Solved: httpd[]: Unknown Authn provider: ldap in Linux.

In this post, we will see an interesting article to know how to link LDAP authentication in http/apache webserver.

While linking, if you see an error like below, it means there are HTTP modules not available on your system for this purpose.

I. Error Message

[root@ngelinux001 ~]# service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2022-07-11 17:09:43 IST; 5min ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 35285 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 35283 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 35283 (code=exited, status=1/FAILURE)

Jul 11 17:09:43 ngelinux001 systemd[1]: Starting The Apache HTTP Server...
Jul 11 17:09:43 ngelinux001 httpd[35283]: AH00526: Syntax error on line 431 of /etc/httpd/conf/httpd.conf:
Jul 11 17:09:43 ngelinux001 httpd[35283]: Unknown Authn provider: ldap
Jul 11 17:09:43 ngelinux001 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jul 11 17:09:43 ngelinux001 kill[35285]: kill: cannot find process ""
Jul 11 17:09:43 ngelinux001 systemd[1]: httpd.service: control process exited, code=exited status=1
Jul 11 17:09:43 ngelinux001 systemd[1]: Failed to start The Apache HTTP Server.
Jul 11 17:09:43 ngelinux001 systemd[1]: Unit httpd.service entered failed state.
Jul 11 17:09:43 ngelinux001 systemd[1]: httpd.service failed.
Jul 11 17:14:35 ngelinux001 systemd[1]: Unit httpd.service cannot be reloaded because it is inactive.

[root@ngelinux001 ~]# service httpd restart
Redirecting to /bin/systemctl restart httpd.service
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

Jul 11 16:46:04 ngelinux001 httpd[31846]: AH00526: Syntax error on line 431 of /etc/httpd/conf/httpd.conf:
Jul 11 16:46:04 ngelinux001 httpd[31846]: Unknown Authn provider: ldap

 

II. Solution
Lets see if we have http ldap modules installed or not.

[root@ngelinux001 tmp]# rpm -qa | grep -i http
rubygem-net-http-persistent-2.8-5.el7.noarch
perl-HTTP-Daemon-6.01-5.el7.noarch
httpd-devel-2.4.6-67.el7.x86_64
perl-HTTP-Cookies-6.01-5.el7.noarch
perl-LWP-Protocol-https-6.04-4.el7.noarch
httpd-tools-2.4.6-67.el7.x86_64
perl-HTTP-Negotiate-6.01-5.el7.noarch
perl-HTTP-Tiny-0.033-3.el7.noarch
perl-HTTP-Message-6.06-6.el7.noarch
httpd-2.4.6-67.el7.x86_64
perl-Net-HTTP-6.06-2.el7.noarch
httpd-manual-2.4.6-67.el7.noarch
perl-HTTP-Date-6.02-8.el7.noarch
[root@ngelinux001 tmp]# 

As we can see the mod_ldap module is not installed, lets download it from redhat/centos support and install it now.

[root@ngelinux001 tmp]# yum install ./mod_ldap-2.4.6-67.el7.x86_64.rpm ./apr-util-ldap-1.5.2-6.el7.x86_64.rpm
Loaded plugins: aliases, changelog, kabi, langpacks, product-id, search-
              : disabled-repos, subscription-manager, tmprepo, verify,
              : versionlock
This system is not registered with an entitlement server. You can use subscription-manager to register.
Loading support for Red Hat kernel ABI
Examining ./mod_ldap-2.4.6-67.el7.x86_64.rpm: mod_ldap-2.4.6-67.el7.x86_64
Marking ./mod_ldap-2.4.6-67.el7.x86_64.rpm to be installed
Examining ./apr-util-ldap-1.5.2-6.el7.x86_64.rpm: apr-util-ldap-1.5.2-6.el7.x86_64
Marking ./apr-util-ldap-1.5.2-6.el7.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package apr-util-ldap.x86_64 0:1.5.2-6.el7 will be installed
---> Package mod_ldap.x86_64 0:2.4.6-67.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package        Arch    Version        Repository                          Size
================================================================================
Installing:
 apr-util-ldap  x86_64  1.5.2-6.el7    /apr-util-ldap-1.5.2-6.el7.x86_64   11 k
 mod_ldap       x86_64  2.4.6-67.el7   /mod_ldap-2.4.6-67.el7.x86_64      127 k

Transaction Summary
================================================================================
Install  2 Packages

Total size: 138 k
Installed size: 138 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Installing : apr-util-ldap-1.5.2-6.el7.x86_64                             1/2
  Installing : mod_ldap-2.4.6-67.el7.x86_64                                 2/2
  Verifying  : mod_ldap-2.4.6-67.el7.x86_64                                 1/2
  Verifying  : apr-util-ldap-1.5.2-6.el7.x86_64                             2/2

Installed:
  apr-util-ldap.x86_64 0:1.5.2-6.el7       mod_ldap.x86_64 0:2.4.6-67.el7

Complete!
[root@ngelinux001 tmp]#

 

Now configure your HTTP/Apache server with ldap authentication like below.

Options FollowSymLinks
        AllowOverride All
        order allow,deny
        Allow from all
        AuthType Basic
        AuthName "UNIX Login for Perf Server"
        AuthBasicProvider ldap
        AuthLDAPURL ldap://ldapserver.ngelinux.com:389/o=ngelinux.com
       # AuthzLDAPAuthoritative off
        require valid-user

Now the authentication should work fine. You may need to set Allow from all in http options in case its throwing error.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments