%general-entities; ]> The OpenLDAP package provides an open source implementation of the Lightweight Directory Access Protocol. Download (HTTP): Download (FTP): Download size: &openldap-size; Estimated Disk space required: &openldap-buildsize; Estimated build time: &openldap-time; , , , and or Install OpenLDAP by running the following commands: ./configure --prefix=/usr --libexecdir=/usr/sbin \ --sysconfdir=/etc --localstatedir=/var/lib \ --disable-debug --enable-ldbm && make depend && make && make test && make install --sysconfdir=/etc: Sets the configuration file directory to avoid the default of /usr/etc. --libexecdir=/usr/sbin: Puts the server executables in /usr/sbin instead of /usr/libexec. --enable-ldbm: Build slapd with primary database back end using either Berkeley DB or GNU Database Manager. --disable-debug: Disable debugging code. make test: Validate correct build of the package. /etc/openldap/* The only configuration needed for OpenLDAP is to run ldconfig. The LDAP server can be started by /usr/sbin/slapd as described in the man page slapd(8). You can verify that LDAP is running with ps aux and you can verify access to the LDAP server with the following command: ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts The correct result is: # extended LDIF # # LDAPv3 # base <> with scope base # filter: (objectclass=*) # requesting: namingContexts # # dn: namingContexts: dc=my-domain,dc=com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Kill the server with this command: kill -INT `cat /var/lib/slapd.pid` You are now ready to modify the /etc/openldap/slapd.conf to be specific to your installation. Utilizing GDBM To utilize GDBM as the database backend, the "database" entry in /etc/openldap/slapd.conf must be changed from "bdb" to "ldbm". You can use both by creating an additional database section in /etc/openldap/slapd.conf. Securing your LDAP server Significant configuration is needed for OpenLDAP to utilize security features. The OpenLDAP 2.1 Administrator's Guide is a good place to start for access control settings, running as a user other than root and setting a chroot environment. User Tools Data can be added to the LDAP database via ldapadd. There are other programs that can use the database. For more information see the appropriate man page. Mozilla Address Directory By default, LDAPv2 support is disabled in the slapd.conf file. Once the database is properly setup and Mozilla is configured to use the directory, you must add allow bind_v2 to the slapd.conf file. The OpenLDAP package contains ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn, ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapindex, slappasswd, slurpd, liblber and libldap. ldapadd opens a connection to an LDAP server, binds and adds entries. ldapcompare opens a connection to an LDAP server, binds and performs a compare using specified parameters. ldapdelete opens a connection to an LDAP server, binds and deletes one or more entries. ldapmodify opens a connection to an LDAP server, binds and modifies entries. ldapmodrdn opens a connection to an LDAP server, binds and modifies the RDN of entries. ldappasswd is a tool to set the password of an LDAP user. ldapsearch opens a connection to an LDAP server, binds and performs a search using specified parameters. ldapwhoami open a connection to an LDAP server, binds and performs a whoami operation. slapadd is used to add entries specified in LDAP Directory Interchange Format (LDIF) to a slapd database. slapcat is used to generate an LDAP LDIF output based upon the contents of a slapd database. slapd is the stand-alone LDAP server. slapindex is used to regenerate slapd indices based upon the current contents of a database. slappasswd is an OpenLDAP password utility. slurpd is the stand-alone LDAP replication server. These libraries support the LDAP programs and provide functionality for other programs interacting with LDAP.