Motivation

It is one of those how-to posts where I had to try different methods to achieve something, and when achieved, log my experiences so that it may help somebody else. So the task at hand is that I have Subversion setup fine with Apache server, but now need LDAP support. This actually means you need two new Apache modules -- mod_ldap and mod_authnz_ldap. This post is an attempt to explain how to build those modules and to compile Apache with LDAP enabled.

Environment

All the good advice that I have received is to compile Apache from the source rather than relying on the third-party RPMs. This is an installation on Redhat Linux 5 using Apache 2.2. I haven't found good RPMs for the purpose, even the ones that I got has dependencies on other binaries of specific versions. Although it sounded like a daunting task at first, this can be achieved in a few steps once you figured out what is needed (surprise!).

Install OpenLDAP

OpenLDAP has a dependency on Berkley database. So install that first --

Berkley database

Here are the steps to install Berkley database


$ tar -xzvf db-version.tar.gz
$ cd db-version/unix-build
$ ../dist/configure
$ make
$ make install

Notes:

1.Replace version with the version of the binary that you are working with.
2. Execute configure from unix-build directory as described above.

Now install OpenLDAP

Download OpenLDAP source. I'm using version 2.4.16, and the Berkley database is of version 4.7. Those reflect the steps below (no need to say, that you need to modify the paths for your environment).


# cd to openldap source directory

$ CPPFLAGS="-I/usr/local/BerkeleyDB.4.7/include"
$ export CPPFLAGS

$ LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.7/lib -R/usr/local/BerkeleyDB.4.7/lib"
$ export LDFLAGS

$ LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.7/lib"
$ export LD_LIBRARY_PATH

$ ./configure

# build dependencies first
$ make depend

$ make
$ make install

Note: Most important point from the above is to set the environment variables CPPFLAGS, LDFLAGS, LD_LIBRARY_PATH to the appropriate Berkley DB paths.

Apache Portable Runtime Utilities (APR-Util)

Building Apache Portable Runtime (APR) is more straightforward and doesn't need any change for the LDAP stuff. Navigate to the apr directory and execute configure (with a prefix, if you have to) and then make clean, make and make install. However, APR-Util has to be built --with-ldap flag. This is one of the things that took a few iterations for me to understand.

So for APR-Util the following steps work:


# cd to apr-util

# prefix points to where you want to install apr-util and with-apr points to APR installation directory
$ ./configure --prefix=/opt/apache2/apr-util --with-apr=/opt/apache2/apr --with-ldap

#Optional
$ make clean

$ make
$ make install

Build Apache with LDAP modules

Now compile Apache with LDAP modules. Here are some changes that you need for configure.


# cd to Apache source home directory

# Before running configure make sure that you clear all the environment variables that were set above.

$ ./configure --prefix=/opt/apache2  --enable-dav --enable-dav-fs \
--with-included-apr --with-ldap --enable-ldap --enable-authnz-ldap \
--with-ldap-include=/opt/openldap-2.4.16/include \
--with-ldap-lib=/opt/openldap-2.4.16/libraries
# make clean (optional)
# make
# make install

Notes:

1. prefix points to where you want to install Apache. So change that to reflect your environment.
2. If you have to enable more modules feel free to do so.
3. with-ldap-include and with-ldap-lib points to OpenLDAP's include and libraries directories respectively.

Configuration

CollabNet's blog post explains the changes needed to the Apache's config file (httpd.conf), and those instructions worked perfectly fine for me.

Be Sociable, Share!