Solved: httpd[]: Unknown Authn provider: ldap in Linux.
In this post, we will see an interesting article to know how to link LDAP authentication in http/apache webserver.
While linking, if you see an error like below, it means there are HTTP modules not available on your system for this purpose.
I. Error Message
[root@ngelinux001 ~]# service httpd status Redirecting to /bin/systemctl status httpd.service ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2022-07-11 17:09:43 IST; 5min ago Docs: man:httpd(8) man:apachectl(8) Process: 35285 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE) Process: 35283 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Main PID: 35283 (code=exited, status=1/FAILURE) Jul 11 17:09:43 ngelinux001 systemd[1]: Starting The Apache HTTP Server... Jul 11 17:09:43 ngelinux001 httpd[35283]: AH00526: Syntax error on line 431 of /etc/httpd/conf/httpd.conf: Jul 11 17:09:43 ngelinux001 httpd[35283]: Unknown Authn provider: ldap Jul 11 17:09:43 ngelinux001 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE Jul 11 17:09:43 ngelinux001 kill[35285]: kill: cannot find process "" Jul 11 17:09:43 ngelinux001 systemd[1]: httpd.service: control process exited, code=exited status=1 Jul 11 17:09:43 ngelinux001 systemd[1]: Failed to start The Apache HTTP Server. Jul 11 17:09:43 ngelinux001 systemd[1]: Unit httpd.service entered failed state. Jul 11 17:09:43 ngelinux001 systemd[1]: httpd.service failed. Jul 11 17:14:35 ngelinux001 systemd[1]: Unit httpd.service cannot be reloaded because it is inactive. [root@ngelinux001 ~]# service httpd restart Redirecting to /bin/systemctl restart httpd.service Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details. Jul 11 16:46:04 ngelinux001 httpd[31846]: AH00526: Syntax error on line 431 of /etc/httpd/conf/httpd.conf: Jul 11 16:46:04 ngelinux001 httpd[31846]: Unknown Authn provider: ldap
II. Solution
Lets see if we have http ldap modules installed or not.
[root@ngelinux001 tmp]# rpm -qa | grep -i http rubygem-net-http-persistent-2.8-5.el7.noarch perl-HTTP-Daemon-6.01-5.el7.noarch httpd-devel-2.4.6-67.el7.x86_64 perl-HTTP-Cookies-6.01-5.el7.noarch perl-LWP-Protocol-https-6.04-4.el7.noarch httpd-tools-2.4.6-67.el7.x86_64 perl-HTTP-Negotiate-6.01-5.el7.noarch perl-HTTP-Tiny-0.033-3.el7.noarch perl-HTTP-Message-6.06-6.el7.noarch httpd-2.4.6-67.el7.x86_64 perl-Net-HTTP-6.06-2.el7.noarch httpd-manual-2.4.6-67.el7.noarch perl-HTTP-Date-6.02-8.el7.noarch [root@ngelinux001 tmp]#
As we can see the mod_ldap module is not installed, lets download it from redhat/centos support and install it now.
[root@ngelinux001 tmp]# yum install ./mod_ldap-2.4.6-67.el7.x86_64.rpm ./apr-util-ldap-1.5.2-6.el7.x86_64.rpm Loaded plugins: aliases, changelog, kabi, langpacks, product-id, search- : disabled-repos, subscription-manager, tmprepo, verify, : versionlock This system is not registered with an entitlement server. You can use subscription-manager to register. Loading support for Red Hat kernel ABI Examining ./mod_ldap-2.4.6-67.el7.x86_64.rpm: mod_ldap-2.4.6-67.el7.x86_64 Marking ./mod_ldap-2.4.6-67.el7.x86_64.rpm to be installed Examining ./apr-util-ldap-1.5.2-6.el7.x86_64.rpm: apr-util-ldap-1.5.2-6.el7.x86_64 Marking ./apr-util-ldap-1.5.2-6.el7.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package apr-util-ldap.x86_64 0:1.5.2-6.el7 will be installed ---> Package mod_ldap.x86_64 0:2.4.6-67.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: apr-util-ldap x86_64 1.5.2-6.el7 /apr-util-ldap-1.5.2-6.el7.x86_64 11 k mod_ldap x86_64 2.4.6-67.el7 /mod_ldap-2.4.6-67.el7.x86_64 127 k Transaction Summary ================================================================================ Install 2 Packages Total size: 138 k Installed size: 138 k Is this ok [y/d/N]: y Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Warning: RPMDB altered outside of yum. Installing : apr-util-ldap-1.5.2-6.el7.x86_64 1/2 Installing : mod_ldap-2.4.6-67.el7.x86_64 2/2 Verifying : mod_ldap-2.4.6-67.el7.x86_64 1/2 Verifying : apr-util-ldap-1.5.2-6.el7.x86_64 2/2 Installed: apr-util-ldap.x86_64 0:1.5.2-6.el7 mod_ldap.x86_64 0:2.4.6-67.el7 Complete! [root@ngelinux001 tmp]#
Now configure your HTTP/Apache server with ldap authentication like below.
Options FollowSymLinks AllowOverride All order allow,deny Allow from all AuthType Basic AuthName "UNIX Login for Perf Server" AuthBasicProvider ldap AuthLDAPURL ldap://ldapserver.ngelinux.com:389/o=ngelinux.com # AuthzLDAPAuthoritative off require valid-user
Now the authentication should work fine. You may need to set Allow from all in http options in case its throwing error.