1. Introduction


In the old days (around the year 2000), SUN Solaris was the major commercial UNIX operating system powering web servers around the world. Although Solaris had a strong package management, many open source packages needed to be compiled from scratch. More complex open source software, such as the Apache webserver could be enhanced with functions and modules from code outside the core project. These external libraries and packages often differed in packing and distribution format, depending on the environment of the authors. As a result, manual compilation and setup was a often executed necessity which required tracing of dependencies and recipies for building and setup. Below is such a recipe for building the Apache web server version 1.3 with external modules for enabling SSL encryption, LDAP and Radius authentication.

The filesystem destination for Apache is planned to be /opt/apache.

2. get the all the required following packages


3. Run configure and make on external required packages


  1. mm-1.1.3
  2. openssl-0.9.6a
  3. openldap-2.0.18
/tmp/mm-1.1.3: ./configure --prefix=/opt/mm-1.1.3 --disable-shared; make

/tmp/openssl-0.9.6a: ./config -fPIC --prefix=/opt/openssl-0.9.6a; make

/tmp/openldap-2.0.18: ./configure --prefix=/opt/openldap-2.0.18 \
                                  --disable-slapd --disable-slurpd \
                                  --disable-ldbm; make depend; make

4. put the modules in place, configure the SSL package


cd /tmp/apache_1.3.22/src/modules; tar xvf mod_auth_ldap-0.5.1.tar
cd /tmp/apache_1.3.22/src/modules; tar xvf mod_auth_radius.tar
cd mod_auth_ldap; ./configure --prefix=/opt/apache

cd /tmp/mod_ssl-2.8.5-1.3.22
./configure --with-apache=../apache_1.3.22

5. Compile and install Apache


setenv SSL_BASE ../openssl-0.9.6a
setenv EAPI_MM ../mm-1.1.3
setenv LIBS -L/tmp/openldap-2.0.18/libraries
setenv INCLUDES -I/tmp/openldap-2.0.18/include

cd /tmp/apache_1.3.22
./configure --enable-module=ssl --prefix=/opt/apache \
            --activate-module=src/modules/mod_auth_ldap/mod_auth_ldap.c \
            --add-module=src/modules/mod_auth_radius.c \
            --enable-module=most

make
make certificate
make install

6. Configure Apache and start it


cd /opt/apachehtdocs; make ldaptest
cd /opt/apache/conf

To configure LDAP authentication, please see the example below:

<Location "/ldaptest">
AuthName "very confidential ldap user group"
AuthType Basic
AuthLDAPHosts "ldapserver f30ws4:389"
AuthLDAPBindDN "cn=root,dc=fab30"
AuthLDAPBindPassword xxxxxxxx
AuthLDAPBaseDN "ou=People,dc=fab30"
AuthLDAPSearchScope onelevel
AuthLDAPUserKey uid
AuthLDAPPassKey userpassword
#AuthLDAPCryptPasswords off
AuthLDAPSchemePrefix on
# AuthLDAPGroupKey People
<Limit GET POST>
require user frank4dd user2 user3
</Limit>
</Location>

To configure Radius authentication, please see the example below:

# load radius module
LoadModule radius_auth_module   libexec/mod_auth_radius.so
# just AFTER 'AddModule mod_auth.c add the module 'mod_auth_radius.c'
AddModule mod_auth_radius.c
<IfModule mod_auth_radius.c>
# AddRadiusAuth server[:port] shared-secret [ timeout ]
AddRadiusAuth localhost:1645 testing123 5

<Location "/radiustest">
AuthType Basic
AuthName "RADIUS authentication for localhost"
AuthAuthoritative off
AuthRadiusAuthoritative on
AuthRadiusCookieValid 5
AuthRadiusActive On
require valid-user
</Location>

We can now start apache with /opt/apache/bin/apachectl startssl.

Compiling Apache from the ground up is not necessary anymore. Most Linux and commercial UNIX distributions now provide pre-compiled packages that include all but the most exotic plugins. Apache also has a plugin compiler that can be used to add modules at a later time without re-compiling everything from scratch.

Topics:

Related Links: