Context Navigation

openldap.xml@ 2288649

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 2288649 was 2288649, checked in by Randy McMurchy <randy@…>, 17 years ago

Updated to OpenLDAP-2.3.34

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6699 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 20.6 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-release/openldap-&openldap-download-version;.tgz">
8	<!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-&openldap-download-version;.tgz">
9	<!ENTITY openldap-md5sum "143eeb6e3c163e5f52d8e744b43a5960">
10	<!ENTITY openldap-size "3.7 MB">
11	<!ENTITY openldap-buildsize "112 MB">
12	<!ENTITY openldap-time "1.9 SBU and approximately 30 minutes to run the tests (processor independent)">
13	]>
14
15	<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
16	<?dbhtml filename="openldap.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>OpenLDAP-&openldap-version;</title>
24
25	<indexterm zone="openldap">
26	<primary sortas="a-OpenLDAP">OpenLDAP</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to OpenLDAP</title>
31
32	<para>The <application>OpenLDAP</application> package provides an open
33	source implementation of the Lightweight Directory Access Protocol.</para>
34
35	<bridgehead renderas="sect3">Package Information</bridgehead>
36	<itemizedlist spacing="compact">
37	<listitem>
38	<para>Download (HTTP): <ulink url="&openldap-download-http;"/></para>
39	</listitem>
40	<listitem>
41	<para>Download (FTP): <ulink url="&openldap-download-ftp;"/></para>
42	</listitem>
43	<listitem>
44	<para>Download MD5 sum: &openldap-md5sum;</para>
45	</listitem>
46	<listitem>
47	<para>Download size: &openldap-size;</para>
48	</listitem>
49	<listitem>
50	<para>Estimated disk space required: &openldap-buildsize;</para>
51	</listitem>
52	<listitem>
53	<para>Estimated build time: &openldap-time;</para>
54	</listitem>
55	</itemizedlist>
56
57	<note>
58	<para>The <application>OpenLDAP</application> stable releases are
59	packaged without version numbers in the tarball names. You can see the
60	relationship between the version number and name of the tarball at <ulink
61	url="http://www.openldap.org/software/download/"/>. Currently, a
62	version release is being used due to a mixup on the
63	<application>OpenLDAP</application> download page.</para>
64	</note>
65
66	<bridgehead renderas="sect3">OpenLDAP Dependencies</bridgehead>
67
68	<bridgehead renderas="sect4">Required</bridgehead>
69	<para role="required"><xref linkend="db"/> is recommended (built in LFS) or
70	<!-- <xref linkend="db"/> -->
71	<xref linkend="gdbm"/></para>
72
73	<bridgehead renderas="sect4">Recommended</bridgehead>
74	<para role="recommended"><xref linkend="cyrus-sasl"/> and
75	<xref linkend="openssl"/></para>
76
77	<bridgehead renderas="sect4">Optional</bridgehead>
78	<para role="optional"><xref linkend="tcpwrappers"/>,
79	<xref linkend="unixodbc"/>,
80	<xref linkend="gmp"/>,
81	<ulink url="http://www.gnu.org/software/pth/">GNU Pth</ulink>, and
82	<ulink url="http://www.openslp.org/">OpenSLP</ulink></para>
83
84	<para condition="html" role="usernotes">User Notes:
85	<ulink url="&blfs-wiki;/openldap"/></para>
86
87	</sect2>
88
89	<sect2 role="installation">
90	<title>Installation of OpenLDAP</title>
91
92	<para>Install <application>OpenLDAP</application> by
93	running the following commands:</para>
94
95	<screen><userinput>./configure --prefix=/usr \
96	--libexecdir=/usr/sbin \
97	--sysconfdir=/etc \
98	--localstatedir=/srv/ldap \
99	--disable-debug \
100	--enable-dynamic \
101	--enable-crypt \
102	--enable-modules \
103	--enable-rlookups \
104	--enable-backends \
105	--enable-overlays &&
106	make depend &&
107	make</userinput></screen>
108
109	<para>To test the results, issue: <command>make test</command>. If you've
110	enabled <application>tcp_wrappers</application>, ensure you add 127.0.0.1
111	to the <parameter>slapd</parameter> line in the
112	<filename>/etc/hosts.allow</filename> file if you have a restrictive
113	<filename>/etc/hosts.deny</filename> file.</para>
114
115	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
116
117	<screen role="root"><userinput>make install &&
118	chmod -v 755 /usr/lib/libl*-2.3.so.0.2.22 &&
119	install -v -m755 -d /usr/share/doc/openldap-&openldap-version;/{drafts,guide,rfc} &&
120	install -v -m644 doc/drafts/* /usr/share/doc/openldap-&openldap-version;/drafts &&
121	install -v -m644 doc/rfc/* /usr/share/doc/openldap-&openldap-version;/rfc &&
122	cp -v -R doc/guide/* /usr/share/doc/openldap-&openldap-version;/guide</userinput></screen>
123
124	</sect2>
125
126	<sect2 role="commands">
127	<title>Command Explanations</title>
128
129	<para><parameter>--libexecdir=/usr/sbin</parameter>: Installs the
130	<command>slapd</command> and <command>slurpd</command> daemon programs in
131	<filename class="directory">/usr/sbin</filename> instead of
132	<filename class="directory">/usr/libexec</filename>.</para>
133
134	<para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file
135	directory to avoid the default of
136	<filename class="directory">/usr/etc</filename>.</para>
137
138	<para><parameter>--localstatedir=/srv/ldap</parameter>: Sets the directory
139	to use for the LDAP directory database, replication logs and
140	run-time variable data.</para>
141
142	<para><parameter>--disable-debug</parameter>: Disable debugging code.</para>
143
144	<para><parameter>--enable-dynamic</parameter>: This forces the
145	<application>OpenLDAP</application> libraries to be dynamically linked
146	to the executable programs.</para>
147
148	<para><parameter>--enable-crypt</parameter>: Enables crypt(3)
149	passwords.</para>
150
151	<para><parameter>--enable-modules</parameter>: Enables dynamic module
152	support.</para>
153
154	<!-- <para><parameter>-enable-ldap</parameter>: Enables the
155	<command>slapd</command> LDAP backend.</para>
156
157	<para><parameter>-enable-ldbm</parameter>: Build <command>slapd</command>
158	with the primary database back end using either
159	<application>Berkeley DB</application> or
160	<application>GNU Database Manager</application>.</para> -->
161
162	<para><parameter>--enable-rlookups</parameter>: This parameter enables
163	reverse lookups of client hostnames.</para>
164
165	<para><parameter>--enable-backends</parameter>: This parameter enables
166	all available backends.</para>
167
168	<para><parameter>--enable-overlays</parameter>: This parameter enables
169	all available overlays.</para>
170
171	<para><option>--disable-bdb --disable-hdb --with-ldbm-api=gdbm</option>:
172	Pass these parameters to the <command>configure</command> command if you
173	wish to use <application>GDBM</application> instead of
174	<application>Berkeley DB</application> as the primary backend
175	database.</para>
176
177	<para><command>chmod -v 755 /usr/lib/libl*-2.3.so.0.2.22</command>: This
178	command adds the executable bit to the shared libraries.</para>
179
180	<note>
181	<para>You can run <command>./configure --help</command> to see if there
182	are other parameters you can pass to the <command>configure</command>
183	command to enable other options or dependency packages.</para>
184	</note>
185
186	</sect2>
187
188	<sect2 role="configuration">
189	<title>Configuring OpenLDAP</title>
190
191	<sect3 id="openldap-config">
192	<title>Config Files</title>
193
194	<para><filename>/etc/openldap/*</filename></para>
195
196	<indexterm zone="openldap openldap-config">
197	<primary sortas="e-etc-openldap">/etc/openldap/*</primary>
198	</indexterm>
199
200	</sect3>
201
202	<sect3>
203	<title>Configuration Information</title>
204
205	<para>Configuring the <command>slapd</command> and
206	<command>slurpd</command> servers can be complex. Securing the LDAP
207	directory, especially if you are storing non-public data such as
208	password databases, can also be a challenging task. You'll need to
209	modify the <filename>/etc/openldap/slapd.conf</filename> and
210	<filename>/etc/openldap/ldap.conf</filename> files to set up
211	<application>OpenLDAP</application> for your particular needs.</para>
212
213	<indexterm zone="openldap openldap-config">
214	<primary
215	sortas="e-etc-openldap-slapd.conf">/etc/openldap/slapd.conf</primary>
216	</indexterm>
217
218	<indexterm zone="openldap openldap-config">
219	<primary
220	sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary>
221	</indexterm>
222
223	<para>Resources to assist you with topics such as choosing a directory
224	configuration, backend and database definitions, access control settings,
225	running as a user other than <systemitem class="username">root</systemitem>
226	and setting a <command>chroot</command> environment include:</para>
227
228	<itemizedlist spacing='compact'>
229	<listitem>
230	<para>The <command>slapd</command> man page</para>
231	</listitem>
232	<listitem>
233	<para>The <filename>slapd.conf</filename> man page</para>
234	</listitem>
235	<listitem>
236	<para>The <ulink
237	url="http://www.openldap.org/doc/admin23/">OpenLDAP 2.3
238	Administrator's Guide</ulink> (also installed locally in
239	<filename class='directory'>
240	/usr/share/doc/openldap-&openldap-version;/guide/admin</filename>)</para>
241	</listitem>
242	<listitem>
243	<para>Documents located at
244	<ulink url="http://www.openldap.org/pub/"/></para>
245	</listitem>
246	</itemizedlist>
247
248	</sect3>
249
250	<sect3>
251	<title>Utilizing GDBM</title>
252
253	<para>To utilize <application>GDBM</application> as the database
254	backend, the <quote>database</quote> entry in
255	<filename>/etc/openldap/slapd.conf</filename> must be changed from
256	<quote>bdb</quote> to <quote>ldbm</quote>. You can use both by
257	creating an additional database section in
258	<filename>/etc/openldap/slapd.conf</filename>.</para>
259
260	</sect3>
261
262	<sect3>
263	<title>Mozilla Address Directory</title>
264
265	<para>By default, LDAPv2 support is disabled in the
266	<filename>slapd.conf</filename> file. Once the database is properly
267	set up and <application>Mozilla</application> is configured to use the
268	directory, you must add <option>allow bind_v2</option> to the
269	<filename>slapd.conf</filename> file.</para>
270
271	</sect3>
272
273	<sect3 id="openldap-init">
274	<title>Boot Script</title>
275
276	<para>To automate the startup of the LDAP server at system bootup,
277	install the <filename>/etc/rc.d/init.d/openldap</filename> init script
278	included in the <xref linkend="bootscripts"/> package
279	using the following command:</para>
280
281	<indexterm zone="openldap openldap-init">
282	<primary sortas="f-openldap">openldap</primary>
283	</indexterm>
284
285	<screen role="root"><userinput>make install-openldap1</userinput></screen>
286
287	<para><emphasis>Note:</emphasis> The init script you just installed only
288	starts the <command>slapd</command> daemon. If you wish to also start the
289	<command>slurpd</command> daemon at system startup, install a modified
290	version of the script using this command:</para>
291
292	<screen role="root"><userinput>make install-openldap2</userinput></screen>
293
294	<note>
295	<para>The init script starts the daemons without any parameters.
296	You'll need to modify the script to include the parameters needed for
297	your specific configuration. See the <command>slapd</command> and
298	<command>slurpd</command> man pages for parameter information.</para>
299	</note>
300
301	</sect3>
302
303	<sect3>
304	<title>Testing the Configuration</title>
305
306	<para>Start the LDAP server using the init script:</para>
307
308	<screen role="root"><userinput>/etc/rc.d/init.d/openldap start</userinput></screen>
309
310	<para>Verify access to the LDAP server with the following
311	command:</para>
312
313	<screen><userinput>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</userinput></screen>
314
315	<para>The expected result is:</para>
316
317	<screen><computeroutput># extended LDIF
318	#
319	# LDAPv3
320	# base <> with scope base
321	# filter: (objectclass=*)
322	# requesting: namingContexts
323	#
324
325	#
326	dn:
327	namingContexts: dc=my-domain,dc=com
328
329	# search result
330	search: 2
331	result: 0 Success
332
333	# numResponses: 2
334	# numEntries: 1</computeroutput></screen>
335
336	</sect3>
337
338	</sect2>
339
340	<sect2 role="content">
341	<title>Contents</title>
342
343	<segmentedlist>
344	<segtitle>Installed Programs</segtitle>
345	<segtitle>Installed Libraries</segtitle>
346	<segtitle>Installed Directories</segtitle>
347
348	<seglistitem>
349	<seg>ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn,
350	ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn,
351	slapindex, slappasswd, slaptest, and slurpd</seg>
352	<seg>liblber.{so,a}, libldap.{so,a}, and libldap_r.{so,a}</seg>
353	<seg>/etc/openldap, /srv/ldap, and /usr/share/openldap</seg>
354	</seglistitem>
355	</segmentedlist>
356
357	<variablelist>
358	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
359	<?dbfo list-presentation="list"?>
360	<?dbhtml list-presentation="table"?>
361
362	<varlistentry id="ldapadd">
363	<term><command>ldapadd</command></term>
364	<listitem>
365	<para>opens a connection to an LDAP server, binds and adds
366	entries.</para>
367	<indexterm zone="openldap ldapadd">
368	<primary sortas="b-ldapadd">ldapadd</primary>
369	</indexterm>
370	</listitem>
371	</varlistentry>
372
373	<varlistentry id="ldapcompare">
374	<term><command>ldapcompare</command></term>
375	<listitem>
376	<para>opens a connection to an LDAP server, binds and performs
377	a compare using specified parameters.</para>
378	<indexterm zone="openldap ldapcompare">
379	<primary sortas="b-ldapcompare">ldapcompare</primary>
380	</indexterm>
381	</listitem>
382	</varlistentry>
383
384	<varlistentry id="ldapdelete">
385	<term><command>ldapdelete</command></term>
386	<listitem>
387	<para> opens a connection to an LDAP server, binds and deletes
388	one or more entries.</para>
389	<indexterm zone="openldap ldapdelete">
390	<primary sortas="b-ldapdelete">ldapdelete</primary>
391	</indexterm>
392	</listitem>
393	</varlistentry>
394
395	<varlistentry id="ldapmodify">
396	<term><command>ldapmodify</command></term>
397	<listitem>
398	<para>opens a connection to an LDAP server, binds and modifies
399	entries.</para>
400	<indexterm zone="openldap ldapmodify">
401	<primary sortas="b-ldapmodify">ldapmodify</primary>
402	</indexterm>
403	</listitem>
404	</varlistentry>
405
406	<varlistentry id="ldapmodrdn">
407	<term><command>ldapmodrdn</command></term>
408	<listitem>
409	<para>opens a connection to an LDAP server, binds and modifies
410	the RDN of entries.</para>
411	<indexterm zone="openldap ldapmodrdn">
412	<primary sortas="b-ldapmodrdn">ldapmodrdn</primary>
413	</indexterm>
414	</listitem>
415	</varlistentry>
416
417	<varlistentry id="ldappasswd">
418	<term><command>ldappasswd</command></term>
419	<listitem>
420	<para>is a tool to set the password of an LDAP user.</para>
421	<indexterm zone="openldap ldappasswd">
422	<primary sortas="b-ldappasswd">ldappasswd</primary>
423	</indexterm>
424	</listitem>
425	</varlistentry>
426
427	<varlistentry id="ldapsearch">
428	<term><command>ldapsearch</command></term>
429	<listitem>
430	<para>opens a connection to an LDAP server, binds and performs
431	a search using specified parameters.</para>
432	<indexterm zone="openldap ldapsearch">
433	<primary sortas="b-ldapsearch">ldapsearch</primary>
434	</indexterm>
435	</listitem>
436	</varlistentry>
437
438	<varlistentry id="ldapwhoami">
439	<term><command>ldapwhoami</command></term>
440	<listitem>
441	<para>opens a connection to an LDAP server, binds and displays
442	whoami information.</para>
443	<indexterm zone="openldap ldapwhoami">
444	<primary sortas="b-ldapwhoami">ldapwhoami</primary>
445	</indexterm>
446	</listitem>
447	</varlistentry>
448
449	<varlistentry id="slapadd">
450	<term><command>slapadd</command></term>
451	<listitem>
452	<para>is used to add entries specified in LDAP Directory Interchange
453	Format (LDIF) to an LDAP database.</para>
454	<indexterm zone="openldap slapadd">
455	<primary sortas="b-slapadd">slapadd</primary>
456	</indexterm>
457	</listitem>
458	</varlistentry>
459
460	<varlistentry id="slapcat">
461	<term><command>slapcat</command></term>
462	<listitem>
463	<para>is used to generate an LDAP LDIF output based upon the
464	contents of a slapd database.</para>
465	<indexterm zone="openldap slapcat">
466	<primary sortas="b-slapcat">slapcat</primary>
467	</indexterm>
468	</listitem>
469	</varlistentry>
470
471	<varlistentry id="slapd">
472	<term><command>slapd</command></term>
473	<listitem>
474	<para>is the stand-alone LDAP server.</para>
475	<indexterm zone="openldap slapd">
476	<primary sortas="b-slapd">slapd</primary>
477	</indexterm>
478	</listitem>
479	</varlistentry>
480
481	<varlistentry id="slapdn">
482	<term><command>slapdn</command></term>
483	<listitem>
484	<para>checks a list of string-represented DNs based on schema
485	syntax.</para>
486	<indexterm zone="openldap slapdn">
487	<primary sortas="b-slapdn">slapdn</primary>
488	</indexterm>
489	</listitem>
490	</varlistentry>
491
492	<varlistentry id="slapindex">
493	<term><command>slapindex</command></term>
494	<listitem>
495	<para>is used to regenerate slapd indices based upon the current
496	contents of a database.</para>
497	<indexterm zone="openldap slapindex">
498	<primary sortas="b-slapindex">slapindex</primary>
499	</indexterm>
500	</listitem>
501	</varlistentry>
502
503	<varlistentry id="slappasswd">
504	<term><command>slappasswd</command></term>
505	<listitem>
506	<para>is an <application>OpenLDAP</application> password
507	utility.</para>
508	<indexterm zone="openldap slappasswd">
509	<primary sortas="b-slappasswd">slappasswd</primary>
510	</indexterm>
511	</listitem>
512	</varlistentry>
513
514	<varlistentry id="slaptest">
515	<term><command>slaptest</command></term>
516	<listitem>
517	<para>checks the sanity of the <filename>slapd.conf</filename>
518	file.</para>
519	<indexterm zone="openldap slaptest">
520	<primary sortas="b-slaptest">slaptest</primary>
521	</indexterm>
522	</listitem>
523	</varlistentry>
524
525	<varlistentry id="slurpd">
526	<term><command>slurpd</command></term>
527	<listitem>
528	<para>is the stand-alone LDAP replication server.</para>
529	<indexterm zone="openldap slurpd">
530	<primary sortas="b-slurpd">slurpd</primary>
531	</indexterm>
532	</listitem>
533	</varlistentry>
534
535	<varlistentry id="liblber">
536	<term><filename class='libraryfile'>liblber.{so,a}</filename></term>
537	<listitem>
538	<para>is a set of lightweight Basic Encoding Rules routines. These
539	routines are used by the LDAP library routines to encode and decode
540	LDAP protocol elements using the (slightly simplified) Basic
541	Encoding Rules defined by LDAP. They are not normally used directly
542	by an LDAP application program except in the handling of controls
543	and extended operations.</para>
544	<indexterm zone="openldap liblber">
545	<primary sortas="c-liblber">liblber.{so,a}</primary>
546	</indexterm>
547	</listitem>
548	</varlistentry>
549
550	<varlistentry id="libldap">
551	<term><filename class='libraryfile'>libldap.{so,a}</filename></term>
552	<listitem>
553	<para>supports the LDAP programs and provide functionality for
554	other programs interacting with LDAP.</para>
555	<indexterm zone="openldap libldap">
556	<primary sortas="c-libldap">libldap.{so,a}</primary>
557	</indexterm>
558	</listitem>
559	</varlistentry>
560
561	<varlistentry id="libldap_r">
562	<term><filename class='libraryfile'>libldap_r.{so,a}</filename></term>
563	<listitem>
564	<para>contains the functions required by the LDAP programs to
565	produce the results from LDAP requests.</para>
566	<indexterm zone="openldap libldap_r">
567	<primary sortas="c-libldap_r">libldap_r.{so,a}</primary>
568	</indexterm>
569	</listitem>
570	</varlistentry>
571
572	</variablelist>
573
574	</sect2>
575
576	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: server/other/openldap.xml@ 2288649

Download in other formats: