Apache 2.4 with no mod_authnz_ldap module


(Cardcc) #1

After Apache 2.4 installation
“brew install httpd”
I haven’t been able to authenticate to LDAP/AD because there’s no “mod_authnz_ldap” in the apache modules directory “/usr/local/Cellar/httpd/2.4.34/lib/httpd”

I’ve tried reinstalling apr, apr-util and apache. But with no success.
Using High Sierra & PHP 7.0.

Another thing I noticed is that if i tried brew reinstall -s httpd --with-ldap the following warning would appear: Warning: httpd: this formula has no --with-ldap option so it will be ignored!


(Jacob Ledbetter) #2

ldap should already be in macos, but if you need a keg to use, do brew install openldap and create a link to apache.


(Cardcc) #3

Hi there… openldap is already installed (2.4.46).
What’s missing is the apache module itself.

I’ve been looking at https://github.com/Homebrew/homebrew-core/blob/master/Formula/httpd.rb
Maybe in the apache compiling process there should be something like “–enable-mod_authnz_ldap”.

I’ve been also looking at the default apache in MacOS and the module is there in: /usr/libexec/apache2
Cant’ see the reason why it’s not there. This is a default module: https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html


(Sean Molenaar) #4

Might be because ldap on macOS is pretty handicapped by Apple. Apple can anticipated that, upstream (apache and homebrew in this case) usually don’t. You can try editing and compiling the formula to see if it works though.

If it does you can even file a pull request to add it as a default module.


(Cardcc) #5

I followed your advice an did a “brew edit httpd” and added the following 3 lines:

“–enable-mods-shared=all”,
#after
“–enable-ldap”,
“–enable-authnz-ldap”,
“–with-ldap”,
#before
“–enable-authnz-fcgi”,

The compiling result was:
Last 15 lines from /Users/carloscardoso/Library/Logs/Homebrew/httpd/01.configure:
checking whether to enable mod_authn_anon… shared (all)
checking whether to enable mod_authn_dbd… shared (all)
checking whether to enable mod_authn_socache… shared (all)
checking whether to enable mod_authn_core… shared
checking whether to enable mod_authz_host… shared
checking whether to enable mod_authz_groupfile… shared
checking whether to enable mod_authz_user… shared
checking whether to enable mod_authz_dbm… shared (all)
checking whether to enable mod_authz_owner… shared (all)
checking whether to enable mod_authz_dbd… shared (all)
checking whether to enable mod_authz_core… shared
checking whether to enable mod_authnz_ldap… checking dependencies
checking for ldap support in apr/apr-util… no
configure: WARNING: apr/apr-util is compiled without ldap support
checking whether to enable mod_authnz_ldap… configure: error: mod_authnz_ldap has been requested but can not be built due to prerequisite failures
/usr/local/Homebrew/Library/Homebrew/utils/fork.rb:49:in write': Broken pipe (Errno::EPIPE) from /usr/local/Homebrew/Library/Homebrew/utils/fork.rb:49:inputs’
from /usr/local/Homebrew/Library/Homebrew/utils/fork.rb:49:in rescue in block (3 levels) in safe_fork' from /usr/local/Homebrew/Library/Homebrew/utils/fork.rb:31:inblock (3 levels) in safe_fork’
from /usr/local/Homebrew/Library/Homebrew/utils/fork.rb:30:in fork' from /usr/local/Homebrew/Library/Homebrew/utils/fork.rb:30:inblock (2 levels) in safe_fork’
from /usr/local/Homebrew/Library/Homebrew/utils/fork.rb:27:in open' from /usr/local/Homebrew/Library/Homebrew/utils/fork.rb:27:inblock in safe_fork’
from /System/Library/Frameworks/Ruby.framework/Versions/2.3/usr/lib/ruby/2.3.0/tmpdir.rb:89:in mktmpdir' from /usr/local/Homebrew/Library/Homebrew/utils/fork.rb:26:insafe_fork’
from /usr/local/Homebrew/Library/Homebrew/formula_installer.rb:719:in build' from /usr/local/Homebrew/Library/Homebrew/formula_installer.rb:311:ininstall’
from /usr/local/Homebrew/Library/Homebrew/cmd/reinstall.rb:54:in reinstall_formula' from /usr/local/Homebrew/Library/Homebrew/cmd/reinstall.rb:25:inblock in reinstall’
from /usr/local/Homebrew/Library/Homebrew/cmd/reinstall.rb:19:in each' from /usr/local/Homebrew/Library/Homebrew/cmd/reinstall.rb:19:inreinstall’
from /usr/local/Homebrew/Library/Homebrew/brew.rb:89:in `’

READ THIS: https://docs.brew.sh/Troubleshooting

These open issues may also help:
httpd-2.4.34 failed to build on 10.13.6 due to missing suexec https://github.com/Homebrew/homebrew-core/issues/30884

I think I’m getting somewhere… any thoughts are welcome…


(Cardcc) #6

Update:
tried editing “brew edit apr-util” and added “–with-openldap” .
Next reinstalled: “brew reinstall -s apr-util” > no compiling errors…

But still when: “brew reinstalled -s httpd” with the lines above, same error occurs…


(Sean Molenaar) #7

Aren’t apr and apr-util different formula? (Haven’t used httpd in a while)


(Cardcc) #8

Yes, they are. Tried reinstalling both.
After some searching, only on apr-util I saw something that could be of meaning, which was adding “–with-openldap” to the formula

But still, same result…

Tried “brew edit http” and adding
“–with-included-apr”

and got some compiling errors…


(Sean Molenaar) #9

I think we might be stumbling onto the reason for the lack of LDAP support here :sweat_smile:.


(Jacob Ledbetter) #10

Gotta love apache add-ons


(Kevin Abel) #11

The ability to build apr-util, the dependency httpd uses for determining various extension support, with openldap was removed at https://github.com/Homebrew/homebrew-core/commit/19d06d96abf19a16c5a1b154f4ff5f59ad4c3742. The only way to get httpd to build with LDAP support now would be to edit the formula to build and use a custom version of apr-util with the openldap dependency.

Before that change, it was possible for httpd to be --build-from-source and it would opportunistically pick up apr-util --with-openldap.