The Apache 2 httpd source code offers these two appealing options, “--with-ldap” and “--enable-authnz-ldap“. You may have used them, as I, because you’d like to be able to use htauth to authenticate against your LDAP directory. When you compile the source, however, you probably run into this:
mod_authnz_ldap.c:40:2: #error mod_authnz_ldap requires APR-util to have
LDAP support built in. To fix add --with-ldap to ./configure.
mod_authnz_ldap.c:62: error: parse error before "deref_options"
mod_authnz_ldap.c:62: warning: no semicolon at end of struct or union
mod_authnz_ldap.c:76: error: parse error before '}' token
mod_authnz_ldap.c:76: warning: data definition has no type or storage
class
mod_authnz_ldap.c:92: error: parse error before '*' token
mod_authnz_ldap.c:92: warning: data definition has no type or storage
class
mod_authnz_ldap.c:93: error: parse error before '*' token
...
I’ve run into this on both Apache 2.0 and 2.2, on Linux, Solaris and FreeBSD. When this first happened, back when Apache2 first came out, I thought, fine, the code is young, and its a bug to be worked out. But here we are at version 2.2.3, and the problem is still around. The advice printed in the error: “To fix add –with-ldap to ./configure” makes it even more frustrating, because of course, you did have that switch in configure.
The work-around is to build APR & APR-util, which is part of the Apache2 httpd source code, before the rest of it, then re-make httpd. It’s fairly straightforward. Configure httpd as you’d like it and run make. When the build bombs out, as above, do this:
cd srclib/apr
make clean
./configure --prefix=/usr/local/apache2 --enable-threads \
--enable-other-child
make
(... compile ... compile ... compile ...)
cd ../apr-util
make clean
./configure --prefix=/usr/local/apache2 --with-apr=../apr \
--with-ldap-lib=/usr/lib --with-ldap-include=/usr/include \
--with-ldap=ldap
make
(... compile ... compile ... compile ...)
cd ../..
make
Adjusting, of course, for your directory and option preferences. I had one instance compiling apache 2.0.58 on solaris 2.9, where the build failed a second time, after the above. Changing back into the apr directory and re-configuring and re-making, then back to the root httpd source dir and re-making, fixed it.
It would be nice if the Apache team could create a Makefile that compiled apr and apr-util in the correct order so that this wouldn’t be necessary!
Vincent on December 18th, 2006 @ 15:16
Don’t suppose you have any knowledge as to what might have caused that “hiccough” that you experienced when dealing with version 2.0.5.8 where you had to do a reconfigure/remake?
I’ve been trying to get this authz_ldap module to compile on both 2.2.3 and 2.2 with no success whatsoever, even applying your great steps.
Brent Kearney on December 18th, 2006 @ 19:34
I believe it is because apr and apr-util don’t get compiled with the –with-ldap option, even when you add it to the top-level apache configure script. A Makefile error is my guess.
Did you run ‘make clean’ in the srclib/apr and apr-util subdirectories before running ./configure and make in those dirs? Where in the build process are you encountering problems, and what is the compile-time error?
David Alston on July 2nd, 2008 @ 08:54
the problem seems to persist through apache 2.2.9 on Solaris.. the solution above works fine with only one correction…
instead of the “–with-ldap” you have to use “–enable-ldap” option. The former is apparrently depricated (though the source code comments suggest using the old argument)
links for 2008-07-20 « /home/servrrockr on July 20th, 2008 @ 17:30
[...] Building LDAP Authentication into Apache2 | brent.kearneys.ca (tags: apache howto ldap) « links for 2008-07-14 [...]
TC on March 9th, 2009 @ 16:35
I ran these steps:
cd ../apr-util
make clean
./configure –prefix=/usr/local/apache2 –with-apr=../apr \
–with-ldap-lib=/usr/lib –with-ldap-include=/usr/include \
–with-ldap=ldap
make
I got no error in the configure; however, make return
In file included from ldap/apr_ldap_stub.c:20:
/work/run4/httpd-2.2.11/srclib/apr-util/include/apr_ldap.h:132:2: #error Support for LDAP v2.0 toolkits has been removed from apr-util. Please use an LDAP v3.0 toolkit.
In file included from /work/run4/httpd-2.2.11/srclib/apr-util/include/apr_ldap.h:187,
from ldap/apr_ldap_stub.c:20:
/work/run4/httpd-2.2.11/srclib/apr-util/include/apr_ldap_init.h:141: error: parse error before “LDAP”
In file included from /work/run4/httpd-2.2.11/srclib/apr-util/include/apr_ldap.h:188,
from ldap/apr_ldap_stub.c:20:
/work/run4/httpd-2.2.11/srclib/apr-util/include/apr_ldap_option.h:219: error: parse error before “LDAP”
/work/run4/httpd-2.2.11/srclib/apr-util/include/apr_ldap_option.h:241: error: parse error before “LDAP”
In file included from /work/run4/httpd-2.2.11/srclib/apr-util/include/apr_ldap.h:189,
from ldap/apr_ldap_stub.c:20:
/work/run4/httpd-2.2.11/srclib/apr-util/include/apr_ldap_rebind.h:67: error: parse error before “LDAP”
/work/run4/httpd-2.2.11/srclib/apr-util/include/apr_ldap_rebind.h:82: error: parse error before ‘*’ token
In file included from ldap/apr_ldap_stub.c:21:
/work/run4/httpd-2.2.11/srclib/apr-util/include/private/apu_internal.h:49: error: parse error before “LDAP”
/work/run4/httpd-2.2.11/srclib/apr-util/include/private/apu_internal.h:54: error: parse error before “LDAP”
/work/run4/httpd-2.2.11/srclib/apr-util/include/private/apu_internal.h:56: error: parse error before “LDAP”
/work/run4/httpd-2.2.11/srclib/apr-util/include/private/apu_internal.h:59: error: parse error before “LDAP”
/work/run4/httpd-2.2.11/srclib/apr-util/include/private/apu_internal.h:61: error: parse error before ‘*’ token
ldap/apr_ldap_stub.c:76: error: parse error before “LDAP”
ldap/apr_ldap_stub.c: In function `apr_ldap_init’:
ldap/apr_ldap_stub.c:82: error: `pool’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:82: error: (Each undeclared identifier is reported only once
ldap/apr_ldap_stub.c:82: error: for each function it appears in.)
ldap/apr_ldap_stub.c:83: error: `ldap’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:83: error: `hostname’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:83: error: `portno’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:83: error: `secure’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:83: error: `result_err’ undeclared (first use in this function)
ldap/apr_ldap_stub.c: At top level:
ldap/apr_ldap_stub.c:103: error: parse error before “LDAP”
ldap/apr_ldap_stub.c: In function `apr_ldap_get_option’:
ldap/apr_ldap_stub.c:108: error: `pool’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:109: error: `ldap’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:109: error: `option’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:109: error: `outvalue’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:109: error: `result_err’ undeclared (first use in this function)
ldap/apr_ldap_stub.c: At top level:
ldap/apr_ldap_stub.c:113: error: parse error before “LDAP”
ldap/apr_ldap_stub.c: In function `apr_ldap_set_option’:
ldap/apr_ldap_stub.c:118: error: `pool’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:119: error: `ldap’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:119: error: `option’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:119: error: `invalue’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:119: error: `result_err’ undeclared (first use in this function)
ldap/apr_ldap_stub.c: At top level:
ldap/apr_ldap_stub.c:129: error: parse error before “LDAP”
ldap/apr_ldap_stub.c: In function `apr_ldap_rebind_add’:
ldap/apr_ldap_stub.c:133: error: `pool’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:134: error: `ld’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:134: error: `bindDN’ undeclared (first use in this function)
ldap/apr_ldap_stub.c:134: error: `bindPW’ undeclared (first use in this function)
ldap/apr_ldap_stub.c: At top level:
ldap/apr_ldap_stub.c:137: error: parse error before ‘*’ token
ldap/apr_ldap_stub.c: In function `apr_ldap_rebind_remove’:
ldap/apr_ldap_stub.c:141: error: `ld’ undeclared (first use in this function)
make: 1254-004 The error code from the last command is 1.
Stop.
make: 1254-004 The error code from the last command is 1.
Stop.
How to get rid of these errors?
Brent on March 9th, 2009 @ 17:16
I’d say that this is your main problem:
/work/run4/httpd-2.2.11/srclib/apr-util/include/apr_ldap.h:132:2: #error Support for LDAP v2.0 toolkits has been removed from apr-util. Please use an LDAP v3.0 toolkit.
It appears that you have some old LDAP libraries installed…
D69 on April 16th, 2009 @ 09:39
it’s not clear where to find LDAP toolkit 3.0.
The latest available from OpenLdap is 2.4
Apache 2.2.11 fails with it!
Brent on April 16th, 2009 @ 09:51
I’m pretty sure that the error message refers to the protocol “LDAP”, version 3. Not a particular implementation of the protocol, such as OpenLDAP. If you are using OpenLDAP, then it supports LDAPv3.
If you are getting the same message after OpenLDAP is installed, “Support for LDAP v2.0…”, then you probably have some old libraries on your system, and it’s using those instead of the new ones from OpenLDAP.
I just noticed in your original post that this is happening in the apr-util folder. Did you build ‘apr’ first, as per the article? It compiled cleanly?
Abidoon Nadeem on June 6th, 2009 @ 19:54
There is a configuration difference for Apache 2.2.11 on CentOS 5.2
./configure –enable-deflate –enable-mime-magic –enable-expires –enable-usertrack –enable-unique-id –enable-ssl –enable-http –enable-mod-info –enable-info –enable-cgi –enable-cgid –enable-spelling –enable-module=all –enable-ldap –enable-authnz-ldap –with-ldap –with-included-apr
The “–with-included-apr” and “–with-ldap” are necessary otherwise it won’t compile and keeps giving the same error.
Chris Grieger on August 21st, 2009 @ 03:14
Using the switch -enable-ldap instead of –with-ldap did the job for me. (apache httpd 2.2.13 on openSuse 10.3)
Steve on March 12th, 2010 @ 21:55
I was getting the same problem with Apache 2.2.15 trying to configure with just the main configure script. The trick that worked for me for was to combine all the above into one step, for my setup I ran the following command in the top level apache folder:
./configure –prefix=/usr/local/apache –enable-rewrite –enable-so –enable-authnz-ldap –enable-ldap –with-included-apr –with-ldap-lib=/usr/local/openldap/lib –with-ldap-include=/usr/local/openldap/include –with-ldap=ldap
Obviously paths need to be changed, but by using the –with-ldap-lib and –with-ldap-include in the top level configure script, everything went smoothly without having to do these extra steps. Hope it helps someone else!
Igor on June 6th, 2010 @ 19:52
After try and fail this is the config command that finally worked for me on Solaris 10
./configure –prefix=/usr/local/apache2 –with-mpm=worker –with-included-apr …(some other options)… –with-ldap=ldap –with-ldap-lib=/usr/lib –with-ldap-include=/usr/include –enable-ldap –enable-authnz-ldap
Cheers,
Igor
Mamoru on July 9th, 2010 @ 03:28
I made it all at FreeBSD 7.2, apache 2.2.15
Well done. but one little fix.
Need to remove include of APR from the build/config-vars.mk (line 180)
and add includes (-I) for srclib/apr/include and srclib/apr-util/include
Voltaire Germinal on April 4th, 2011 @ 20:34
For the benefit of others who wants to install Apache with LDAP support here’s a working configuration setup that I have. Using CentOS5.5 but should also work with other flavors of Unix.
1. Install OpenLDAP from source (openldap-2.4.25.tgz)
./configure –prefix=/usr/local/openldap
–enable-cleartext \
–enable-crypt \
–enable-lmpasswd \
–enable-spasswd \
–enable-modules \
–enable-rewrite \
–enable-rlookups \
–enable-slapi \
–enable-slp \
–enable-wrappers \
–enable-ldap \
–enable-monitor \
–enable-null \
–enable-passwd \
–enable-perl \
–enable-relay \
–enable-shell \
–enable-sock
make
make install
2. Install apache from source (httpd-2.2.17.tar.gz)
./configure –prefix=/usr/local/apache \
–enable-mods-shared=all \
–enable-so \
–enable-ldap \
–enable-authnz-ldap \
–with-included-apr \
–with-ldap-lib=/usr/local/openldap/lib \
–with-ldap-include=/usr/local/openldap/include \
–with-ldap=ldap
Brent on April 4th, 2011 @ 23:22
Thanks for the comment! It looks like the Apache team have finally fixed up the build of the ldap module. That only took 5 years ;-).