source: server/other/openldap.xml@ 0c74155e

10.0 10.1 11.0 11.1 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/test-20220226
Last change on this file since 0c74155e was 0c74155e, checked in by Randy McMurchy <randy@…>, 15 years ago

Changed the chmod command in the OpenLDAP instructions to use the 'readlink' command to find out the names of the shared libraries

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7103 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 20.5 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
8 <!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
9 <!ENTITY openldap-md5sum "154d674cf95a8f8acc496cc6cb0671e1">
10 <!ENTITY openldap-size "3.7 MB">
11 <!ENTITY openldap-buildsize "112 MB">
12 <!ENTITY openldap-time "1.7 SBU and approximately 30 minutes to run the tests (processor independent)">
13]>
14
15<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
16 <?dbhtml filename="openldap.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>OpenLDAP-&openldap-version;</title>
24
25 <indexterm zone="openldap">
26 <primary sortas="a-OpenLDAP">OpenLDAP</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to OpenLDAP</title>
31
32 <para>The <application>OpenLDAP</application> package provides an open
33 source implementation of the Lightweight Directory Access Protocol.</para>
34
35 <bridgehead renderas="sect3">Package Information</bridgehead>
36 <itemizedlist spacing="compact">
37 <listitem>
38 <para>Download (HTTP): <ulink url="&openldap-download-http;"/></para>
39 </listitem>
40 <listitem>
41 <para>Download (FTP): <ulink url="&openldap-download-ftp;"/></para>
42 </listitem>
43 <listitem>
44 <para>Download MD5 sum: &openldap-md5sum;</para>
45 </listitem>
46 <listitem>
47 <para>Download size: &openldap-size;</para>
48 </listitem>
49 <listitem>
50 <para>Estimated disk space required: &openldap-buildsize;</para>
51 </listitem>
52 <listitem>
53 <para>Estimated build time: &openldap-time;</para>
54 </listitem>
55 </itemizedlist>
56
57 <note>
58 <para>The <application>OpenLDAP</application> stable releases are
59 packaged without version numbers in the tarball names. You can see the
60 relationship between the version number and name of the tarball at <ulink
61 url="http://www.openldap.org/software/download/"/>.</para>
62 </note>
63
64 <bridgehead renderas="sect3">OpenLDAP Dependencies</bridgehead>
65
66 <bridgehead renderas="sect4">Required</bridgehead>
67 <para role="required"><xref linkend="db"/> is recommended (built in LFS) or
68 <!-- <xref linkend="db"/> -->
69 <xref linkend="gdbm"/></para>
70
71 <bridgehead renderas="sect4">Recommended</bridgehead>
72 <para role="recommended"><xref linkend="cyrus-sasl"/> and
73 <xref linkend="openssl"/></para>
74
75 <bridgehead renderas="sect4">Optional</bridgehead>
76 <para role="optional"><xref linkend="tcpwrappers"/>,
77 <xref linkend="unixodbc"/>,
78 <xref linkend="gmp"/>,
79 <xref linkend="pth"/>, and
80 <ulink url="http://www.openslp.org/">OpenSLP</ulink></para>
81
82 <para condition="html" role="usernotes">User Notes:
83 <ulink url="&blfs-wiki;/openldap"/></para>
84
85 </sect2>
86
87 <sect2 role="installation">
88 <title>Installation of OpenLDAP</title>
89
90 <para>Install <application>OpenLDAP</application> by
91 running the following commands:</para>
92
93<screen><userinput>./configure --prefix=/usr \
94 --libexecdir=/usr/sbin \
95 --sysconfdir=/etc \
96 --localstatedir=/srv/ldap \
97 --disable-debug \
98 --enable-dynamic \
99 --enable-crypt \
100 --enable-modules \
101 --enable-rlookups \
102 --enable-backends \
103 --enable-overlays &amp;&amp;
104make depend &amp;&amp;
105make</userinput></screen>
106
107 <para>To test the results, issue: <command>make test</command>. If you've
108 enabled <application>tcp_wrappers</application>, ensure you add 127.0.0.1
109 to the <parameter>slapd</parameter> line in the
110 <filename>/etc/hosts.allow</filename> file if you have a restrictive
111 <filename>/etc/hosts.deny</filename> file.</para>
112
113 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
114
115<screen role="root"><userinput>make install &amp;&amp;
116
117for LINK in lber ldap ldap_r; do
118 chmod -v 0755 /usr/lib/$(readlink /usr/lib/lib${LINK}.so)
119done &amp;&amp;
120
121install -v -m755 -d /usr/share/doc/openldap-&openldap-version;/{drafts,guide,rfc} &amp;&amp;
122install -v -m644 doc/drafts/* /usr/share/doc/openldap-&openldap-version;/drafts &amp;&amp;
123install -v -m644 doc/rfc/* /usr/share/doc/openldap-&openldap-version;/rfc &amp;&amp;
124cp -v -R doc/guide/* /usr/share/doc/openldap-&openldap-version;/guide</userinput></screen>
125
126 </sect2>
127
128 <sect2 role="commands">
129 <title>Command Explanations</title>
130
131 <para><parameter>--libexecdir=/usr/sbin</parameter>: Installs the
132 <command>slapd</command> and <command>slurpd</command> daemon programs in
133 <filename class="directory">/usr/sbin</filename> instead of
134 <filename class="directory">/usr/libexec</filename>.</para>
135
136 <para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file
137 directory to avoid the default of
138 <filename class="directory">/usr/etc</filename>.</para>
139
140 <para><parameter>--localstatedir=/srv/ldap</parameter>: Sets the directory
141 to use for the LDAP directory database, replication logs and
142 run-time variable data.</para>
143
144 <para><parameter>--disable-debug</parameter>: Disable debugging code.</para>
145
146 <para><parameter>--enable-dynamic</parameter>: This forces the
147 <application>OpenLDAP</application> libraries to be dynamically linked
148 to the executable programs.</para>
149
150 <para><parameter>--enable-crypt</parameter>: Enables crypt(3)
151 passwords.</para>
152
153 <para><parameter>--enable-modules</parameter>: Enables dynamic module
154 support.</para>
155
156 <!-- <para><parameter>-enable-ldap</parameter>: Enables the
157 <command>slapd</command> LDAP backend.</para>
158
159 <para><parameter>-enable-ldbm</parameter>: Build <command>slapd</command>
160 with the primary database back end using either
161 <application>Berkeley DB</application> or
162 <application>GNU Database Manager</application>.</para> -->
163
164 <para><parameter>--enable-rlookups</parameter>: This parameter enables
165 reverse lookups of client hostnames.</para>
166
167 <para><parameter>--enable-backends</parameter>: This parameter enables
168 all available backends.</para>
169
170 <para><parameter>--enable-overlays</parameter>: This parameter enables
171 all available overlays.</para>
172
173 <para><option>--disable-bdb --disable-hdb --with-ldbm-api=gdbm</option>:
174 Pass these parameters to the <command>configure</command> command if you
175 wish to use <application>GDBM</application> instead of
176 <application>Berkeley DB</application> as the primary backend
177 database.</para>
178
179 <para><command>chmod -v 0755 ...</command>: This
180 command adds the executable bit to the shared libraries.</para>
181
182 <note>
183 <para>You can run <command>./configure --help</command> to see if there
184 are other parameters you can pass to the <command>configure</command>
185 command to enable other options or dependency packages.</para>
186 </note>
187
188 </sect2>
189
190 <sect2 role="configuration">
191 <title>Configuring OpenLDAP</title>
192
193 <sect3 id="openldap-config">
194 <title>Config Files</title>
195
196 <para><filename>/etc/openldap/*</filename></para>
197
198 <indexterm zone="openldap openldap-config">
199 <primary sortas="e-etc-openldap">/etc/openldap/*</primary>
200 </indexterm>
201
202 </sect3>
203
204 <sect3>
205 <title>Configuration Information</title>
206
207 <para>Configuring the <command>slapd</command> and
208 <command>slurpd</command> servers can be complex. Securing the LDAP
209 directory, especially if you are storing non-public data such as
210 password databases, can also be a challenging task. You'll need to
211 modify the <filename>/etc/openldap/slapd.conf</filename> and
212 <filename>/etc/openldap/ldap.conf</filename> files to set up
213 <application>OpenLDAP</application> for your particular needs.</para>
214
215 <indexterm zone="openldap openldap-config">
216 <primary
217 sortas="e-etc-openldap-slapd.conf">/etc/openldap/slapd.conf</primary>
218 </indexterm>
219
220 <indexterm zone="openldap openldap-config">
221 <primary
222 sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary>
223 </indexterm>
224
225 <para>Resources to assist you with topics such as choosing a directory
226 configuration, backend and database definitions, access control settings,
227 running as a user other than <systemitem class="username">root</systemitem>
228 and setting a <command>chroot</command> environment include:</para>
229
230 <itemizedlist spacing='compact'>
231 <listitem>
232 <para>The <command>slapd</command> man page</para>
233 </listitem>
234 <listitem>
235 <para>The <filename>slapd.conf</filename> man page</para>
236 </listitem>
237 <listitem>
238 <para>The <ulink
239 url="http://www.openldap.org/doc/admin23/">OpenLDAP 2.3
240 Administrator's Guide</ulink> (also installed locally in
241 <filename class='directory'>
242 /usr/share/doc/openldap-&openldap-version;/guide/admin</filename>)</para>
243 </listitem>
244 <listitem>
245 <para>Documents located at
246 <ulink url="http://www.openldap.org/pub/"/></para>
247 </listitem>
248 </itemizedlist>
249
250 </sect3>
251
252 <sect3>
253 <title>Utilizing GDBM</title>
254
255 <para>To utilize <application>GDBM</application> as the database
256 backend, the <quote>database</quote> entry in
257 <filename>/etc/openldap/slapd.conf</filename> must be changed from
258 <quote>bdb</quote> to <quote>ldbm</quote>. You can use both by
259 creating an additional database section in
260 <filename>/etc/openldap/slapd.conf</filename>.</para>
261
262 </sect3>
263
264 <sect3>
265 <title>Mozilla Address Directory</title>
266
267 <para>By default, LDAPv2 support is disabled in the
268 <filename>slapd.conf</filename> file. Once the database is properly
269 set up and <application>Mozilla</application> is configured to use the
270 directory, you must add <option>allow bind_v2</option> to the
271 <filename>slapd.conf</filename> file.</para>
272
273 </sect3>
274
275 <sect3 id="openldap-init">
276 <title>Boot Script</title>
277
278 <para>To automate the startup of the LDAP server at system bootup,
279 install the <filename>/etc/rc.d/init.d/openldap</filename> init script
280 included in the <xref linkend="bootscripts"/> package
281 using the following command:</para>
282
283 <indexterm zone="openldap openldap-init">
284 <primary sortas="f-openldap">openldap</primary>
285 </indexterm>
286
287<screen role="root"><userinput>make install-openldap1</userinput></screen>
288
289 <para><emphasis>Note:</emphasis> The init script you just installed only
290 starts the <command>slapd</command> daemon. If you wish to also start the
291 <command>slurpd</command> daemon at system startup, install a modified
292 version of the script using this command:</para>
293
294<screen role="root"><userinput>make install-openldap2</userinput></screen>
295
296 <note>
297 <para>The init script starts the daemons without any parameters.
298 You'll need to modify the script to include the parameters needed for
299 your specific configuration. See the <command>slapd</command> and
300 <command>slurpd</command> man pages for parameter information.</para>
301 </note>
302
303 </sect3>
304
305 <sect3>
306 <title>Testing the Configuration</title>
307
308 <para>Start the LDAP server using the init script:</para>
309
310<screen role="root"><userinput>/etc/rc.d/init.d/openldap start</userinput></screen>
311
312 <para>Verify access to the LDAP server with the following
313 command:</para>
314
315<screen><userinput>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</userinput></screen>
316
317 <para>The expected result is:</para>
318
319<screen><computeroutput># extended LDIF
320#
321# LDAPv3
322# base &lt;&gt; with scope base
323# filter: (objectclass=*)
324# requesting: namingContexts
325#
326
327#
328dn:
329namingContexts: dc=my-domain,dc=com
330
331# search result
332search: 2
333result: 0 Success
334
335# numResponses: 2
336# numEntries: 1</computeroutput></screen>
337
338 </sect3>
339
340 </sect2>
341
342 <sect2 role="content">
343 <title>Contents</title>
344
345 <segmentedlist>
346 <segtitle>Installed Programs</segtitle>
347 <segtitle>Installed Libraries</segtitle>
348 <segtitle>Installed Directories</segtitle>
349
350 <seglistitem>
351 <seg>ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn,
352 ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn,
353 slapindex, slappasswd, slaptest, and slurpd</seg>
354 <seg>liblber.{so,a}, libldap.{so,a}, and libldap_r.{so,a}</seg>
355 <seg>/etc/openldap, /srv/ldap, and /usr/share/openldap</seg>
356 </seglistitem>
357 </segmentedlist>
358
359 <variablelist>
360 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
361 <?dbfo list-presentation="list"?>
362 <?dbhtml list-presentation="table"?>
363
364 <varlistentry id="ldapadd">
365 <term><command>ldapadd</command></term>
366 <listitem>
367 <para>opens a connection to an LDAP server, binds and adds
368 entries.</para>
369 <indexterm zone="openldap ldapadd">
370 <primary sortas="b-ldapadd">ldapadd</primary>
371 </indexterm>
372 </listitem>
373 </varlistentry>
374
375 <varlistentry id="ldapcompare">
376 <term><command>ldapcompare</command></term>
377 <listitem>
378 <para>opens a connection to an LDAP server, binds and performs
379 a compare using specified parameters.</para>
380 <indexterm zone="openldap ldapcompare">
381 <primary sortas="b-ldapcompare">ldapcompare</primary>
382 </indexterm>
383 </listitem>
384 </varlistentry>
385
386 <varlistentry id="ldapdelete">
387 <term><command>ldapdelete</command></term>
388 <listitem>
389 <para> opens a connection to an LDAP server, binds and deletes
390 one or more entries.</para>
391 <indexterm zone="openldap ldapdelete">
392 <primary sortas="b-ldapdelete">ldapdelete</primary>
393 </indexterm>
394 </listitem>
395 </varlistentry>
396
397 <varlistentry id="ldapmodify">
398 <term><command>ldapmodify</command></term>
399 <listitem>
400 <para>opens a connection to an LDAP server, binds and modifies
401 entries.</para>
402 <indexterm zone="openldap ldapmodify">
403 <primary sortas="b-ldapmodify">ldapmodify</primary>
404 </indexterm>
405 </listitem>
406 </varlistentry>
407
408 <varlistentry id="ldapmodrdn">
409 <term><command>ldapmodrdn</command></term>
410 <listitem>
411 <para>opens a connection to an LDAP server, binds and modifies
412 the RDN of entries.</para>
413 <indexterm zone="openldap ldapmodrdn">
414 <primary sortas="b-ldapmodrdn">ldapmodrdn</primary>
415 </indexterm>
416 </listitem>
417 </varlistentry>
418
419 <varlistentry id="ldappasswd">
420 <term><command>ldappasswd</command></term>
421 <listitem>
422 <para>is a tool to set the password of an LDAP user.</para>
423 <indexterm zone="openldap ldappasswd">
424 <primary sortas="b-ldappasswd">ldappasswd</primary>
425 </indexterm>
426 </listitem>
427 </varlistentry>
428
429 <varlistentry id="ldapsearch">
430 <term><command>ldapsearch</command></term>
431 <listitem>
432 <para>opens a connection to an LDAP server, binds and performs
433 a search using specified parameters.</para>
434 <indexterm zone="openldap ldapsearch">
435 <primary sortas="b-ldapsearch">ldapsearch</primary>
436 </indexterm>
437 </listitem>
438 </varlistentry>
439
440 <varlistentry id="ldapwhoami">
441 <term><command>ldapwhoami</command></term>
442 <listitem>
443 <para>opens a connection to an LDAP server, binds and displays
444 whoami information.</para>
445 <indexterm zone="openldap ldapwhoami">
446 <primary sortas="b-ldapwhoami">ldapwhoami</primary>
447 </indexterm>
448 </listitem>
449 </varlistentry>
450
451 <varlistentry id="slapadd">
452 <term><command>slapadd</command></term>
453 <listitem>
454 <para>is used to add entries specified in LDAP Directory Interchange
455 Format (LDIF) to an LDAP database.</para>
456 <indexterm zone="openldap slapadd">
457 <primary sortas="b-slapadd">slapadd</primary>
458 </indexterm>
459 </listitem>
460 </varlistentry>
461
462 <varlistentry id="slapcat">
463 <term><command>slapcat</command></term>
464 <listitem>
465 <para>is used to generate an LDAP LDIF output based upon the
466 contents of a slapd database.</para>
467 <indexterm zone="openldap slapcat">
468 <primary sortas="b-slapcat">slapcat</primary>
469 </indexterm>
470 </listitem>
471 </varlistentry>
472
473 <varlistentry id="slapd">
474 <term><command>slapd</command></term>
475 <listitem>
476 <para>is the stand-alone LDAP server.</para>
477 <indexterm zone="openldap slapd">
478 <primary sortas="b-slapd">slapd</primary>
479 </indexterm>
480 </listitem>
481 </varlistentry>
482
483 <varlistentry id="slapdn">
484 <term><command>slapdn</command></term>
485 <listitem>
486 <para>checks a list of string-represented DNs based on schema
487 syntax.</para>
488 <indexterm zone="openldap slapdn">
489 <primary sortas="b-slapdn">slapdn</primary>
490 </indexterm>
491 </listitem>
492 </varlistentry>
493
494 <varlistentry id="slapindex">
495 <term><command>slapindex</command></term>
496 <listitem>
497 <para>is used to regenerate slapd indices based upon the current
498 contents of a database.</para>
499 <indexterm zone="openldap slapindex">
500 <primary sortas="b-slapindex">slapindex</primary>
501 </indexterm>
502 </listitem>
503 </varlistentry>
504
505 <varlistentry id="slappasswd">
506 <term><command>slappasswd</command></term>
507 <listitem>
508 <para>is an <application>OpenLDAP</application> password
509 utility.</para>
510 <indexterm zone="openldap slappasswd">
511 <primary sortas="b-slappasswd">slappasswd</primary>
512 </indexterm>
513 </listitem>
514 </varlistentry>
515
516 <varlistentry id="slaptest">
517 <term><command>slaptest</command></term>
518 <listitem>
519 <para>checks the sanity of the <filename>slapd.conf</filename>
520 file.</para>
521 <indexterm zone="openldap slaptest">
522 <primary sortas="b-slaptest">slaptest</primary>
523 </indexterm>
524 </listitem>
525 </varlistentry>
526
527 <varlistentry id="slurpd">
528 <term><command>slurpd</command></term>
529 <listitem>
530 <para>is the stand-alone LDAP replication server.</para>
531 <indexterm zone="openldap slurpd">
532 <primary sortas="b-slurpd">slurpd</primary>
533 </indexterm>
534 </listitem>
535 </varlistentry>
536
537 <varlistentry id="liblber">
538 <term><filename class='libraryfile'>liblber.{so,a}</filename></term>
539 <listitem>
540 <para>is a set of lightweight Basic Encoding Rules routines. These
541 routines are used by the LDAP library routines to encode and decode
542 LDAP protocol elements using the (slightly simplified) Basic
543 Encoding Rules defined by LDAP. They are not normally used directly
544 by an LDAP application program except in the handling of controls
545 and extended operations.</para>
546 <indexterm zone="openldap liblber">
547 <primary sortas="c-liblber">liblber.{so,a}</primary>
548 </indexterm>
549 </listitem>
550 </varlistentry>
551
552 <varlistentry id="libldap">
553 <term><filename class='libraryfile'>libldap.{so,a}</filename></term>
554 <listitem>
555 <para>supports the LDAP programs and provide functionality for
556 other programs interacting with LDAP.</para>
557 <indexterm zone="openldap libldap">
558 <primary sortas="c-libldap">libldap.{so,a}</primary>
559 </indexterm>
560 </listitem>
561 </varlistentry>
562
563 <varlistentry id="libldap_r">
564 <term><filename class='libraryfile'>libldap_r.{so,a}</filename></term>
565 <listitem>
566 <para>contains the functions required by the LDAP programs to
567 produce the results from LDAP requests.</para>
568 <indexterm zone="openldap libldap_r">
569 <primary sortas="c-libldap_r">libldap_r.{so,a}</primary>
570 </indexterm>
571 </listitem>
572 </varlistentry>
573
574 </variablelist>
575
576 </sect2>
577
578</sect1>
Note: See TracBrowser for help on using the repository browser.