source: server/other/openldap.xml@ 12949fb

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 12949fb was 12949fb, checked in by Randy McMurchy <randy@…>, 14 years ago

Updated to OpenLDAP-2.4.21

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@8333 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 21.3 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!-- <!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
8 <!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz"> -->
9 <!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-release/openldap-&openldap-version;.tgz">
10 <!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-&openldap-version;.tgz">
11 <!ENTITY openldap-md5sum "e7128c57b2bacd940e8906057c94ff26">
12 <!ENTITY openldap-size "5.4 MB">
13 <!ENTITY openldap-buildsize "134 MB">
14 <!ENTITY openldap-time "1.9 SBU and approximately 30 minutes to run the tests (processor independent)">
15]>
16
17<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
18 <?dbhtml filename="openldap.html"?>
19
20 <sect1info>
21 <othername>$LastChangedBy$</othername>
22 <date>$Date$</date>
23 </sect1info>
24
25 <title>OpenLDAP-&openldap-version;</title>
26
27 <indexterm zone="openldap">
28 <primary sortas="a-OpenLDAP">OpenLDAP</primary>
29 </indexterm>
30
31 <sect2 role="package">
32 <title>Introduction to OpenLDAP</title>
33
34 <para>The <application>OpenLDAP</application> package provides an open
35 source implementation of the Lightweight Directory Access Protocol.</para>
36
37 <bridgehead renderas="sect3">Package Information</bridgehead>
38 <itemizedlist spacing="compact">
39 <listitem>
40 <para>Download (HTTP): <ulink url="&openldap-download-http;"/></para>
41 </listitem>
42 <listitem>
43 <para>Download (FTP): <ulink url="&openldap-download-ftp;"/></para>
44 </listitem>
45 <listitem>
46 <para>Download MD5 sum: &openldap-md5sum;</para>
47 </listitem>
48 <listitem>
49 <para>Download size: &openldap-size;</para>
50 </listitem>
51 <listitem>
52 <para>Estimated disk space required: &openldap-buildsize;</para>
53 </listitem>
54 <listitem>
55 <para>Estimated build time: &openldap-time;</para>
56 </listitem>
57 </itemizedlist>
58
59 <!-- <note>
60 <para>The <application>OpenLDAP</application> stable releases are
61 packaged without version numbers in the tarball names. You can see the
62 relationship between the version number and name of the tarball at <ulink
63 url="http://www.openldap.org/software/download/"/>.</para>
64 </note> -->
65
66 <bridgehead renderas="sect3">OpenLDAP Dependencies</bridgehead>
67
68 <bridgehead renderas="sect4">Required</bridgehead>
69 <para role="required"><xref linkend="db"/> (recommended) or
70 GDBM (GDBM is built in LFS)</para>
71 <!-- <xref linkend="gdbm"/></para> -->
72
73 <bridgehead renderas="sect4">Recommended</bridgehead>
74 <para role="recommended"><xref linkend="cyrus-sasl"/> and
75 <xref linkend="openssl"/></para>
76
77 <bridgehead renderas="sect4">Optional</bridgehead>
78 <para role="optional"><xref linkend="tcpwrappers"/>,
79 <xref linkend="unixodbc"/>,
80 <ulink url="http://www.openslp.org/">OpenSLP</ulink>,
81 <xref linkend="pth"/>, and one of
82 <xref linkend="mysql"/>,
83 <ulink url="http://www.oracle.com/technologies/linux/index.html">Oracle</ulink>, or
84 <xref linkend="postgresql"/></para>
85
86 <para condition="html" role="usernotes">User Notes:
87 <ulink url="&blfs-wiki;/openldap"/></para>
88
89 </sect2>
90
91 <sect2 role="installation">
92 <title>Installation of OpenLDAP</title>
93
94 <note>
95 <para>If you only need to install the client side <command>ldap*</command>
96 binaries, corresponding man pages, libraries and header files (referred to
97 as a <quote>client-only</quote> install), issue the following
98 <command>configure</command> command instead of the other one, and
99 then proceed with the remaining commands (no test suite available):</para>
100
101<screen><userinput>./configure --prefix=/usr \
102 --sysconfdir=/etc \
103 --disable-debug \
104 --enable-dynamic \
105 --enable-slapd=no &amp;&amp;</userinput></screen>
106 </note>
107
108 <para>Install <application>OpenLDAP</application> by
109 running the following commands:</para>
110
111<screen><userinput>./configure --prefix=/usr \
112 --libexecdir=/usr/sbin \
113 --sysconfdir=/etc \
114 --localstatedir=/srv/ldap \
115 --disable-debug \
116 --enable-dynamic \
117 --enable-crypt \
118 --enable-modules \
119 --enable-rlookups \
120 --enable-backends \
121 --enable-overlays \
122 --disable-sql &amp;&amp;
123make depend &amp;&amp;
124make</userinput></screen>
125
126 <para>To test the results, issue: <command>make test</command>. If you've
127 enabled <application>tcp_wrappers</application>, ensure you add 127.0.0.1
128 to the <parameter>slapd</parameter> line in the
129 <filename>/etc/hosts.allow</filename> file if you have a restrictive
130 <filename>/etc/hosts.deny</filename> file.</para>
131
132 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
133
134<screen role="root"><userinput>make install &amp;&amp;
135
136for LINK in lber ldap ldap_r; do
137 chmod -v 0755 /usr/lib/$(readlink /usr/lib/lib${LINK}.so)
138done &amp;&amp;
139
140install -v -m755 -d /usr/share/doc/openldap-&openldap-version;/{drafts,guide,rfc} &amp;&amp;
141install -v -m644 doc/drafts/* \
142 /usr/share/doc/openldap-&openldap-version;/drafts &amp;&amp;
143install -v -m644 doc/rfc/* \
144 /usr/share/doc/openldap-&openldap-version;/rfc &amp;&amp;
145cp -v -R doc/guide/* \
146 /usr/share/doc/openldap-&openldap-version;/guide</userinput></screen>
147
148 </sect2>
149
150 <sect2 role="commands">
151 <title>Command Explanations</title>
152
153 <para><parameter>--libexecdir=/usr/sbin</parameter>: Installs the
154 <command>slapd</command> daemon programs in
155 <filename class="directory">/usr/sbin</filename> instead of
156 <filename class="directory">/usr/libexec</filename>.</para>
157
158 <para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file
159 directory to avoid the default of
160 <filename class="directory">/usr/etc</filename>.</para>
161
162 <para><parameter>--localstatedir=/srv/ldap</parameter>: Sets the directory
163 to use for the LDAP directory database, replication logs and
164 run-time variable data.</para>
165
166 <para><parameter>--disable-debug</parameter>: Disable debugging code.</para>
167
168 <para><parameter>--enable-dynamic</parameter>: This forces the
169 <application>OpenLDAP</application> libraries to be dynamically linked
170 to the executable programs.</para>
171
172 <para><parameter>--enable-crypt</parameter>: Enables crypt(3)
173 passwords.</para>
174
175 <para><parameter>--enable-modules</parameter>: Enables dynamic module
176 support.</para>
177
178 <!-- <para><parameter>-enable-ldap</parameter>: Enables the
179 <command>slapd</command> LDAP backend.</para>
180
181 <para><parameter>-enable-ldbm</parameter>: Build <command>slapd</command>
182 with the primary database back end using either
183 <application>Berkeley DB</application> or
184 <application>GNU Database Manager</application>.</para> -->
185
186 <para><parameter>--enable-rlookups</parameter>: This parameter enables
187 reverse lookups of client hostnames.</para>
188
189 <para><parameter>--enable-backends</parameter>: This parameter enables
190 all available backends.</para>
191
192 <para><parameter>--enable-overlays</parameter>: This parameter enables
193 all available overlays.</para>
194
195 <para><parameter>--disable-sql</parameter>: This parameter explicitly
196 disables the sql backend. Omit this switch if a SQL server is
197 installed.</para>
198
199 <para><option>--disable-bdb --disable-hdb --with-ldbm-api=gdbm</option>:
200 Pass these parameters to the <command>configure</command> command if you
201 wish to use <application>GDBM</application> instead of
202 <application>Berkeley DB</application> as the primary backend
203 database.</para>
204
205 <para><command>chmod -v 0755 ...</command>: This
206 command adds the executable bit to the shared libraries.</para>
207
208 <note>
209 <para>You can run <command>./configure --help</command> to see if there
210 are other parameters you can pass to the <command>configure</command>
211 command to enable other options or dependency packages.</para>
212 </note>
213
214 </sect2>
215
216 <sect2 role="configuration">
217 <title>Configuring OpenLDAP</title>
218
219 <sect3 id="openldap-config">
220 <title>Config Files</title>
221
222 <para><filename>/etc/openldap/*</filename></para>
223
224 <indexterm zone="openldap openldap-config">
225 <primary sortas="e-etc-openldap">/etc/openldap/*</primary>
226 </indexterm>
227
228 </sect3>
229
230 <sect3>
231 <title>Configuration Information</title>
232
233 <para>Configuring the <command>slapd</command> servers can be complex.
234 Securing the LDAP directory, especially if you are storing non-public
235 data such as password databases, can also be a challenging task. You'll
236 need to modify the <filename>/etc/openldap/slapd.conf</filename> and
237 <filename>/etc/openldap/ldap.conf</filename> files to set up
238 <application>OpenLDAP</application> for your particular needs.</para>
239
240 <indexterm zone="openldap openldap-config">
241 <primary
242 sortas="e-etc-openldap-slapd.conf">/etc/openldap/slapd.conf</primary>
243 </indexterm>
244
245 <indexterm zone="openldap openldap-config">
246 <primary
247 sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary>
248 </indexterm>
249
250 <para>Resources to assist you with topics such as choosing a directory
251 configuration, backend and database definitions, access control settings,
252 running as a user other than <systemitem class="username">root</systemitem>
253 and setting a <command>chroot</command> environment include:</para>
254
255 <itemizedlist spacing='compact'>
256 <listitem>
257 <para>The <command>slapd</command> man page</para>
258 </listitem>
259 <listitem>
260 <para>The <filename>slapd.conf</filename> man page</para>
261 </listitem>
262 <listitem>
263 <para>The <ulink
264 url="http://www.openldap.org/doc/admin24/">OpenLDAP 2.4
265 Administrator's Guide</ulink> (also installed locally in
266 <filename class='directory'>
267 /usr/share/doc/openldap-&openldap-version;/guide/admin</filename>)</para>
268 </listitem>
269 <listitem>
270 <para>Documents located at
271 <ulink url="http://www.openldap.org/pub/"/></para>
272 </listitem>
273 </itemizedlist>
274
275 </sect3>
276
277 <sect3>
278 <title>Utilizing GDBM</title>
279
280 <para>To utilize <application>GDBM</application> as the database
281 backend, the <quote>database</quote> entry in
282 <filename>/etc/openldap/slapd.conf</filename> must be changed from
283 <quote>bdb</quote> to <quote>ldbm</quote>. You can use both by
284 creating an additional database section in
285 <filename>/etc/openldap/slapd.conf</filename>.</para>
286
287 </sect3>
288
289 <sect3>
290 <title>Mozilla Address Directory</title>
291
292 <para>By default, LDAPv2 support is disabled in the
293 <filename>slapd.conf</filename> file. Once the database is properly
294 set up and <application>Mozilla</application> is configured to use the
295 directory, you must add <option>allow bind_v2</option> to the
296 <filename>slapd.conf</filename> file.</para>
297
298 </sect3>
299
300 <sect3 id="openldap-init">
301 <title>Boot Script</title>
302
303 <para>To automate the startup of the LDAP server at system bootup,
304 install the <filename>/etc/rc.d/init.d/openldap</filename> init script
305 included in the <xref linkend="bootscripts"/> package
306 using the following command:</para>
307
308 <indexterm zone="openldap openldap-init">
309 <primary sortas="f-openldap">openldap</primary>
310 </indexterm>
311
312<screen role="root"><userinput>make install-openldap1</userinput></screen>
313
314 <!-- <para><emphasis>Note:</emphasis> The init script you just installed only
315 starts the <command>slapd</command> daemon. If you wish to also start the
316 <command>slurpd</command> daemon at system startup, install a modified
317 version of the script using this command:</para>
318
319<screen role="root"><userinput>make install-openldap2</userinput></screen> -->
320
321 <note>
322 <para>The init script starts the daemon without any parameters.
323 You'll need to modify the script to include the parameters needed for
324 your specific configuration. See the <command>slapd</command>
325 man page for parameter information.</para>
326 </note>
327
328 </sect3>
329
330 <sect3>
331 <title>Testing the Configuration</title>
332
333 <para>Start the LDAP server using the init script:</para>
334
335<screen role="root"><userinput>/etc/rc.d/init.d/openldap start</userinput></screen>
336
337 <para>Verify access to the LDAP server with the following
338 command:</para>
339
340<screen><userinput>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</userinput></screen>
341
342 <para>The expected result is:</para>
343
344<screen><computeroutput># extended LDIF
345#
346# LDAPv3
347# base &lt;&gt; with scope base
348# filter: (objectclass=*)
349# requesting: namingContexts
350#
351
352#
353dn:
354namingContexts: dc=my-domain,dc=com
355
356# search result
357search: 2
358result: 0 Success
359
360# numResponses: 2
361# numEntries: 1</computeroutput></screen>
362
363 </sect3>
364
365 </sect2>
366
367 <sect2 role="content">
368 <title>Contents</title>
369
370 <segmentedlist>
371 <segtitle>Installed Programs</segtitle>
372 <segtitle>Installed Libraries</segtitle>
373 <segtitle>Installed Directories</segtitle>
374
375 <seglistitem>
376 <seg>ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn,
377 ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn,
378 slapindex, slappasswd, and slaptest</seg>
379 <seg>liblber.{so,a}, libldap.{so,a}, and libldap_r.{so,a}</seg>
380 <seg>/etc/openldap, /srv/ldap, and /usr/share/openldap</seg>
381 </seglistitem>
382 </segmentedlist>
383
384 <variablelist>
385 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
386 <?dbfo list-presentation="list"?>
387 <?dbhtml list-presentation="table"?>
388
389 <varlistentry id="ldapadd">
390 <term><command>ldapadd</command></term>
391 <listitem>
392 <para>opens a connection to an LDAP server, binds and adds
393 entries.</para>
394 <indexterm zone="openldap ldapadd">
395 <primary sortas="b-ldapadd">ldapadd</primary>
396 </indexterm>
397 </listitem>
398 </varlistentry>
399
400 <varlistentry id="ldapcompare">
401 <term><command>ldapcompare</command></term>
402 <listitem>
403 <para>opens a connection to an LDAP server, binds and performs
404 a compare using specified parameters.</para>
405 <indexterm zone="openldap ldapcompare">
406 <primary sortas="b-ldapcompare">ldapcompare</primary>
407 </indexterm>
408 </listitem>
409 </varlistentry>
410
411 <varlistentry id="ldapdelete">
412 <term><command>ldapdelete</command></term>
413 <listitem>
414 <para> opens a connection to an LDAP server, binds and deletes
415 one or more entries.</para>
416 <indexterm zone="openldap ldapdelete">
417 <primary sortas="b-ldapdelete">ldapdelete</primary>
418 </indexterm>
419 </listitem>
420 </varlistentry>
421
422 <varlistentry id="ldapmodify">
423 <term><command>ldapmodify</command></term>
424 <listitem>
425 <para>opens a connection to an LDAP server, binds and modifies
426 entries.</para>
427 <indexterm zone="openldap ldapmodify">
428 <primary sortas="b-ldapmodify">ldapmodify</primary>
429 </indexterm>
430 </listitem>
431 </varlistentry>
432
433 <varlistentry id="ldapmodrdn">
434 <term><command>ldapmodrdn</command></term>
435 <listitem>
436 <para>opens a connection to an LDAP server, binds and modifies
437 the RDN of entries.</para>
438 <indexterm zone="openldap ldapmodrdn">
439 <primary sortas="b-ldapmodrdn">ldapmodrdn</primary>
440 </indexterm>
441 </listitem>
442 </varlistentry>
443
444 <varlistentry id="ldappasswd">
445 <term><command>ldappasswd</command></term>
446 <listitem>
447 <para>is a tool to set the password of an LDAP user.</para>
448 <indexterm zone="openldap ldappasswd">
449 <primary sortas="b-ldappasswd">ldappasswd</primary>
450 </indexterm>
451 </listitem>
452 </varlistentry>
453
454 <varlistentry id="ldapsearch">
455 <term><command>ldapsearch</command></term>
456 <listitem>
457 <para>opens a connection to an LDAP server, binds and performs
458 a search using specified parameters.</para>
459 <indexterm zone="openldap ldapsearch">
460 <primary sortas="b-ldapsearch">ldapsearch</primary>
461 </indexterm>
462 </listitem>
463 </varlistentry>
464
465 <varlistentry id="ldapwhoami">
466 <term><command>ldapwhoami</command></term>
467 <listitem>
468 <para>opens a connection to an LDAP server, binds and displays
469 whoami information.</para>
470 <indexterm zone="openldap ldapwhoami">
471 <primary sortas="b-ldapwhoami">ldapwhoami</primary>
472 </indexterm>
473 </listitem>
474 </varlistentry>
475
476 <varlistentry id="slapadd">
477 <term><command>slapadd</command></term>
478 <listitem>
479 <para>is used to add entries specified in LDAP Directory Interchange
480 Format (LDIF) to an LDAP database.</para>
481 <indexterm zone="openldap slapadd">
482 <primary sortas="b-slapadd">slapadd</primary>
483 </indexterm>
484 </listitem>
485 </varlistentry>
486
487 <varlistentry id="slapcat">
488 <term><command>slapcat</command></term>
489 <listitem>
490 <para>is used to generate an LDAP LDIF output based upon the
491 contents of a slapd database.</para>
492 <indexterm zone="openldap slapcat">
493 <primary sortas="b-slapcat">slapcat</primary>
494 </indexterm>
495 </listitem>
496 </varlistentry>
497
498 <varlistentry id="slapd">
499 <term><command>slapd</command></term>
500 <listitem>
501 <para>is the stand-alone LDAP server.</para>
502 <indexterm zone="openldap slapd">
503 <primary sortas="b-slapd">slapd</primary>
504 </indexterm>
505 </listitem>
506 </varlistentry>
507
508 <varlistentry id="slapdn">
509 <term><command>slapdn</command></term>
510 <listitem>
511 <para>checks a list of string-represented DNs based on schema
512 syntax.</para>
513 <indexterm zone="openldap slapdn">
514 <primary sortas="b-slapdn">slapdn</primary>
515 </indexterm>
516 </listitem>
517 </varlistentry>
518
519 <varlistentry id="slapindex">
520 <term><command>slapindex</command></term>
521 <listitem>
522 <para>is used to regenerate slapd indexes based upon the current
523 contents of a database.</para>
524 <indexterm zone="openldap slapindex">
525 <primary sortas="b-slapindex">slapindex</primary>
526 </indexterm>
527 </listitem>
528 </varlistentry>
529
530 <varlistentry id="slappasswd">
531 <term><command>slappasswd</command></term>
532 <listitem>
533 <para>is an <application>OpenLDAP</application> password
534 utility.</para>
535 <indexterm zone="openldap slappasswd">
536 <primary sortas="b-slappasswd">slappasswd</primary>
537 </indexterm>
538 </listitem>
539 </varlistentry>
540
541 <varlistentry id="slaptest">
542 <term><command>slaptest</command></term>
543 <listitem>
544 <para>checks the sanity of the <filename>slapd.conf</filename>
545 file.</para>
546 <indexterm zone="openldap slaptest">
547 <primary sortas="b-slaptest">slaptest</primary>
548 </indexterm>
549 </listitem>
550 </varlistentry>
551
552 <varlistentry id="liblber">
553 <term><filename class='libraryfile'>liblber.{so,a}</filename></term>
554 <listitem>
555 <para>is a set of lightweight Basic Encoding Rules routines. These
556 routines are used by the LDAP library routines to encode and decode
557 LDAP protocol elements using the (slightly simplified) Basic
558 Encoding Rules defined by LDAP. They are not normally used directly
559 by an LDAP application program except in the handling of controls
560 and extended operations.</para>
561 <indexterm zone="openldap liblber">
562 <primary sortas="c-liblber">liblber.{so,a}</primary>
563 </indexterm>
564 </listitem>
565 </varlistentry>
566
567 <varlistentry id="libldap">
568 <term><filename class='libraryfile'>libldap.{so,a}</filename></term>
569 <listitem>
570 <para>supports the LDAP programs and provide functionality for
571 other programs interacting with LDAP.</para>
572 <indexterm zone="openldap libldap">
573 <primary sortas="c-libldap">libldap.{so,a}</primary>
574 </indexterm>
575 </listitem>
576 </varlistentry>
577
578 <varlistentry id="libldap_r">
579 <term><filename class='libraryfile'>libldap_r.{so,a}</filename></term>
580 <listitem>
581 <para>contains the functions required by the LDAP programs to
582 produce the results from LDAP requests.</para>
583 <indexterm zone="openldap libldap_r">
584 <primary sortas="c-libldap_r">libldap_r.{so,a}</primary>
585 </indexterm>
586 </listitem>
587 </varlistentry>
588
589 </variablelist>
590
591 </sect2>
592
593</sect1>
Note: See TracBrowser for help on using the repository browser.