 29 15:37:12 2010] [info] [client 12.171.37.10] [293] auth_ldap authenticate: user dlong authentication failed; URI /EMU [LDAP: ldap initialization failed][Unknown error]
>
> Thanks
> David Long
>
> -----Original Message-----
> From: Rainer Jung [mailto:rainer.jung@xxxxxxxxxxx]
> Sent: Tuesday, December 28, 2010 1:19 PM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re: FW:  help on compile 2.2.17 with ldap support
>
> On 28.12.2010 20:15, David Long wrote:
>> Hi Rainer,
>> I downloaded apr 1.4.2 and apr-util 1.3.10
>> For apr 1.4.2, I did "configure --prefix=/www/apache2/apr-httpd/"
>> For apr util 1.3.10, I did "configure --prefix=/www/apache2/apr-util-httpd/ --with-apr=/www/apache2/apr-httpd/ --with-ldap"
>>
>> For httpd-2.2.17
>> configure \
>> "--prefix=/www/apache2" \
>> "--with-apr=/www/apache2/apr-httpd/" \
>> "--with-apr-util=/www/apache2/apr-util-httpd/" \
>> "--enable-so" \
>> "--enable-proxy" \
>> "--enable-ssl" \
>> "--enable-deflate" \
>> "--enable-rewrite" \
>> "--enable-headers" \
>> "--enable-cgid" \
>> "--enable-ldap" \
>> "--enable-authnz-ldap" \
>> "$@"
>>
>> All compiled and installed fine.
>>
>> But I got error when I started http,
>> # bin/apachectl start
>> Syntax error on line 115 of /www/apache2/conf/sites-enabled/www.lynden.com.conf:
>> Invalid command 'LDAP_Server', perhaps misspelled or defined by a module not included in the server configuration
>
> That's true, there is no configuration directive named "LDAP_Server".
>
>> I had line like "LDAP_Server 128.1.10.243" in config file.
>
> So that is a configuration error.
>
> See
>
> http://httpd.apache.org/docs/2.2/en/mod/mod_ldap.html
>
> and
>
> http://httpd.apache.org/docs/2.2/en/mod/mod_authnz_ldap.html
>
>> I checked "util_ldap.c" is in the httpd -l listing
>> # /www/apache2/bin/httpd -l
>> Compiled in modules:
>>     core.c
>>     mod_authn_file.c
>>     mod_authn_default.c
>>     mod_authz_host.c
>>     mod_authz_groupfile.c
>>     mod_authz_user.c
>>     mod_authnz_ldap.c
>>     mod_authz_default.c
>>     mod_auth_basic.c
>>     mod_include.c
>>     mod_filter.c
>>     mod_deflate.c
>>     util_ldap.c
>
> Correct. This is (unfortunately) the name of mod_ldap when compiled in
> statically.
>
>>     mod_log_config.c
>>     mod_env.c
>>     mod_headers.c
>>     mod_setenvif.c
>>     mod_version.c
>>     mod_proxy.c
>>     mod_proxy_connect.c
>>     mod_proxy_ftp.c
>>     mod_proxy_http.c
>>     mod_proxy_scgi.c
>>     mod_proxy_ajp.c
>>     mod_proxy_balancer.c
>>     mod_ssl.c
>>     prefork.c
>>     http_core.c
>>     mod_mime.c
>>     mod_status.c
>>     mod_autoindex.c
>>     mod_asis.c
>>     mod_cgi.c
>>     mod_cgid.c
>>     mod_negotiation.c
>>     mod_dir.c
>>     mod_actions.c
>>     mod_userdir.c
>>     mod_alias.c
>>     mod_rewrite.c
>>     mod_so.c
>>
>> But there is no mod_ldap.so module in apache libexec or modules directories
>
> Check the timestamps of the files in the libexec directoy. I expect all
> of them are older than the installation and they do not belong to your
> new installation. You compiled the modules staticaly, so they are built
> into the httpd binary, not as separate loadable module files. By default
> Apache installs all modules into a directory named modules. The name
> "libexec" was used long ago only for Apache 1.3 (and older). The modules
> below are not for Apache 1.3 but might be left overs from some other
> Apche 2.0 installation (e.g. mod_perl and mod_auth_gs do not come
> bundled with Apache).
>
>> # ls /www/apache2/libexec
>> httpd.exp             mod_dir.so            mod_proxy.so
>> mod_access.so         mod_disk_cache.so     mod_proxy_connect.so
>> mod_actions.so        mod_env.so            mod_proxy_ftp.so
>> mod_alias.so          mod_expires.so        mod_proxy_http.so
>> mod_asis.so           mod_ext_filter.so     mod_rewrite.so
>> mod_auth.so           mod_file_cache.so     mod_setenvif.so
>> mod_auth_anon.so      mod_headers.so        mod_speling.so
>> mod_auth_dbm.so       mod_imap.so           mod_ssl.so
>> mod_auth_digest.so    mod_include.so        mod_status.so
>> mod_auth_gss.so       mod_info.so           mod_suexec.so
>> mod_autoindex.so      mod_log_config.so     mod_unique_id.so
>> mod_cache.so          mod_log_forensic.so   mod_userdir.so
>> mod_cern_meta.so      mod_mem_cache.so      mod_usertrack.so
>> mod_cgi.so            mod_mime.so           mod_version.so
>> mod_dav.so            mod_mime_magic.so     mod_vhost_alias.so
>> mod_dav_fs.so         mod_negotiation.so
>> mod_deflate.so        mod_perl.so
>>
>> Can you or someone tell me what is missing?
>
> I'd say nothing is missing, but your configuration is wrong.
>
> Regards,
>
> Rainer

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux