如何在 redat 6 上配置和编译具有 ldap 支持的 apache 2.4
Posted
技术标签:
【中文标题】如何在 redat 6 上配置和编译具有 ldap 支持的 apache 2.4【英文标题】:How do I configure and compile apache 2.4 with ldap support on redat 6 【发布时间】:2020-11-11 19:53:20 【问题描述】:系统信息: 猫 /etc/redhat-release Red Hat Enterprise Linux Server 6.4 版(圣地亚哥)
uname -a Linux lb-cam-bca-13 2.6.32-642.15.1.el6.x86_64 #1 SMP Fri Feb 24 14:31:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
httpd-版本 服务器版本:Apache/2.4.25 (Unix) 服务器搭建:2017年6月27日16:23:25
gcc --version gcc (GCC) 4.4.7 20120313(红帽 4.4.7-17)
我已经在我的 rhel 6 机器上安装了本地版本的 apache 2.4,目前可以正常运行。
但是我现在希望在其上启用 ldap 支持,因此最初尝试使用以下配置:
./configure --prefix=/lb-cam-bca-13/usr/local/apache --with-included-apr --enable-ldap --enable-authnz-ldap --enable-ssl --enable-so --with-ldap
这似乎是配置 ol,但是当我尝试构建时出现以下错误:
gcc -std=gnu99 -g -O2 -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I. -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/os/unix -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/include -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr/include -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr-util/include -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/aaa -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/cache -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/core -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/database -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/filters -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/ldap -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/loggers -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/lua -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/proxy -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/session -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/ssl -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/test -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/server -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/arch/unix -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/dav/main -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/generators -I/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/modules/mappers -c /lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/server/buildmark.c
/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr/libtool --silent --mode=link gcc -std=gnu99 -g -O2 -pthread -o httpd modules.lo buildmark.o -export-dynamic server/libmain.la modules/core/libmod_so.la modules/http/libmod_http.la server/mpm/event/libevent.la os/unix/libos.la -lpcre /lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr-util/libaprutil-1.la -lexpat /lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25/srclib/apr/libapr-1.la -lrt -lcrypt -lpthread
server/.libs/libmain.a(exports.o):(.data+0x2758): undefined reference to `apr_ldap_ssl_init'
server/.libs/libmain.a(exports.o):(.data+0x2760): undefined reference to `apr_ldap_ssl_deinit'
server/.libs/libmain.a(exports.o):(.data+0x2768): undefined reference to `apr_ldap_init'
server/.libs/libmain.a(exports.o):(.data+0x2770): undefined reference to `apr_ldap_info'
server/.libs/libmain.a(exports.o):(.data+0x2778): undefined reference to `apr_ldap_get_option'
server/.libs/libmain.a(exports.o):(.data+0x2780): undefined reference to `apr_ldap_set_option'
server/.libs/libmain.a(exports.o):(.data+0x2788): undefined reference to `apr_ldap_rebind_init'
server/.libs/libmain.a(exports.o):(.data+0x2790): undefined reference to `apr_ldap_rebind_add'
server/.libs/libmain.a(exports.o):(.data+0x2798): undefined reference to `apr_ldap_rebind_remove'
server/.libs/libmain.a(exports.o):(.data+0x27a0): undefined reference to `apr_ldap_is_ldap_url'
server/.libs/libmain.a(exports.o):(.data+0x27a8): undefined reference to `apr_ldap_is_ldaps_url'
server/.libs/libmain.a(exports.o):(.data+0x27b0): undefined reference to `apr_ldap_is_ldapi_url'
server/.libs/libmain.a(exports.o):(.data+0x27b8): undefined reference to `apr_ldap_url_parse_ext'
server/.libs/libmain.a(exports.o):(.data+0x27c0): undefined reference to `apr_ldap_url_parse'
collect2: ld returned 1 exit status
make[1]: *** [httpd] Error 1
make[1]: Leaving directory `/lb-cam-bca-13/usr/local/src/apache/httpd-2.4.25'
make: *** [all-recursive] Error 1
我还注意到有一个 --with-openldap 选项,所以我也尝试了,但这导致了配置错误:
configure: WARNING: apr/apr-util is compiled without ldap support
checking whether to enable mod_authnz_ldap... configure: error: mod_authnz_ldap has been requested but can not be built due to prerequisite failures
查看 config.log 并搜索我看到的错误:
...
configure:5860: gcc -E -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c
conftest.c:9:28: error: ac_nonexistent.h: No such file or directory
134 configure:5860: $? = 1
135 configure: failed program was:
136 | /* confdefs.h */
137 | #define PACKAGE_NAME ""
138 | #define PACKAGE_TARNAME ""
139 | #define PACKAGE_VERSION ""
140 | #define PACKAGE_STRING ""
141 | #define PACKAGE_BUGREPORT ""
142 | #define PACKAGE_URL ""
143 | /* end confdefs.h. */
144 | #include <ac_nonexistent.h>
145 configure:5889: checking for gcc option to accept ISO C99
146 configure:6038: gcc -c -g -O2 -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c >&5
147 conftest.c:59: error: expected ';', ',' or ')' before 'text'
148 conftest.c: In function 'main':
149 conftest.c:113: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'newvar'
150 conftest.c:113: error: 'newvar' undeclared (first use in this function)
151 conftest.c:113: error: (Each undeclared identifier is reported only once
152 conftest.c:113: error: for each function it appears in.)
153 conftest.c:123: error: 'for' loop initial declarations are only allowed in C99 mode
154 conftest.c:123: note: use option -std=c99 or -std=gnu99 to compile your code
...
configure:6954: gcc -std=gnu99 -c -g -O2 -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c >&5
conftest.c:52:26: error: minix/config.h: No such file or directory
...
configure:6954: gcc -E -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c
conftest.c:19:26: error: minix/config.h: No such file or directory
...
configure:7397: gcc -std=gnu99 -c -g -O2 -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c >&5
531 conftest.c:66:27: error: sys/processor.h: No such file or directory
...
configure:7397: gcc -E -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c
603 conftest.c:33:27: error: sys/processor.h: No such file or directory
...
configure:7397: gcc -std=gnu99 -c -g -O2 -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c >&5
664 conftest.c:68:25: error: sys/loadavg.h: No such file or directory
...
configure:7397: gcc -E -DLINUX -D_REENTRANT -D_GNU_SOURCE conftest.c
738 conftest.c:35:25: error: sys/loadavg.h: No such file or directory
...
configure:10876: checking whether to enable mod_authnz_ldap
1075 configure:10882: error: mod_authnz_ldap has been requested but can not be built due to prerequisite failures
鉴于我使用 openladap over ssl 进行身份验证 - 谁能告诉我应该如何配置和构建 apache 以包含 ldap 身份验证支持?
有谁知道 --with-ldap 和 --with-openldap 之间的区别是什么?以及在什么条件下应该指定一个或另一个?
查看第一种情况下的 make 错误,我最初认为包含的 apr 不是用 ldap 构建的,但是搜索看起来像包含 ldap 的源文件。 有谁知道默认包含的 apr 是否包括 ldap 支持,还是我需要下载并构建一个单独的版本(包括 ldap 支持)?
查看第二种情况下的配置错误 - 这些是否与使用的 gcc 版本有关?
更新: 认为可能包含的 apr 不支持 ldap 或者在某种程度上与我的 gcc 版本不兼容,我想我会尝试从头开始构建 apr 和 apr-util 并使用 --with 指令将其包含在 httpd 构建中。这似乎构建正常,但在尝试运行 apache 时出现链接错误。
我做了以下事情: 下载并解压 apr-1.7.0 下载并解压apr-util-1.6.1
配置 apr-1.7.0 并构建它
$ cd apr/apr-1.7.0
./configure --prefix=/lb-cam-bca-13/usr/local/apache
make
make install
配置 apr-util-1.6.1 并构建它
$ ./configure --with-crypto --with-ldap=ldap --with-openssl --with-mysql --with-apr=../../apr/apr-1.7.0 --enable-so
make
make install
配置和构建 httpd
$ ./configure --prefix=/lb-cam-bca-13/usr/local/apache --with-apr=../apr/apr-1.7.0 --with-apr-util=../aprutil/apr-util-1.6.1 --with-ldap --enable-authnz-ldap --enable-so --enable-ssl --enable-md --enable-log-forensic
make
make install
准备启动apache
$ apachectl stop
httpd: Syntax error on line 74 of /lb-cam-bca-13/usr/local/apache/conf/httpd.conf: Cannot load modules/mod_authnz_ldap.so into server: /lb-cam-bca-13/usr/local/apache/modules/mod_authnz_ldap.so: undefined symbol: apr_ldap_url_parse
确实有符号,但未定义:
$ objdump -awx modules/mod_authnz_ldap.so | grep url
0000000000002260 l F .text 0000000000000460 mod_auth_ldap_parse_url
0000000000000000 *UND* 0000000000000000 apr_ldap_url_parse
在 apr-utils - apr_ldap_url.o 中定义...
$ objdump -awx ./ldap/.libs/apr_ldap_url.o | grep ' F ' | grep ldap
0000000000000000 l F .text 00000000000000bd apr_ldap_pvt_hex_unescape
0000000000000290 l F .text 0000000000000118 apr_ldap_str2charray.clone.0
00000000000001c0 g F .text 0000000000000026 apr_ldap_is_ldap_url
00000000000001f0 g F .text 0000000000000047 apr_ldap_is_ldapi_url
0000000000000240 g F .text 0000000000000047 apr_ldap_is_ldaps_url
00000000000003b0 g F .text 00000000000006c1 apr_ldap_url_parse_ext
0000000000000a80 g F .text 0000000000000039 apr_ldap_url_parse
...但不在 apr_ldap-1.so 中
$ objdump -awx ./ldap/.libs/apr_ldap-1.so | grep ' F ' | grep ldap
0000000000001350 l F .text 000000000000000a apr_ldap_pool_cleanup_set_null
0000000000001400 l F .text 0000000000000010 apr_ldap_rebind_remove_helper
0000000000000000 F *UND* 0000000000000000 ldap_get_option
0000000000001360 g F .text 0000000000000095 apr__ldap_rebind_remove
0000000000000000 F *UND* 0000000000000000 ldap_set_option
0000000000000d10 g F .text 0000000000000003 apr__ldap_ssl_deinit
0000000000000f30 g F .text 000000000000034b apr__ldap_set_option
0000000000000d20 g F .text 000000000000002f apr__ldap_info
0000000000001280 g F .text 00000000000000c3 apr__ldap_get_option
0000000000000000 F *UND* 0000000000000000 ldap_init
0000000000000000 F *UND* 0000000000000000 ldap_set_rebind_proc
0000000000000000 F *UND* 0000000000000000 ldap_bind_s
0000000000000000 F *UND* 0000000000000000 ldap_start_tls_s
0000000000000000 F *UND* 0000000000000000 ldap_err2string
00000000000015c0 g F .text 0000000000000042 apr__ldap_rebind_init
0000000000000e30 g F .text 00000000000000f7 apr__ldap_ssl_init
0000000000000d50 g F .text 00000000000000d8 apr__ldap_init
0000000000001410 g F .text 0000000000000128 apr__ldap_rebind_add
以前有人见过这个问题吗?我做了一些搜索,但一直找不到合适的解决方案(虽然我已经看到一些人曾经发生过类似的错误)
有谁知道我应该怎么做才能确保完整的 apr-util 包含在构建中?
在构建时是否需要使用另一个 --with 指令,或者这是创建 .so 文件时的问题?
【问题讨论】:
【参考方案1】:终于解决了。我在配置文件中对 LoadModule 行使用了不正确的语法。
我放入的 LoadModule 行:
LoadModule mod_authnz_ldap modules/mod_authnz_ldap.so
应该是:
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
然后就可以了。显然它在某处的某个表中寻找 mod_authnz_ldap 并没有找到它。
使用正确的名称似乎正在加载(虽然我没有尝试过实际使用它)
我被错误信息引导到花园小路上。
【讨论】:
以上是关于如何在 redat 6 上配置和编译具有 ldap 支持的 apache 2.4的主要内容,如果未能解决你的问题,请参考以下文章
无法使用具有正确凭据的 Spring 3.1 验证 LDAP 帐户