Monday, March 15, 2010

Apache 2.2.14 with LDAP Authentication-Full documentation from start to finish

I had all sorts of trouble finding the directions to use LDAP as my authentication source for Apache. Even after discovering directions online I noticed some settings have now changed and some blogs gave misleading directions. Here are my notes from start to finish on how to build and utilize mod_ldap. Feel free to leave a comment if you think I am missing something and I will update the notes.

First My Build System is:
--SunOS dev02b 5.10 Generic_118833-36 sun4v sparc SUNW,Sun-Fire-T1000
--Because I am on a Solaris box I don't have to build OpenSSL, Solaris requires you to use the built in version

Environment Variables Needed for the Build
export PATH=.:/usr/bin:/usr/sfw/lib:/usr/sfw/bin:/opt/sfw/bin:/usr/sfw/bin:/usr/sbin:/usr/ccs/bin
export LD_LIBRARY_PATH="/usr/sfw/lib"

Download Software Packages:

1. Downloaded latest version of Apache 2.2.14
2. Downloaded latest version of Openldap 2.4.19 --I did not have access to my ldap server on my build server. Installing the necessary header files was required for me.

First Build OpenSSL Libraries:
1. ./configure --prefix=/opt/app/apache2/openldap --disable-slapd --disable-slurpd --with-tls
2. make
3. make install
No errors should appear.
Also notice that I like to create my applications in a custom location. Please change the "--prefix=" value to your preferred location.
This configuration line does not install an OpenLDAP server. That is disabled but I did get the libraries installed with TLS support.

Next Build Apache with LDAP Options Selected:
0. This step is to build the APR. I used the default APR with the 2.2.14 download.
1. ./configure –prefix=/opt/app/apache2/ --enable-threads --enable-other-child
2. make
3. make install

Second Apache Step Build APR-UTIL with LDAP Support
1. $ ./configure --prefix=/opt/app/apache2 --with-apr=/opt/app/apache2 --with-ldap=ldap --with-ldap-include=/opt/app/apache2/openldap/include --with-ldap-lib=/opt/app/apache2/openldap/lib
2. make
3. make install

Notice between both Apache locations I have now built the APR and APR-Util into the same location as the OpenLDAP libraries. This allows me to zip the files later and move easily to another server.

Final Apache Build:
Install Apache
1. configure CPPFLAGS=-I/opt/app/apache2/openldap/include LDFLAGS=-L/opt/app/apache2/openldap/lib --prefix=/opt/app/apache2 --with-mpm=worker --with-apr=/opt/app/apache2 --with-apr-util=/opt/app/apache2 --enable-mods-shared="all proxy proxy-balancer proxy-connect proxy-http so cache ssl ldap authnz-ldap"
2. make
3. make install

No errors should happen plus you should see in the configure log that SSL is supported and mod_ldap is being built.

That is the final build. Next is to configure and test!

No comments: