Documentation for Crowd 2.7. Documentation for earlier versions of Crowd is available too.

Skip to end of metadata
Go to start of metadata

The following instructions have been tested on Red Hat Enterprise Linux 6 Server. Other platforms may require variations to this procedure.

Procedure

  1. Open a terminal on the system, change to a suitable working directory, and enter the following command:

  2. Enter the root password when prompted.
  3. Enter the following commands:

  4. Enter the root password when prompted.
  5. Everything you need should now be installed and Apache should restart. If Apache fails to start, check the /var/log/httpd/error_log file.

Now that the software is installed, the next step is to configure Apache authentication.

36 Comments

  1. On Ubuntu 10.4 x64

    • apt-get install apache2-threaded-dev libsvn-dev libcurl4-gnutls-dev libxml2-dev
    • ln -s /usr/include/apache2 /usr/include/httpd (httpd.h)
    • ln -s /usr/lib/apache2/ /usr/lib64/httpd (mod_dav.so)
    • ln -s /etc/apache2/ /etc/httpd/conf (httpd.conf)
    • ln -s /usr/bin/apxs2 /usr/sbin/apxs (apxs)
    • ln -s /usr/sbin/apache2ctl /usr/sbin/apachectl (apachectl)

    But ends in segfault :(

    1. Hi TimmJD,

      Thanks for letting us know about this.

      I'm currently investigating the segfault. You can track progress here.

      Regards,
      Adrian Hempel
      Senior Developer, Integration
      ATLASSIAN

    2. I've reproduced this problem on 32 and 64-bit versions of Ubuntu 10.04, and I've also reproduced it on Ubuntu 10.10.

      Until we can fix this, Ubuntu users can continue to use version 1.3 of the connector with Crowd 2.1.

      Apologies for any inconvenience caused.

  2. Will there be Mac OS X instructions / binaries anytime soon?

    1. Hi Doug,

      We have no immediate plans to provide Mac OS X binaries, but I've created an issue to track this request. You might like to vote for it and watch it.

      The instructions above have been used to build the connector on Mac OS X, with the exception that MacPorts was used instead of yum.

  3. Anonymous

    We are waiting for the Ubuntu fix.  When will these be available?

  4. Anonymous

    The package libcurl-devel is not available in RHEL 5.4. I used curl-devel instead...

    1. Anonymous

  5. I got it to compile for FreeBSD. The big issue was that file paths were hardcoded. I do not understand the concept of using autoconf but hard-coding file paths in there. Anyway, here's the process:

    • Edit the configure.ac file and change the hardcoded paths in there to relative paths (let autoconf do the work of finding the paths to the files being searched for)
    • Add various library paths (LDFLAGS . I had to add /usr/local/lib)
    • do the autoreconf --install
    • do the ./configure
    • Make sure you install the FreeBSD ports which correspond to the RH RPMs (curl, etc)
    • It appears to work but I have to upgrade Crowd before I will know if it works :-)
  6. Anonymous

    Hi,
    I was able to install Crowd Apache connector 2.0.2 on MacOS X Snow Leopard and integrate it with SVN with following steps:
    1. Install XCode 3.2.6 (free from Apple site if you register)
    2. Install Macports 1.9.2 from http://www.macports.org/
    3. Download mod_authnz_crowd-2.0.2.tar.gz from  https://studio.plugins.atlassian.com/svn/CWDAPACHE/tags/2.0.2/
    untar the file and execute following:
    autoreconf --install
    ./configure
    make
    su "make install"
    Here are steps for svn authorization via crowd :
    1. Create /etc/apache2/httpd-subversion.conf and put following text:
    <Location /svn>
      DAV svn
      SVNParentPath /var/svn/
      AuthName "Authorization via Crowd"
      AuthType Basic
      PerlAuthenHandler Apache::CrowdAuth
      PerlSetVar CrowdAppName svn
      PerlSetVar CrowdAppPassword PUT_YOUR_SVN_CROWD_APP_PASS_HERE
      PerlSetVar CrowdSOAPURL https://XXX.XXX.XXX.XXX:8443/crowd/services/SecurityServer
      PerlSetVar CrowdCacheEnabled on
      PerlSetVar CrowdCacheLocation /tmp/CrowdAuth
      PerlSetVar CrowdCacheExpiry 300
      Require valid-user
    </Location>  
    If you have repo /var/svn/reponame you shall access it via:http://host/svn/reponame
    You must add svn application in crowd and to have valid CrowdSOAPURL. In this example this is:https://XXX.XXX.XXX.XXX:8443/crowd/services/SecurityServer
    2. Turn off WebDav from servers administration panel
    3. Include perl mode in /etc/apache2/httpd.conf:
    LoadModule perl_module     libexec/apache2/mod_perl.so 
    4. Download and install following perl modules from http://search.cpan.org/:
    Error-0.17016.tar.gz
    IPC-ShareLite-0.17.tar.gz
    Class-Inspector-1.25.tar.gz
    Task-Weaken-1.04.tar.gz
    SOAP-Lite-0.712.tar.gz
    Cache-Cache-1.02.tar.gz
    Note : install modules in this order because of dependency.
    Common steps for installations are:
    perl Makefile.PL
    make (In this step check for warning for missing modules. You must install them)
    make test (If tests are failed check for warnings in make step)
    sudo make install
    5. Download CrownAuth.pm from:https://jira.atlassian.com/secure/attachmentzip/unzip/51901/20859%5B6%5D/Apache-CrowdAuth-0.04/lib/Apache/CrowdAuth.pm
    and copy into /System/Library/Perl/USED_PERL_VERSION/Apache
    6. Set permissions in svn repo as root:
    chown www /var/svn/reponame/
    chmod -R go-rwx /var/svn/reponame/
    7. Restart apache:
    sudo /usr/sbin/apachectl restart
    Enjoy!
    Hi,

    I was able to install Crowd Apache connector 2.0.2 on MacOS X Snow Leopard and integrate it with SVN with following steps:

    1. Install XCode 3.2.6 (free from Apple site if you register)

    2. Install Macports 1.9.2 from http://www.macports.org/

    3. Download mod_authnz_crowd-2.0.2.tar.gz from  https://studio.plugins.atlassian.com/svn/CWDAPACHE/tags/2.0.2/

    untar the file and execute following:

    autoreconf --install

    ./configure

    make

    su "make install"

    Here are steps for svn authorization via crowd :

    1. Create /etc/apache2/httpd-subversion.conf and put following text:

    <Location /svn>

      DAV svn

      SVNParentPath /var/svn/

      AuthName "Authorization via Crowd"

      AuthType Basic

      PerlAuthenHandler Apache::CrowdAuth

      PerlSetVar CrowdAppName svn

      PerlSetVar CrowdAppPassword PUT_YOUR_SVN_CROWD_APP_PASS_HERE

      PerlSetVar CrowdSOAPURL https://XXX.XXX.XXX.XXX:8443/crowd/services/SecurityServer

      PerlSetVar CrowdCacheEnabled on

      PerlSetVar CrowdCacheLocation /tmp/CrowdAuth

      PerlSetVar CrowdCacheExpiry 300

      Require valid-user

    </Location>  

    If you have repo /var/svn/reponame you shall access it via:

    http://host/svn/reponame

    You must add svn application in crowd and to have valid CrowdSOAPURL. In this example this is:

    https://XXX.XXX.XXX.XXX:8443/crowd/services/SecurityServer

    2. Turn off WebDav from servers administration panel

    3. Include perl mode in /etc/apache2/httpd.conf:

    LoadModule perl_module     libexec/apache2/mod_perl.so 

    4. Download and install following perl modules from http://search.cpan.org/:

    Error-0.17016.tar.gz

    IPC-ShareLite-0.17.tar.gz

    Class-Inspector-1.25.tar.gz

    Task-Weaken-1.04.tar.gz

    SOAP-Lite-0.712.tar.gz

    Cache-Cache-1.02.tar.gz

    Note : install modules in this order because of dependency.

    Common steps for installations are:

    perl Makefile.PL

    make (In this step check for warning for missing modules. You must install them)

    make test (If tests are failed check for warnings in make step)

    sudo make install

    5. Download CrownAuth.pm from:

    https://jira.atlassian.com/secure/attachmentzip/unzip/51901/20859%5B6%5D/Apache-CrowdAuth-0.04/lib/Apache/CrowdAuth.pm

    and copy into /System/Library/Perl/USED_PERL_VERSION/Apache

    6. Set permissions in svn repo as root:

    chown www /var/svn/reponame/

    chmod -R go-rwx /var/svn/reponame/

    7. Restart apache:

    sudo /usr/sbin/apachectl restart

    Enjoy!

  7. I was able to compile and install the module to opensuse 11.3:

    

    Kari

  8. Heya guys, after much banging my head against a brick wall I managed to get this compiled and installed on a cPanel server running CentOS, in theory this same procedure should work for any cPanel server.

    http://technicalnotebook.com/wiki/display/home/Compile+Atlassian%27s+Crowd+authenticator+on+CentOS+server+with+cPanel

    I have also logged a couple of support tickets in regards to improvements to the ./configure script as it has some incompatibilities that needed creative workarounds.

    Stuart

  9. Compiled and running on Solaris 5.10 (Generic_142901-03 i86pc i386 i86pc) using gcc 3.4.3

    but after spending half a day making it compile and doing some ugly things:

    1. edited configure.in (similar to what Viren Shah suggested) - for example:

      I replaced all the default hardcoded paths with the hardcoded paths that are correct for our environment. It would be better to let autoconf find everything like Viren suggested, but I didn't know how to do it (first time I edited a configure.in file..)

    2. Adding more hardcoded, our-server-specific paths to CFLAGS and LD_LIBRARY_PATH (can't remember if this was 100% necesary anymore, but i think it was to make apr incompatibiliy error messages go away - configure: error: apr_pool_pre_cleanup_register was not found in libapr-1)

    3. Solved the #error "Use of <stdbool.h> is valid only in a c99 compilation environment." problem:
      Trying to make this error go away by using all sorts of CFLAGS (-xc99=all , -std=gnu99, -std=cc99) and/or trying to use Sun Studio compiler all didn't work.

      What did work was - copy my system's stdbool.h to mod_authnz_crowd-2.0.2/src/stdbool.h and modified it by removing the macro checks that were throwing the error, so it looks like this:


      and edited mod_authnz_crowd.c to use the local stdbool.h file

    4. For some reason compiler couldn't find curl/curl.h (despite -I/opt/gsb/include CFLAGS ..)  so I edited crowd_client.c as well:

    After running make, make install i copied httpd and subversion installations from our build server to our new svn server and tested it - it worked (i created a test repos, and it was indeed honoring the group memberships defined in our Atlassian Crowd instance).

    For sure not a pretty solution but I think we have it working now.

  10. Hi,

    Any plan to release a version compatible with/compilable against subversion 1.7.x ?

    Thx

    1. Also against httpd 2.4.x

      1. Sorry, there are no such current plans.

  11. Hi,

     

    For those interested, I made my best to port the current module to 2.4.3 of Apache HTTPD. I haven't tested the SVN sub-module, only the HTTPD one.

    Also, the configure.ac and Makefile (s) sucks once you have a customized httpd install.

    Note that your config files should be changed: 'Require group' becomes 'Require crowd-group'

    As I don't have perms to create attachs, here's the patch file below

    Crowd module for httpd 2.4.3  Expand source
    1. 2.2 is still the widest deployed instance so we're not rushing to upgrade. However, if you'd like to put your changes in a fork or issue a pull request to the cwdapache project then it might make it easier for people who are upgrading to make use of these improvements.

    2. Anonymous

      Hi,

      Can you please share the compiled file if you have already or provide the steps to compile this code and how to use it? 

    3. Hey, I'm also interested in it. Can't use this patch with 2.2.2 of crowd connector

      1. Here's a patch based on Issa's work that applies to 2.2.2 and let's it work with apache httpd 2.4 (but breaks 2.2).

        https://bitbucket.org/yunake/cwdapache/commits/832bc2e2d51e3a4b078144051566033ca8b3b7f0

        This repo is a fork of the official repo with the patch applied so you can use it to compile the modules directly. I have initiated a pull request but I don't expect it to be accepted. 

        1. Thank you for the pull request; we will incorporate the fixes eventually. It's just a question of timing and process, as many of our customers are still running Apache 2.2.x (especially RHEL / CentOS customers, for whom it appears that Apache 2.4.x is not yet available in the official repositories).

          1. According to http://distrowatch.com/table.php?distribution=redhat , Apache 2.4.x will arrive with Red Hat Enterprise Linux 7. That may be a good time to move 2.2 support off into a branch and move master over to requiring 2.4.

  12. I am trying to get this to work on AIX 6.1 and currently stuck in a dependency hell. Anybody who managed to do it

  13. These steps also work great for the Amazon CentOs machines.

  14. For FreeBSD, I have created a port that installs everything you need with full dependencies. It is in the www/mod_authnz_crowd port directory.  See also http://www.freshports.org/www/mod_authnz_crowd/

  15. I seem to always get this error. The error comes after I run make install.

    Apache 2.2.22

    Ubuntu 12.04.2 LTS

     

    if [ -e /etc/apache2/mods-enabled/dav.load ]; then mv /etc/apache2/mods-enabled/dav.load /etc/apache2/mods-enabled/1dav.load; fi
    if [ -e /etc/apache2/mods-enabled/dav_svn.load ]; then mv /etc/apache2/mods-enabled/dav_svn.load /etc/apache2/mods-enabled/1dav_svn.load; fi
    /usr/sbin/apache2ctl configtest || mv /tmp/httpd.conf.bak /etc/apache2/httpd.conf
    apache2: Syntax error on line 210 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/authz_svn_crowd.load: Cannot load /usr/lib/apache2/modules/mod_authz_svn_crowd.so into server: /usr/lib/apache2/modules/mod_authz_svn_crowd.so: undefined symbol: svn_urlpath__canonicalize
    Action 'configtest' failed.
    The Apache error log may have more information.
    /usr/sbin/apache2ctl graceful
    apache2: Syntax error on line 210 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/authz_svn_crowd.load: Cannot load /usr/lib/apache2/modules/mod_authz_svn_crowd.so into server: /usr/lib/apache2/modules/mod_authz_svn_crowd.so: undefined symbol: svn_urlpath__canonicalize
    Action 'graceful' failed.
    The Apache error log may have more information.
    make[1]: *** [install] Error 1
    make[1]: Leaving directory `/home/ubuntu/cwdapache/src'
    make: *** [install-recursive] Error 1
    ubuntu@ip-10-31-224-69:~/cwdapache$ sudo /etc/init.d/apache2 restart
    apache2: Syntax error on line 210 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/authz_svn_crowd.load: Cannot load /usr/lib/apache2/modules/mod_authz_svn_crowd.so into server: /usr/lib/apache2/modules/mod_authz_svn_crowd.so: undefined symbol: svn_urlpath__canonicalize
    Action 'configtest' failed.
    The Apache error log may have more information.

     

    If I unlink the authz_svn_crowd, apache starts but does does not work properly.

     

    [Thu Nov 28 12:14:17 2013] [crit] [client xxx] Failed to send authentication request (CURLcode 60 - Peer certificate cannot be authenticated with given CA certificates)
    [Thu Nov 28 12:14:17 2013] [crit] [client xxxx] Failed to send authentication request (CURLcode 60 - Peer certificate cannot be authenticated with given CA certificates)
    [Thu Nov 28 12:14:17 2013] [crit] [client xxx] Crowd authentication failed due to system exception

  16. Thank you for this new version 2.2.2 with the option to remove ssl verification from curl. Any release notes ?

    Also, no httpd 2.4.x support ? no svn 1.7 / 1.8 support ?

    1. I just updated to 2.2.2 connector module for apache 2.2. Everything works just fine: my svn 1.8 clients authenticate and authorize just fine. I had to add "CrowdSSLVerifyPeer Off" to suppress the warnings about the certificate not being set.

      1. I meant server side support for svn 1.7/1.8...

        1. I have no idea what you mean by "server side support". The crowd adapter lives inside apache, and svn authenticates against it just fine when accessing the subversion http URLs.

          1. You need to build the crowd apache module against svn source (which are the server side)

            And I'm looking for httpd 2.4.x with svn 1.8.x support from this crowd module

            1. ### The statements in this post are incorrect - the apache crowd module does depend on the svn source. This post will soon be completely removed to avoid confusion ###

              No, the crowd apache module that is discussed in this page is completely unaware / independent of svn.

              Crowd apache module is a plugin/implementation of apache auth/authz. It provides authentication by checking the credentials againts a Crowd server. It knows nothing about Subversion.

              It is Subversion (server side code inside mod_svn) that uses the crowd apache module. And it uses it through the abstraction/interface that is auth/authz, meaning Subversion could (probably) use anything else that implements auth/authz.

              ### Indeed Issa is right. I will remove this post in a day or two to reduce noise. ###

               

            2. The 2.2.2 connector builds just fine against subversion 1.8. I just did that yesterday. And it doesn't need the sources, just the development headers properly installed. I don't know what magic you need in linux to make that happen, but in FreeBSD it is part of the normal subversion installation.

              1. I think you're able to compile it because the deprecated method

                is still available in svn headers v1.8. Crowd module, when giving support for svn 1.7+, should stop usage of that method (and any other cases I didn't cover)

              2. Anonymous

                Hi,

                Can you please share the compiled file if you have already or provide the steps to compile this code and how to use it? I am using RedHat Linux 6.