Installation
mod_authz_ldap
can only be installed as a
dynamic shared object (DSO), the version
statically linked into the apache server
is no longer supported..
After installation, proceed to the
configuration.
mod_authz_ldap
uses configure
to explore the
system and set appropriate compiler and linker flags.
There are a number of options available:
--with-debug
- Include additional debugging code in the module.
Use this only during testing, as the volume of debug output can be
quite large and turn into a performance penalty.
--with-openssl-path=path-to-openssl
- The
configure
script tries to find the OpenSSL libraries
in /usr/local/ssl.
If you have them installed in some other directory,
you should use this option to help configure find them.
--with-apxs=path-to-apxs
-
tells the configure script the path to the Apache DSO configuration
utility.
--with-apr=path-to-apr-1-config
-
The apache runtime version 1.3 is required for this module, use this option
to specify the path to the
apr-1-config
.
Not required if apr-1-config
is on your path.
--with-apu=path-to-apu-1-config
-
In addition to apr, also apr-util is needed. Use this option to specify
the path to the
apu-1-config
.
Not required if apr-1-config
is on your path.
--disable-ssl
-
makes sure no code interfacing with mod_ssl is included in the module,
so it can be used as a simple LDAP authentication module in servers not
configured with mod_ssl. Without this option, the module will not load
into a server that has not already loaded mod_ssl.
--with-sharedflag=linker-flag-to-build-dso
-
This option is a kludge to work around a bug in libtool included with apache2.
That version of libtool does not emit the correct linker flags when asked,
through the use of the option
-module
, to build a DSO. The
link fails with unresolved symbols. mod_authz_ldap
works around
this problem by supplying -shared
to the linker by default,
which allows GNU ld to build a DSO. Other linkers, e.g. the Solaris platform
linker, require a different option, which mod_authz_ldap
really doesn't want to know about (this is libtool's task), so you'll have
to provide the flag suitable for your linker with this flag if you are not
using GNU ld.
Common problems
Problems with openssl headers. mod_ssl.h
in Apache2 includes the OpenSSL headers without any directory part like
#include <ssl.h>
#include <pem.h>
but most systems need to prefix the filenames by openssl.
So in order to compile successfully, you may have to add
/usr/include/openssl
to the compiler's include path, e.g.
by saying
CPPFLAGS="-I/usr/local/ssl/include/openssl"
expor CPPFLAGS
before running configure. An alternative is to use the
--with-openssl-path
directive.
Configure the package as a DSO
$ ./configure --with-apxs=path-to-apxs
Set LDFLAGS appropriately if your LDAP libraries or not on the standard
library search path. Then compile and install the support programs
$ make
$ su
Password:
# make install
. . .
Starting with release 0.18, this will also install the module
(previous releases required a separate make module-install
).
The installation does automatically activate the module in the default
server configuration file. If the module is to be used in servers using
some other configuration file, it should be activated by adding the following
commands to the configuration file:
LoadModule authz_ldap_module libexec/mod_authz_ldap.so
AddModule mod_authz_ldap.c
As of version 0.16, building mod_authz_ldap is no longer
supported. As most platforms are now supported by the DSO
mechanism, which is much more flexible and convenient,
there hardly is any need for the static build anymore.
In case you need the static build nevertheless, you should download
a version before 0.16 and try to use a modified version of the
Makefile.tmpl on the current version.
Some distributions include mod_ssl
, but strip it. This is
very unfortunate as it means that mod_authz_ldap
does not
have access to some functions defined by mod_ssl
. If you
don't need certificate functions, you can configure with the
--disable-ssl
, this will remove any dependencies on
mod_ssl
. If you need SSL, you'll have to recompile mod_ssl
.