Context Navigation

openldap.xml@ 0aeb696

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 0aeb696 was 0aeb696, checked in by Randy McMurchy <randy@…>, 18 years ago

Added a comment to each file that may need a mention of a test suite added to it, this allows closing of bug #1697

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5951 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 21.5 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!-- Inserted as a reminder to do this. The mention of a test suite
8	is usually right before the root user installation commands. Please
9	delete these 12 (including one blank) lines after you are done.-->
10
11	<!-- Use one of the two mentions below about a test suite,
12	delete the line that is not applicable. Of course, if the
13	test suite uses syntax other than "make check", revise the
14	line to reflect the actual syntax to run the test suite -->
15
16	<!-- <para>This package does not come with a test suite.</para> -->
17	<!-- <para>To test the results, issue: <command>make check</command>.</para> -->
18
19	<!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
20	<!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
21	<!ENTITY openldap-md5sum "49d2c5b9378a7b57e1fb03948acb8e32">
22	<!ENTITY openldap-size "3.7 MB">
23	<!ENTITY openldap-buildsize "105 MB">
24	<!ENTITY openldap-time "1.9 SBU and approximately 30 minutes to run the tests (processor independent)">
25	]>
26
27	<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
28	<?dbhtml filename="openldap.html"?>
29
30	<sect1info>
31	<othername>$LastChangedBy$</othername>
32	<date>$Date$</date>
33	<keywordset>
34	<keyword role="package">openldap-&openldap-download-version;.tar</keyword>
35	<keyword role="ftpdir">openldap</keyword>
36	</keywordset>
37	</sect1info>
38
39	<title>OpenLDAP-&openldap-version;</title>
40
41	<indexterm zone="openldap">
42	<primary sortas="a-OpenLDAP">OpenLDAP</primary>
43	</indexterm>
44
45	<sect2 role="package">
46	<title>Introduction to OpenLDAP</title>
47
48	<para>The <application>OpenLDAP</application> package provides an open
49	source implementation of the Lightweight Directory Access Protocol.</para>
50
51	<bridgehead renderas="sect3">Package Information</bridgehead>
52	<itemizedlist spacing="compact">
53	<listitem>
54	<para>Download (HTTP): <ulink url="&openldap-download-http;"/></para>
55	</listitem>
56	<listitem>
57	<para>Download (FTP): <ulink url="&openldap-download-ftp;"/></para>
58	</listitem>
59	<listitem>
60	<para>Download MD5 sum: &openldap-md5sum;</para>
61	</listitem>
62	<listitem>
63	<para>Download size: &openldap-size;</para>
64	</listitem>
65	<listitem>
66	<para>Estimated disk space required: &openldap-buildsize;</para>
67	</listitem>
68	<listitem>
69	<para>Estimated build time: &openldap-time;</para>
70	</listitem>
71	</itemizedlist>
72
73	<note>
74	<para>The <application>OpenLDAP</application> stable releases are
75	packaged without version numbers in the tarball names. You can see the
76	relationship between the version number and name of the tarball at <ulink
77	url="http://www.openldap.org/software/download/"/>.</para>
78	</note>
79
80	<bridgehead renderas="sect3">OpenLDAP Dependencies</bridgehead>
81
82	<bridgehead renderas="sect4">Required</bridgehead>
83	<para role="required"><xref linkend="db"/> is recommended (built in LFS) or
84	<!-- <xref linkend="db"/> -->
85	<xref linkend="gdbm"/></para>
86
87	<bridgehead renderas="sect4">Recommended</bridgehead>
88	<para role="recommended"><xref linkend="cyrus-sasl"/> and
89	<xref linkend="openssl"/></para>
90
91	<bridgehead renderas="sect4">Optional</bridgehead>
92	<para role="optional"><xref linkend="tcpwrappers"/>,
93	<xref linkend="unixodbc"/>,
94	<xref linkend="gmp"/>,
95	<ulink url="http://www.gnu.org/software/pth/">GNU Pth</ulink>, and
96	<ulink url="http://www.openslp.org/">OpenSLP</ulink></para>
97
98	<para condition="html" role="usernotes">User Notes:
99	<ulink url="&blfs-wiki;/openldap"/></para>
100
101	</sect2>
102
103	<sect2 role="installation">
104	<title>Installation of OpenLDAP</title>
105
106	<para>Install <application>OpenLDAP</application> by
107	running the following commands:</para>
108
109	<screen><userinput>./configure --prefix=/usr \
110	--libexecdir=/usr/sbin \
111	--sysconfdir=/etc \
112	--localstatedir=/srv/ldap \
113	--disable-debug \
114	--enable-dynamic \
115	--enable-crypt \
116	--enable-modules \
117	--enable-ldap \
118	--enable-ldbm \
119	--enable-dyngroup \
120	--enable-dynlist \
121	--enable-ppolicy \
122	--enable-valsort &&
123	make depend &&
124	make &&
125	make test</userinput></screen>
126
127	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
128
129	<screen role="root"><userinput>make install &&
130	chmod -v 755 /usr/lib/libl*-2.3.so.0.2.8 &&
131	install -v -m755 -d /usr/share/doc/openldap-&openldap-version;/{drafts,guide,rfc} &&
132	install -v -m644 doc/drafts/* /usr/share/doc/openldap-&openldap-version;/drafts &&
133	install -v -m644 doc/rfc/* /usr/share/doc/openldap-&openldap-version;/rfc &&
134	cp -v -R doc/guide/* /usr/share/doc/openldap-&openldap-version;/guide</userinput></screen>
135
136	</sect2>
137
138	<sect2 role="commands">
139	<title>Command Explanations</title>
140
141	<para><parameter>--libexecdir=/usr/sbin</parameter>: Installs the
142	<command>slapd</command> and <command>slurpd</command> daemon programs in
143	<filename class="directory">/usr/sbin</filename> instead of
144	<filename class="directory">/usr/libexec</filename>.</para>
145
146	<para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file
147	directory to avoid the default of
148	<filename class="directory">/usr/etc</filename>.</para>
149
150	<para><parameter>--localstatedir=/srv/ldap</parameter>: Sets the directory
151	to use for the LDAP directory database, replication logs and
152	run-time variable data.</para>
153
154	<para><parameter>--disable-debug</parameter>: Disable debugging code.</para>
155
156	<para><parameter>--enable-dynamic</parameter>: This forces the
157	<application>OpenLDAP</application> libraries to be dynamically linked
158	to the executable programs.</para>
159
160	<para><parameter>--enable-crypt</parameter>: Enables crypt(3)
161	passwords.</para>
162
163	<para><parameter>--enable-modules</parameter>: Enables dynamic module
164	support.</para>
165
166	<para><parameter>--enable-ldap</parameter>: Enables the
167	<command>slapd</command> LDAP backend.</para>
168
169	<para><parameter>--enable-ldbm</parameter>: Build <command>slapd</command>
170	with the primary database back end using either
171	<application>Berkeley DB</application> or
172	<application>GNU Database Manager</application>.</para>
173
174	<para><parameter>--enable-dyngroup</parameter>: Enables the
175	<command>slapd</command> dynamic group overlay.</para>
176
177	<para><parameter>--enable-dynlist</parameter>: Enables the
178	<command>slapd</command> dynamic list overlay.</para>
179
180	<para><parameter>--enable-ppolicy</parameter>: Enables the
181	<command>slapd</command> password policy overlay.</para>
182
183	<para><parameter>--enable-valsort</parameter>: Enables the
184	<command>slapd</command> value sorting overlay.</para>
185
186	<para><command>make test</command>: Validates the correct build of the
187	package. If you've enabled <application>tcp_wrappers</application>, ensure
188	you add 127.0.0.1 to the <parameter>slapd</parameter> line in the
189	<filename>/etc/hosts.allow</filename> file if you have a
190	restrictive <filename>/etc/hosts.deny</filename> file.</para>
191
192	<para><command>chmod -v 755 /usr/lib/libl*-2.3.so.0.2.8</command>: This command
193	adds the executable bit to the shared libraries.</para>
194
195	<para><option>--disable-bdb --disable-hdb --with-ldbm-api=gdbm</option>:
196	Pass these parameters to the <command>configure</command> command if you
197	wish to use <application>GDBM</application> instead of
198	<application>Berkeley DB</application> as the primary backend
199	database.</para>
200
201	<note>
202	<para>Run <command>./configure --help</command> to see if there are
203	other parameters you can pass to the <command>configure</command> command
204	to enable other options or dependency packages.</para>
205	</note>
206
207	</sect2>
208
209	<sect2 role="configuration">
210	<title>Configuring OpenLDAP</title>
211
212	<sect3 id="openldap-config">
213	<title>Config Files</title>
214
215	<para><filename>/etc/openldap/*</filename></para>
216
217	<indexterm zone="openldap openldap-config">
218	<primary sortas="e-etc-openldap">/etc/openldap/*</primary>
219	</indexterm>
220
221	</sect3>
222
223	<sect3>
224	<title>Configuration Information</title>
225
226	<para>Configuring the <command>slapd</command> and
227	<command>slurpd</command> servers can be complex. Securing the LDAP
228	directory, especially if you are storing non-public data such as
229	password databases, can also be a challenging task. You'll need to
230	modify the <filename>/etc/openldap/slapd.conf</filename> and
231	<filename>/etc/openldap/ldap.conf</filename> files to set up
232	<application>OpenLDAP</application> for your particular needs.</para>
233
234	<indexterm zone="openldap openldap-config">
235	<primary
236	sortas="e-etc-openldap-slapd.conf">/etc/openldap/slapd.conf</primary>
237	</indexterm>
238
239	<indexterm zone="openldap openldap-config">
240	<primary
241	sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary>
242	</indexterm>
243
244	<para>Resources to assist you with topics such as choosing a directory
245	configuration, backend and database definitions, access control settings,
246	running as a user other than <systemitem class="username">root</systemitem>
247	and setting a <command>chroot</command> environment include:</para>
248
249	<itemizedlist spacing='compact'>
250	<listitem>
251	<para>The <command>slapd</command> man page</para>
252	</listitem>
253	<listitem>
254	<para>The <filename>slapd.conf</filename> man page</para>
255	</listitem>
256	<listitem>
257	<para>The <ulink
258	url="http://www.openldap.org/doc/admin23/">OpenLDAP 2.3
259	Administrator's Guide</ulink> (also installed locally in
260	<filename class='directory'>
261	/usr/share/doc/openldap-&openldap-version;/guide/admin</filename>)</para>
262	</listitem>
263	<listitem>
264	<para>Documents located at
265	<ulink url="http://www.openldap.org/pub/"/></para>
266	</listitem>
267	</itemizedlist>
268
269	</sect3>
270
271	<sect3>
272	<title>Utilizing GDBM</title>
273
274	<para>To utilize <application>GDBM</application> as the database
275	backend, the <quote>database</quote> entry in
276	<filename>/etc/openldap/slapd.conf</filename> must be changed from
277	<quote>bdb</quote> to <quote>ldbm</quote>. You can use both by
278	creating an additional database section in
279	<filename>/etc/openldap/slapd.conf</filename>.</para>
280
281	</sect3>
282
283	<sect3>
284	<title>Mozilla Address Directory</title>
285
286	<para>By default, LDAPv2 support is disabled in the
287	<filename>slapd.conf</filename> file. Once the database is properly
288	set up and <application>Mozilla</application> is configured to use the
289	directory, you must add <option>allow bind_v2</option> to the
290	<filename>slapd.conf</filename> file.</para>
291
292	</sect3>
293
294	<sect3 id="openldap-init">
295	<title>Boot Script</title>
296
297	<para>To automate the startup of the LDAP server at system bootup,
298	install the <filename>/etc/rc.d/init.d/openldap</filename> init script
299	included in the <xref linkend="bootscripts"/> package
300	using the following command:</para>
301
302	<indexterm zone="openldap openldap-init">
303	<primary sortas="f-openldap">openldap</primary>
304	</indexterm>
305
306	<screen role="root"><userinput>make install-openldap1</userinput></screen>
307
308	<para><emphasis>Note:</emphasis> The init script you just installed only
309	starts the <command>slapd</command> daemon. If you wish to also start the
310	<command>slurpd</command> daemon at system startup, install a modified
311	version of the script using this command:</para>
312
313	<screen role="root"><userinput>make install-openldap2</userinput></screen>
314
315	<note>
316	<para>The init script starts the daemons without any parameters.
317	You'll need to modify the script to include the parameters needed for
318	your specific configuration. See the <command>slapd</command> and
319	<command>slurpd</command> man pages for parameter information.</para>
320	</note>
321
322	</sect3>
323
324	<sect3>
325	<title>Testing the Configuration</title>
326
327	<para>Start the LDAP server using the init script:</para>
328
329	<screen role="root"><userinput>/etc/rc.d/init.d/openldap start</userinput></screen>
330
331	<para>Verify access to the LDAP server with the following
332	command:</para>
333
334	<screen><userinput>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</userinput></screen>
335
336	<para>The expected result is:</para>
337
338	<screen><computeroutput># extended LDIF
339	#
340	# LDAPv3
341	# base <> with scope base
342	# filter: (objectclass=*)
343	# requesting: namingContexts
344	#
345
346	#
347	dn:
348	namingContexts: dc=my-domain,dc=com
349
350	# search result
351	search: 2
352	result: 0 Success
353
354	# numResponses: 2
355	# numEntries: 1</computeroutput></screen>
356
357	</sect3>
358
359	</sect2>
360
361	<sect2 role="content">
362	<title>Contents</title>
363
364	<segmentedlist>
365	<segtitle>Installed Programs</segtitle>
366	<segtitle>Installed Libraries</segtitle>
367	<segtitle>Installed Directories</segtitle>
368
369	<seglistitem>
370	<seg>ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn,
371	ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn,
372	slapindex, slappasswd, slaptest, and slurpd</seg>
373	<seg>liblber.{so,a}, libldap.{so,a}, and libldap_r.{so,a}</seg>
374	<seg>/etc/openldap, /srv/ldap, and /usr/share/openldap</seg>
375	</seglistitem>
376	</segmentedlist>
377
378	<variablelist>
379	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
380	<?dbfo list-presentation="list"?>
381	<?dbhtml list-presentation="table"?>
382
383	<varlistentry id="ldapadd">
384	<term><command>ldapadd</command></term>
385	<listitem>
386	<para>opens a connection to an LDAP server, binds and adds
387	entries.</para>
388	<indexterm zone="openldap ldapadd">
389	<primary sortas="b-ldapadd">ldapadd</primary>
390	</indexterm>
391	</listitem>
392	</varlistentry>
393
394	<varlistentry id="ldapcompare">
395	<term><command>ldapcompare</command></term>
396	<listitem>
397	<para>opens a connection to an LDAP server, binds and performs
398	a compare using specified parameters.</para>
399	<indexterm zone="openldap ldapcompare">
400	<primary sortas="b-ldapcompare">ldapcompare</primary>
401	</indexterm>
402	</listitem>
403	</varlistentry>
404
405	<varlistentry id="ldapdelete">
406	<term><command>ldapdelete</command></term>
407	<listitem>
408	<para> opens a connection to an LDAP server, binds and deletes
409	one or more entries.</para>
410	<indexterm zone="openldap ldapdelete">
411	<primary sortas="b-ldapdelete">ldapdelete</primary>
412	</indexterm>
413	</listitem>
414	</varlistentry>
415
416	<varlistentry id="ldapmodify">
417	<term><command>ldapmodify</command></term>
418	<listitem>
419	<para>opens a connection to an LDAP server, binds and modifies
420	entries.</para>
421	<indexterm zone="openldap ldapmodify">
422	<primary sortas="b-ldapmodify">ldapmodify</primary>
423	</indexterm>
424	</listitem>
425	</varlistentry>
426
427	<varlistentry id="ldapmodrdn">
428	<term><command>ldapmodrdn</command></term>
429	<listitem>
430	<para>opens a connection to an LDAP server, binds and modifies
431	the RDN of entries.</para>
432	<indexterm zone="openldap ldapmodrdn">
433	<primary sortas="b-ldapmodrdn">ldapmodrdn</primary>
434	</indexterm>
435	</listitem>
436	</varlistentry>
437
438	<varlistentry id="ldappasswd">
439	<term><command>ldappasswd</command></term>
440	<listitem>
441	<para>is a tool to set the password of an LDAP user.</para>
442	<indexterm zone="openldap ldappasswd">
443	<primary sortas="b-ldappasswd">ldappasswd</primary>
444	</indexterm>
445	</listitem>
446	</varlistentry>
447
448	<varlistentry id="ldapsearch">
449	<term><command>ldapsearch</command></term>
450	<listitem>
451	<para>opens a connection to an LDAP server, binds and performs
452	a search using specified parameters.</para>
453	<indexterm zone="openldap ldapsearch">
454	<primary sortas="b-ldapsearch">ldapsearch</primary>
455	</indexterm>
456	</listitem>
457	</varlistentry>
458
459	<varlistentry id="ldapwhoami">
460	<term><command>ldapwhoami</command></term>
461	<listitem>
462	<para>opens a connection to an LDAP server, binds and displays
463	whoami information.</para>
464	<indexterm zone="openldap ldapwhoami">
465	<primary sortas="b-ldapwhoami">ldapwhoami</primary>
466	</indexterm>
467	</listitem>
468	</varlistentry>
469
470	<varlistentry id="slapadd">
471	<term><command>slapadd</command></term>
472	<listitem>
473	<para>is used to add entries specified in LDAP Directory Interchange
474	Format (LDIF) to an LDAP database.</para>
475	<indexterm zone="openldap slapadd">
476	<primary sortas="b-slapadd">slapadd</primary>
477	</indexterm>
478	</listitem>
479	</varlistentry>
480
481	<varlistentry id="slapcat">
482	<term><command>slapcat</command></term>
483	<listitem>
484	<para>is used to generate an LDAP LDIF output based upon the
485	contents of a slapd database.</para>
486	<indexterm zone="openldap slapcat">
487	<primary sortas="b-slapcat">slapcat</primary>
488	</indexterm>
489	</listitem>
490	</varlistentry>
491
492	<varlistentry id="slapd">
493	<term><command>slapd</command></term>
494	<listitem>
495	<para>is the stand-alone LDAP server.</para>
496	<indexterm zone="openldap slapd">
497	<primary sortas="b-slapd">slapd</primary>
498	</indexterm>
499	</listitem>
500	</varlistentry>
501
502	<varlistentry id="slapdn">
503	<term><command>slapdn</command></term>
504	<listitem>
505	<para>checks a list of string-represented DNs based on schema
506	syntax.</para>
507	<indexterm zone="openldap slapdn">
508	<primary sortas="b-slapdn">slapdn</primary>
509	</indexterm>
510	</listitem>
511	</varlistentry>
512
513	<varlistentry id="slapindex">
514	<term><command>slapindex</command></term>
515	<listitem>
516	<para>is used to regenerate slapd indices based upon the current
517	contents of a database.</para>
518	<indexterm zone="openldap slapindex">
519	<primary sortas="b-slapindex">slapindex</primary>
520	</indexterm>
521	</listitem>
522	</varlistentry>
523
524	<varlistentry id="slappasswd">
525	<term><command>slappasswd</command></term>
526	<listitem>
527	<para>is an <application>OpenLDAP</application> password
528	utility.</para>
529	<indexterm zone="openldap slappasswd">
530	<primary sortas="b-slappasswd">slappasswd</primary>
531	</indexterm>
532	</listitem>
533	</varlistentry>
534
535	<varlistentry id="slaptest">
536	<term><command>slaptest</command></term>
537	<listitem>
538	<para>checks the sanity of the <filename>slapd.conf</filename>
539	file.</para>
540	<indexterm zone="openldap slaptest">
541	<primary sortas="b-slaptest">slaptest</primary>
542	</indexterm>
543	</listitem>
544	</varlistentry>
545
546	<varlistentry id="slurpd">
547	<term><command>slurpd</command></term>
548	<listitem>
549	<para>is the stand-alone LDAP replication server.</para>
550	<indexterm zone="openldap slurpd">
551	<primary sortas="b-slurpd">slurpd</primary>
552	</indexterm>
553	</listitem>
554	</varlistentry>
555
556	<varlistentry id="liblber">
557	<term><filename class='libraryfile'>liblber.{so,a}</filename></term>
558	<listitem>
559	<para>is a set of lightweight Basic Encoding Rules routines. These
560	routines are used by the LDAP library routines to encode and decode
561	LDAP protocol elements using the (slightly simplified) Basic
562	Encoding Rules defined by LDAP. They are not normally used directly
563	by an LDAP application program except in the handling of controls
564	and extended operations.</para>
565	<indexterm zone="openldap liblber">
566	<primary sortas="c-liblber">liblber.{so,a}</primary>
567	</indexterm>
568	</listitem>
569	</varlistentry>
570
571	<varlistentry id="libldap">
572	<term><filename class='libraryfile'>libldap.{so,a}</filename></term>
573	<listitem>
574	<para>supports the LDAP programs and provide functionality for
575	other programs interacting with LDAP.</para>
576	<indexterm zone="openldap libldap">
577	<primary sortas="c-libldap">libldap.{so,a}</primary>
578	</indexterm>
579	</listitem>
580	</varlistentry>
581
582	<varlistentry id="libldap_r">
583	<term><filename class='libraryfile'>libldap_r.{so,a}</filename></term>
584	<listitem>
585	<para>contains the functions required by the LDAP programs to
586	produce the results from LDAP requests.</para>
587	<indexterm zone="openldap libldap_r">
588	<primary sortas="c-libldap_r">libldap_r.{so,a}</primary>
589	</indexterm>
590	</listitem>
591	</varlistentry>
592
593	</variablelist>
594
595	</sect2>
596
597	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: server/other/openldap.xml@ 0aeb696

Download in other formats: