Introduction  Download  Installation  Configuration  LDAP  HOWTO  Reference  


mod_authz_ldap can only be installed as a dynamic shared object (DSO), the version statically linked into the apache server is no longer supported.. After installation, proceed to the configuration.

2.1. configure options

mod_authz_ldap uses configure to explore the system and set appropriate compiler and linker flags. There are a number of options available:

Include additional debugging code in the module. Use this only during testing, as the volume of debug output can be quite large and turn into a performance penalty.
The configure script tries to find the OpenSSL libraries in /usr/local/ssl. If you have them installed in some other directory, you should use this option to help configure find them.
tells the configure script the path to the Apache DSO configuration utility.
The apache runtime version 1.3 is required for this module, use this option to specify the path to the apr-1-config. Not required if apr-1-config is on your path.
In addition to apr, also apr-util is needed. Use this option to specify the path to the apu-1-config. Not required if apr-1-config is on your path.
makes sure no code interfacing with mod_ssl is included in the module, so it can be used as a simple LDAP authentication module in servers not configured with mod_ssl. Without this option, the module will not load into a server that has not already loaded mod_ssl.
This option is a kludge to work around a bug in libtool included with apache2. That version of libtool does not emit the correct linker flags when asked, through the use of the option -module, to build a DSO. The link fails with unresolved symbols. mod_authz_ldap works around this problem by supplying -shared to the linker by default, which allows GNU ld to build a DSO. Other linkers, e.g. the Solaris platform linker, require a different option, which mod_authz_ldap really doesn't want to know about (this is libtool's task), so you'll have to provide the flag suitable for your linker with this flag if you are not using GNU ld.

Common problems

Problems with openssl headers. mod_ssl.h in Apache2 includes the OpenSSL headers without any directory part like

#include <ssl.h>
#include <pem.h>
but most systems need to prefix the filenames by openssl. So in order to compile successfully, you may have to add /usr/include/openssl to the compiler's include path, e.g. by saying
before running configure. An alternative is to use the --with-openssl-path directive.

2.2. Install as a DSO

Configure the package as a DSO

    $ ./configure --with-apxs=path-to-apxs
Set LDFLAGS appropriately if your LDAP libraries or not on the standard library search path. Then compile and install the support programs
    $ make
    $ su
    # make install
    . . .
Starting with release 0.18, this will also install the module (previous releases required a separate make module-install). The installation does automatically activate the module in the default server configuration file. If the module is to be used in servers using some other configuration file, it should be activated by adding the following commands to the configuration file:
    LoadModule authz_ldap_module   libexec/
    AddModule mod_authz_ldap.c

2.3. Install as a statically linked module

As of version 0.16, building mod_authz_ldap is no longer supported. As most platforms are now supported by the DSO mechanism, which is much more flexible and convenient, there hardly is any need for the static build anymore.

In case you need the static build nevertheless, you should download a version before 0.16 and try to use a modified version of the Makefile.tmpl on the current version.

2.4. Stripped mod_ssl

Some distributions include mod_ssl, but strip it. This is very unfortunate as it means that mod_authz_ldap does not have access to some functions defined by mod_ssl. If you don't need certificate functions, you can configure with the --disable-ssl, this will remove any dependencies on mod_ssl. If you need SSL, you'll have to recompile mod_ssl.

© 2001 Dr. Andreas Müller, Beratung und Entwicklung