How do I configure and compile apache 2.4 with ldap support on redat 6

Question

System info: cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.4 (Santiago)

uname -a Linux lb-cam-bca-13 2.6.32-642.15.1.el6.x86_64 #1 SMP Fri Feb 24 14:31:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

httpd -version Server version: Apache/2.4.25 (Unix) Server built: Jun 27 2017 16:23:25

gcc --version gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-17)

---

I have installed a local version of apache 2.4 on my rhel 6 machine and is currently up and running fine.

However I now wish to enable ldap support on it and so initially tried to configure using the following:

./configure --prefix=/lb-cam-bca-13/usr/local/apache --with-included-apr --enable-ldap --enable-authnz-ldap --enable-ssl --enable-so --with-ldap

which seems to configure ol, but when I try to build I get the following errors:

gcc -std=gnu99  -g -O2 -pthread      -DLINUX -D_REENTRANT -D_GNU_SOURCE     -I. -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/os/unix -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/include -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr/include -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr-util/include -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/aaa -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/cache -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/core -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/database -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/filters -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/ldap -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/loggers -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/lua -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/proxy -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/session -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/ssl -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/test -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/server -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/arch/unix -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/dav/main -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/generators -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/mappers  -c /lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/server/buildmark.c
/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr/libtool --silent --mode=link gcc -std=gnu99  -g -O2 -pthread         -o httpd  modules.lo buildmark.o -export-dynamic server/libmain.la modules/core/libmod_so.la modules/http/libmod_http.la server/mpm/event/libevent.la os/unix/libos.la -lpcre     /lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr-util/libaprutil-1.la -lexpat /lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr/libapr-1.la -lrt -lcrypt -lpthread
server/.libs/libmain.a(exports.o):(.data+0x2758): undefined reference to `apr_ldap_ssl_init'
server/.libs/libmain.a(exports.o):(.data+0x2760): undefined reference to `apr_ldap_ssl_deinit'
server/.libs/libmain.a(exports.o):(.data+0x2768): undefined reference to `apr_ldap_init'
server/.libs/libmain.a(exports.o):(.data+0x2770): undefined reference to `apr_ldap_info'
server/.libs/libmain.a(exports.o):(.data+0x2778): undefined reference to `apr_ldap_get_option'
server/.libs/libmain.a(exports.o):(.data+0x2780): undefined reference to `apr_ldap_set_option'
server/.libs/libmain.a(exports.o):(.data+0x2788): undefined reference to `apr_ldap_rebind_init'
server/.libs/libmain.a(exports.o):(.data+0x2790): undefined reference to `apr_ldap_rebind_add'
server/.libs/libmain.a(exports.o):(.data+0x2798): undefined reference to `apr_ldap_rebind_remove'
server/.libs/libmain.a(exports.o):(.data+0x27a0): undefined reference to `apr_ldap_is_ldap_url'
server/.libs/libmain.a(exports.o):(.data+0x27a8): undefined reference to `apr_ldap_is_ldaps_url'
server/.libs/libmain.a(exports.o):(.data+0x27b0): undefined reference to `apr_ldap_is_ldapi_url'
server/.libs/libmain.a(exports.o):(.data+0x27b8): undefined reference to `apr_ldap_url_parse_ext'
server/.libs/libmain.a(exports.o):(.data+0x27c0): undefined reference to `apr_ldap_url_parse'
collect2: ld returned 1 exit status
make[1]: *** [httpd] Error 1
make[1]: Leaving directory `/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25'
make: *** [all-recursive] Error 1

I also noticed that there is a --with-openldap option, so I tried that as well, but this resulted in configuration errors:

configure: WARNING: apr/apr-util is compiled without ldap support
checking whether to enable mod_authnz_ldap... configure: error: mod_authnz_ldap has been requested but can not be built due to prerequisite failures

looking at config.log and seraching for error I see:

...
configure:5860: gcc -E  -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c
conftest.c:9:28: error: ac_nonexistent.h: No such file or directory
 134 configure:5860: $? = 1
 135 configure: failed program was:
 136 | /* confdefs.h */
 137 | #define PACKAGE_NAME ""
 138 | #define PACKAGE_TARNAME ""
 139 | #define PACKAGE_VERSION ""
 140 | #define PACKAGE_STRING ""
 141 | #define PACKAGE_BUGREPORT ""
 142 | #define PACKAGE_URL ""
 143 | /* end confdefs.h.  */
 144 | #include <ac_nonexistent.h>
 145 configure:5889: checking for gcc option to accept ISO C99
 146 configure:6038: gcc  -c  -g -O2 -pthread  -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c >&5
 147 conftest.c:59: error: expected ';', ',' or ')' before 'text'
 148 conftest.c: In function 'main':
 149 conftest.c:113: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'newvar'
 150 conftest.c:113: error: 'newvar' undeclared (first use in this function)
 151 conftest.c:113: error: (Each undeclared identifier is reported only once
 152 conftest.c:113: error: for each function it appears in.)
 153 conftest.c:123: error: 'for' loop initial declarations are only allowed in C99 mode
 154 conftest.c:123: note: use option -std=c99 or -std=gnu99 to compile your code
 ...
 configure:6954: gcc -std=gnu99 -c  -g -O2 -pthread  -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c >&5
 conftest.c:52:26: error: minix/config.h: No such file or directory
 ...
 configure:6954: gcc -E  -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c
 conftest.c:19:26: error: minix/config.h: No such file or directory
 ...
 configure:7397: gcc -std=gnu99 -c  -g -O2 -pthread  -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c >&5
 531 conftest.c:66:27: error: sys/processor.h: No such file or directory
 ...
 configure:7397: gcc -E  -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c
 603 conftest.c:33:27: error: sys/processor.h: No such file or directory
 ...
 configure:7397: gcc -std=gnu99 -c  -g -O2 -pthread  -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c >&5
 664 conftest.c:68:25: error: sys/loadavg.h: No such file or directory
 ...
 configure:7397: gcc -E  -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c
 738 conftest.c:35:25: error: sys/loadavg.h: No such file or directory
 ...
 configure:10876: checking whether to enable mod_authnz_ldap
1075 configure:10882: error: mod_authnz_ldap has been requested but can not be built due to prerequisite failures

1. Given that I am using openladap over ssl for authentication - can anyone tell me how I should configure and build apache to include ldap authentication support ?

2. Does anyone know what the difference between --with-ldap and --with-openldap is ? And under which conditions one or the other should be specified ?

3. Looking at the make errors in the first case I initially thought that the included apr was not built with ldap, but searching the source files it looks like ldap is included. Does anyone know if the default included apr includes ldap support, or do I need to down load and build a separate version (which includes ldap support) ?

4. Looking at the config errors in the second case - are these related to the gcc version used ?

---

Update: Thinking that may be the included apr either does not support ldap or is in someway not compatible with my version of gcc thought I'd try building apr and apr-util from scratch and use --with directives to include then in the httpd build. This seemed to build ok, but when trying to run apache I get a link error.

I did the following: download and unpack apr-1.7.0 download and unpack apr-util-1.6.1

confgure apr-1.7.0 and build it

$ cd apr/apr-1.7.0
./configure --prefix=/lb-cam-bca-13/usr/local/apache
make
make install

configure apr-util-1.6.1 and build it

$ ./configure --with-crypto --with-ldap=ldap --with-openssl --with-mysql --with-apr=../../apr/apr-1.7.0 --enable-so
make
make install

configure and build httpd

$ ./configure --prefix=/lb-cam-bca-13/usr/local/apache --with-apr=../apr/apr-1.7.0 --with-apr-util=../aprutil/apr-util-1.6.1  --with-ldap --enable-authnz-ldap --enable-so --enable-ssl --enable-md --enable-log-forensic
make
make install

ready to start apache

$ apachectl stop
httpd: Syntax error on line 74 of /lb-cam-bca-13/usr/local/apache/conf/httpd.conf: Cannot load modules/mod_authnz_ldap.so into server: /lb-cam-bca-13/usr/local/apache/modules/mod_authnz_ldap.so: undefined symbol: apr_ldap_url_parse

indeed the symbol is there, but undefined:

$ objdump -awx modules/mod_authnz_ldap.so | grep url
    0000000000002260 l     F .text  0000000000000460              mod_auth_ldap_parse_url
    0000000000000000         *UND*  0000000000000000              apr_ldap_url_parse

it is defined in apr-utils - apr_ldap_url.o ...

$ objdump -awx ./ldap/.libs/apr_ldap_url.o | grep ' F ' | grep ldap
0000000000000000 l     F .text  00000000000000bd apr_ldap_pvt_hex_unescape
0000000000000290 l     F .text  0000000000000118 apr_ldap_str2charray.clone.0
00000000000001c0 g     F .text  0000000000000026 apr_ldap_is_ldap_url
00000000000001f0 g     F .text  0000000000000047 apr_ldap_is_ldapi_url
0000000000000240 g     F .text  0000000000000047 apr_ldap_is_ldaps_url
00000000000003b0 g     F .text  00000000000006c1 apr_ldap_url_parse_ext
0000000000000a80 g     F .text  0000000000000039 apr_ldap_url_parse

... but not in apr_ldap-1.so

$ objdump -awx ./ldap/.libs/apr_ldap-1.so | grep ' F ' | grep ldap
0000000000001350 l     F .text  000000000000000a              apr_ldap_pool_cleanup_set_null
0000000000001400 l     F .text  0000000000000010              apr_ldap_rebind_remove_helper
0000000000000000       F *UND*  0000000000000000              ldap_get_option
0000000000001360 g     F .text  0000000000000095              apr__ldap_rebind_remove
0000000000000000       F *UND*  0000000000000000              ldap_set_option
0000000000000d10 g     F .text  0000000000000003              apr__ldap_ssl_deinit
0000000000000f30 g     F .text  000000000000034b              apr__ldap_set_option
0000000000000d20 g     F .text  000000000000002f              apr__ldap_info
0000000000001280 g     F .text  00000000000000c3              apr__ldap_get_option
0000000000000000       F *UND*  0000000000000000              ldap_init
0000000000000000       F *UND*  0000000000000000              ldap_set_rebind_proc
0000000000000000       F *UND*  0000000000000000              ldap_bind_s
0000000000000000       F *UND*  0000000000000000              ldap_start_tls_s
0000000000000000       F *UND*  0000000000000000              ldap_err2string
00000000000015c0 g     F .text  0000000000000042              apr__ldap_rebind_init
0000000000000e30 g     F .text  00000000000000f7              apr__ldap_ssl_init
0000000000000d50 g     F .text  00000000000000d8              apr__ldap_init
0000000000001410 g     F .text  0000000000000128              apr__ldap_rebind_add

Has anyone seen this problem before ? I have done some searching, but have been unable to find a suitable solution (though I have seen that similar error has happened to some people before)

Does anyone know what I should do to make sure the full apr-util is included in the build ?

Is there another --with directive I need use when building or is this a problem with creation of the .so file ?

Answer 1

Finally resolved. I was using incorrect syntax for the LoadModule line in the configuration file.

The LoadModule line that I put in:

LoadModule mod_authnz_ldap modules/mod_authnz_ldap.so

should be:

LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

Then it works. Clearly it was looking for mod_authnz_ldap in some table somewhere and not finding it.

Using the correct name it seems to be loading (though I have not tried actually using it)

I was led down the garden path by the error message.