Installation

mod_authz_ldap can only be installed as a dynamic shared object (DSO), the version statically linked into the apache server is no longer supported.. After installation, proceed to the configuration.

2.1. configure options

mod_authz_ldap uses configure to explore the system and set appropriate compiler and linker flags. There are a number of options available:

--with-debug

Include additional debugging code in the module. Use this only during testing, as the volume of debug output can be quite large and turn into a performance penalty.

--with-openssl-path=path-to-openssl

The configure script tries to find the OpenSSL libraries in /usr/local/ssl. If you have them installed in some other directory, you should use this option to help configure find them.

--with-apxs=path-to-apxs

tells the configure script the path to the Apache DSO configuration utility.

--with-apr=path-to-apr-1-config

The apache runtime version 1.3 is required for this module, use this option to specify the path to the apr-1-config. Not required if apr-1-config is on your path.

--with-apu=path-to-apu-1-config

In addition to apr, also apr-util is needed. Use this option to specify the path to the apu-1-config. Not required if apr-1-config is on your path.

--disable-ssl

makes sure no code interfacing with mod_ssl is included in the module, so it can be used as a simple LDAP authentication module in servers not configured with mod_ssl. Without this option, the module will not load into a server that has not already loaded mod_ssl.

--with-sharedflag=linker-flag-to-build-dso

This option is a kludge to work around a bug in libtool included with apache2. That version of libtool does not emit the correct linker flags when asked, through the use of the option -module, to build a DSO. The link fails with unresolved symbols. mod_authz_ldap works around this problem by supplying -shared to the linker by default, which allows GNU ld to build a DSO. Other linkers, e.g. the Solaris platform linker, require a different option, which mod_authz_ldap really doesn't want to know about (this is libtool's task), so you'll have to provide the flag suitable for your linker with this flag if you are not using GNU ld.

Common problems

Problems with openssl headers. mod_ssl.h in Apache2 includes the OpenSSL headers without any directory part like

#include <ssl.h>
#include <pem.h>

CPPFLAGS="-I/usr/local/ssl/include/openssl"
expor CPPFLAGS

2.2. Install as a DSO

Configure the package as a DSO

    $ ./configure --with-apxs=path-to-apxs

    $ make
    $ su
    Password:
    # make install
    . . .

    LoadModule authz_ldap_module   libexec/mod_authz_ldap.so
    AddModule mod_authz_ldap.c

2.3. Install as a statically linked module

As of version 0.16, building mod_authz_ldap is no longer supported. As most platforms are now supported by the DSO mechanism, which is much more flexible and convenient, there hardly is any need for the static build anymore.

In case you need the static build nevertheless, you should download a version before 0.16 and try to use a modified version of the Makefile.tmpl on the current version.

2.4. Stripped mod_ssl

Some distributions include mod_ssl, but strip it. This is very unfortunate as it means that mod_authz_ldap does not have access to some functions defined by mod_ssl. If you don't need certificate functions, you can configure with the --disable-ssl, this will remove any dependencies on mod_ssl. If you need SSL, you'll have to recompile mod_ssl.