%general-entities; ]> $LastChangedBy$ $Date$ OpenLDAP The OpenLDAP package provides an open source implementation of the Lightweight Directory Access Protocol. Package Information Download (HTTP): Download (FTP): Download MD5 sum: &openldap-md5sum; Download size: &openldap-size; Estimated disk space required: &openldap-buildsize; Estimated build time: &openldap-time; Additional Downloads Required patch: Required patch: Optional patch: OpenLDAP Dependencies Required Recommended and Optional , , , OpenSLP, , and either or User Notes: Without this patch, the Exchange addressbook integration uses simple binds with cleartext passwords. If you are going to build evolution-data-server with OpenLDAP support, apply this patch: patch -Np1 -i ../openldap-&openldap-version;-ntlm-1.patch If you only need to install the client side ldap* binaries, corresponding man pages, libraries and header files (referred to as a client-only install), issue the following configure command instead of the other one, and then proceed with the remaining commands (no test suite available): patch -Np1 -i ../openldap-&openldap-version;-blfs-paths-1.patch && patch -Np1 -i ../openldap-&openldap-version;-symbol-versions-1.patch && autoconf && ./configure --prefix=/usr \ --sysconfdir=/etc \ --enable-dynamic \ --disable-debug \ --disable-slapd Install OpenLDAP by running the following commands: patch -Np1 -i ../openldap-&openldap-version;-blfs-paths-1.patch && patch -Np1 -i ../openldap-&openldap-version;-symbol-versions-1.patch && autoconf && ./configure --prefix=/usr \ --sysconfdir=/etc \ --localstatedir=/var \ --libexecdir=/usr/lib \ --disable-static \ --disable-debug \ --enable-dynamic \ --enable-crypt \ --enable-modules \ --enable-rlookups \ --enable-backends=mod \ --enable-overlays=mod \ --disable-ndb \ --disable-sql && make depend && make To test the results, issue: make test. If you've enabled tcp_wrappers, ensure you add 127.0.0.1 to the slapd line in the /etc/hosts.allow file if you have a restrictive /etc/hosts.deny file. Now, as the root user: make install && install -v -m755 -d /usr/share/doc/openldap-&openldap-version;/{drafts,guide,rfc} && install -v -m644 doc/drafts/* \ /usr/share/doc/openldap-&openldap-version;/drafts && install -v -m644 doc/rfc/* \ /usr/share/doc/openldap-&openldap-version;/rfc && cp -v -R doc/guide/* \ /usr/share/doc/openldap-&openldap-version;/guide --disable-debug: Disable debugging code. --enable-dynamic: This forces the OpenLDAP libraries to be dynamically linked to the executable programs. --enable-crypt: Enables crypt(3) passwords. --enable-modules: Enables dynamic module support. --enable-rlookups: This parameter enables reverse lookups of client hostnames. --enable-backends: This parameter enables all available backends. --enable-overlays: This parameter enables all available overlays. --disable-ndb: This parameter disables MySQL NDB Cluster backend which causes configure to fail if MySQL is present. --disable-sql: This parameter explicitly disables the sql backend. Omit this switch if a SQL server is installed and you are going to use a SQL backend (experimental). --enable-spasswd: This parameter enables SASL password verification. --enable-slp: This parameter enables SLPv2 support. Use this switch if you have installed OpenSLP. --enable-wrappers: This parameter enables tcp wrappers support. Use this switch if you have installed . --disable-bdb --disable-hdb --with-ldbm-api=gdbm: Pass these parameters to the configure command if you wish to use GDBM instead of Berkeley DB as the primary backend database. You can run ./configure --help to see if there are other parameters you can pass to the configure command to enable other options or dependency packages. /etc/openldap/* /etc/openldap/* Configuring the slapd servers can be complex. Securing the LDAP directory, especially if you are storing non-public data such as password databases, can also be a challenging task. You'll need to modify the /etc/openldap/slapd.conf and /etc/openldap/ldap.conf files to set up OpenLDAP for your particular needs. /etc/openldap/slapd.conf /etc/openldap/ldap.conf Resources to assist you with topics such as choosing a directory configuration, backend and database definitions, access control settings, running as a user other than root and setting a chroot environment include: The slapd man page The slapd.conf man page The OpenLDAP 2.4 Administrator's Guide (also installed locally in /usr/share/doc/openldap-&openldap-version;/guide/admin) Documents located at To utilize GDBM as the database backend, the database entry in /etc/openldap/slapd.conf must be changed from bdb to ldbm. You can use both by creating an additional database section in /etc/openldap/slapd.conf. By default, LDAPv2 support is disabled in the slapd.conf file. Once the database is properly set up and Mozilla is configured to use the directory, you must add allow bind_v2 to the slapd.conf file. To automate the startup of the LDAP server at system bootup, install the /etc/rc.d/init.d/openldap init script included in the package using the following command: openldap make install-openldap The init script starts the daemon without any parameters. You'll need to modify the /etc/sysconfig/openldap to include the parameters needed for your specific configuration. See the slapd man page for parameter information. Start the LDAP server using the init script: /etc/rc.d/init.d/openldap start Verify access to the LDAP server with the following command: ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts The expected result is: # extended LDIF # # LDAPv3 # base <> with scope base # filter: (objectclass=*) # requesting: namingContexts # # dn: namingContexts: dc=my-domain,dc=com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Installed Programs Installed Libraries Installed Directories ldapadd, ldapcompare, ldapdelete, ldapexop, ldapmodify, ldapmodrdn, ldappasswd, ldapsearch, ldapurl, ldapwhoami, slapacl, slapadd, slapauth, slapcat, slapd, slapdn, slapindex, slappasswd, slapschema and slaptest liblber.so, libldap.so,a and libldap_r.so /etc/openldap, /usr/lib/openldap and /var/lib/openldap Short Descriptions ldapadd opens a connection to an LDAP server, binds and adds entries. ldapadd ldapcompare opens a connection to an LDAP server, binds and performs a compare using specified parameters. ldapcompare ldapdelete opens a connection to an LDAP server, binds and deletes one or more entries. ldapdelete ldapexop issues the LDAP extended operation specified by oid or one of the special keywords whoami, cancel, or refresh. ldapexop ldapmodify opens a connection to an LDAP server, binds and modifies entries. ldapmodify ldapmodrdn opens a connection to an LDAP server, binds and modifies the RDN of entries. ldapmodrdn ldappasswd is a tool to set the password of an LDAP user. ldappasswd ldapsearch opens a connection to an LDAP server, binds and performs a search using specified parameters. ldapsearch ldapurl is a command that allows to either compose or decompose LDAP URIs. ldapurl ldapwhoami opens a connection to an LDAP server, binds and displays whoami information. ldapwhoami slapacl is used to check the behavior of slapd by verifying access to directory data according to the access control list directives defined in its configuration. slapacl slapadd is used to add entries specified in LDAP Directory Interchange Format (LDIF) to an LDAP database. slapadd slapauth is used to check the behavior of the slapd in mapping identities for authentication and authorization purposes, as specified in slapd.conf. slapauth slapcat is used to generate an LDAP LDIF output based upon the contents of a slapd database. slapcat slapd is the stand-alone LDAP server. slapd slapdn checks a list of string-represented DNs based on schema syntax. slapdn slapindex is used to regenerate slapd indexes based upon the current contents of a database. slapindex slappasswd is an OpenLDAP password utility. slappasswd slapschema is used to check schema compliance of the contents of a slapd database. slapschema slaptest checks the sanity of the slapd.conf file. slaptest liblber.so is a set of lightweight Basic Encoding Rules routines. These routines are used by the LDAP library routines to encode and decode LDAP protocol elements using the (slightly simplified) Basic Encoding Rules defined by LDAP. They are not normally used directly by an LDAP application program except in the handling of controls and extended operations. liblber.so libldap.so supports the LDAP programs and provide functionality for other programs interacting with LDAP. libldap.so libldap_r.so contains the functions required by the LDAP programs to produce the results from LDAP requests. libldap_r.so