Context Navigation

openldap.xml@ 39b02ba

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 39b02ba was 39b02ba, checked in by Randy McMurchy <randy@…>, 18 years ago

Fixed typo in OpenLDAP instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5426 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 20.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3	"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
8	<!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
9	<!ENTITY openldap-md5sum "fbde128a8421b8d2ea587a25057a281e">
10	<!ENTITY openldap-size "3.6 MB">
11	<!ENTITY openldap-buildsize "101.4 MB">
12	<!ENTITY openldap-time "1.8 SBU and approximately 28 minutes to run the tests (processor independent)">
13	]>
14
15	<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
16	<?dbhtml filename="openldap.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	<keywordset>
22	<keyword role="package">openldap-&openldap-download-version;.tar</keyword>
23	<keyword role="ftpdir">openldap</keyword>
24	</keywordset>
25	</sect1info>
26
27	<title>OpenLDAP-&openldap-version;</title>
28
29	<indexterm zone="openldap">
30	<primary sortas="a-OpenLDAP">OpenLDAP</primary>
31	</indexterm>
32
33	<sect2 role="package">
34	<title>Introduction to OpenLDAP</title>
35
36	<para>The <application>OpenLDAP</application> package provides an open
37	source implementation of the Lightweight Directory Access Protocol.</para>
38
39	<bridgehead renderas="sect3">Package Information</bridgehead>
40	<itemizedlist spacing="compact">
41	<listitem>
42	<para>Download (HTTP): <ulink url="&openldap-download-http;"/></para>
43	</listitem>
44	<listitem>
45	<para>Download (FTP): <ulink url="&openldap-download-ftp;"/></para>
46	</listitem>
47	<listitem>
48	<para>Download MD5 sum: &openldap-md5sum;</para>
49	</listitem>
50	<listitem>
51	<para>Download size: &openldap-size;</para>
52	</listitem>
53	<listitem>
54	<para>Estimated disk space required: &openldap-buildsize;</para>
55	</listitem>
56	<listitem>
57	<para>Estimated build time: &openldap-time;</para>
58	</listitem>
59	</itemizedlist>
60
61	<note>
62	<para>The <application>OpenLDAP</application> stable releases are
63	packaged without version numbers in the tarball names. You can see the
64	relationship between the version number and name of the tarball at <ulink
65	url="http://www.openldap.org/software/download/"/>.</para>
66	</note>
67
68	<bridgehead renderas="sect3">OpenLDAP Dependencies</bridgehead>
69
70	<bridgehead renderas="sect4">Required</bridgehead>
71	<para role="required"><xref linkend="db"/> (recommended) or
72	<xref linkend="gdbm"/></para>
73
74	<bridgehead renderas="sect4">Recommended</bridgehead>
75	<para role="recommended"><xref linkend="cyrus-sasl"/> and
76	<xref linkend="openssl"/></para>
77
78	<bridgehead renderas="sect4">Optional</bridgehead>
79	<para role="optional"><xref linkend="tcpwrappers"/>,
80	<xref linkend="unixodbc"/>,
81	<xref linkend="gmp"/>,
82	<ulink url="http://www.gnu.org/software/pth/">GNU Pth</ulink> and
83	<ulink url="http://www.openslp.org/">OpenSLP</ulink></para>
84
85	</sect2>
86
87	<sect2 role="installation">
88	<title>Installation of OpenLDAP</title>
89
90	<para>Install <application>OpenLDAP</application> by
91	running the following commands:</para>
92
93	<screen><userinput>./configure --prefix=/usr \
94	--libexecdir=/usr/sbin \
95	--sysconfdir=/etc \
96	--localstatedir=/srv/ldap \
97	--disable-debug \
98	--enable-dynamic \
99	--enable-crypt \
100	--enable-modules \
101	--enable-ldap \
102	--enable-ldbm \
103	--enable-dyngroup \
104	--enable-dynlist \
105	--enable-ppolicy \
106	--enable-valsort &&
107	make depend &&
108	make &&
109	make test</userinput></screen>
110
111	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
112
113	<screen role="root"><userinput>make install &&
114	chmod -v 755 /usr/lib/libl*-2.3.so.0.1.6 &&
115	install -v -m755 -d /usr/share/doc/openldap-&openldap-version;/{drafts,guide,rfc} &&
116	install -v -m644 doc/drafts/* /usr/share/doc/openldap-&openldap-version;/drafts &&
117	install -v -m644 doc/rfc/* /usr/share/doc/openldap-&openldap-version;/rfc &&
118	cp -v -R doc/guide/* /usr/share/doc/openldap-&openldap-version;/guide</userinput></screen>
119
120	</sect2>
121
122	<sect2 role="commands">
123	<title>Command Explanations</title>
124
125	<para><parameter>--libexecdir=/usr/sbin</parameter>: Installs the
126	<command>slapd</command> and <command>slurpd</command> daemon programs in
127	<filename class="directory">/usr/sbin</filename> instead of
128	<filename class="directory">/usr/libexec</filename>.</para>
129
130	<para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file
131	directory to avoid the default of
132	<filename class="directory">/usr/etc</filename>.</para>
133
134	<para><parameter>--localstatedir=/srv/ldap</parameter>: Sets the directory
135	to use for the LDAP directory database, replication logs and
136	run-time variable data.</para>
137
138	<para><parameter>--disable-debug</parameter>: Disable debugging code.</para>
139
140	<para><parameter>--enable-dynamic</parameter>: This forces the
141	<application>OpenLDAP</application> libraries to be dynamically linked
142	to the executable programs.</para>
143
144	<para><parameter>--enable-crypt</parameter>: Enables crypt(3)
145	passwords.</para>
146
147	<para><parameter>--enable-modules</parameter>: Enables dynamic module
148	support.</para>
149
150	<para><parameter>--enable-ldap</parameter>: Enables the
151	<command>slapd</command> LDAP backend.</para>
152
153	<para><parameter>--enable-ldbm</parameter>: Build <command>slapd</command>
154	with the primary database back end using either
155	<application>Berkeley DB</application> or
156	<application>GNU Database Manager</application>.</para>
157
158	<para><parameter>--enable-dyngroup</parameter>: Enables the
159	<command>slapd</command> dynamic group overlay.</para>
160
161	<para><parameter>--enable-dynlist</parameter>: Enables the
162	<command>slapd</command> dynamic list overlay.</para>
163
164	<para><parameter>--enable-ppolicy</parameter>: Enables the
165	<command>slapd</command> password policy overlay.</para>
166
167	<para><parameter>--enable-valsort</parameter>: Enables the
168	<command>slapd</command> value sorting overlay.</para>
169
170	<para><command>make test</command>: Validates the correct build of the
171	package. If you've enabled <application>tcp_wrappers</application>, ensure
172	you add 127.0.0.1 to the <parameter>slapd</parameter> line in the
173	<filename>/etc/hosts.allow</filename> file if you have a
174	restrictive <filename>/etc/hosts.deny</filename> file.</para>
175
176	<para><command>chmod -v 755 /usr/lib/libl*-2.3.so.0.1.6</command>: This command
177	adds the executable bit to the shared libraries.</para>
178
179	<para><option>--disable-bdb --disable-hdb --with-ldbm-api=gdbm</option>:
180	Pass these parameters to the <command>configure</command> command if you
181	wish to use <application>GDBM</application> instead of
182	<application>Berkeley DB</application> as the primary backend
183	database.</para>
184
185	<note>
186	<para>Run <command>./configure --help</command> to see if there are
187	other parameters you can pass to the <command>configure</command> command
188	to enable other options or dependency packages.</para>
189	</note>
190
191	</sect2>
192
193	<sect2 role="configuration">
194	<title>Configuring OpenLDAP</title>
195
196	<sect3 id="openldap-config">
197	<title>Config Files</title>
198
199	<para><filename>/etc/openldap/*</filename></para>
200
201	<indexterm zone="openldap openldap-config">
202	<primary sortas="e-etc-openldap">/etc/openldap/*</primary>
203	</indexterm>
204
205	</sect3>
206
207	<sect3>
208	<title>Configuration Information</title>
209
210	<para>Configuring the <command>slapd</command> and
211	<command>slurpd</command> servers can be complex. Securing the LDAP
212	directory, especially if you are storing non-public data such as
213	password databases, can also be a challenging task. You'll need to
214	modify the <filename>/etc/openldap/slapd.conf</filename> and
215	<filename>/etc/openldap/ldap.conf</filename> files to set up
216	<application>OpenLDAP</application> for your particular needs.</para>
217
218	<indexterm zone="openldap openldap-config">
219	<primary
220	sortas="e-etc-openldap-slapd.conf">/etc/openldap/slapd.conf</primary>
221	</indexterm>
222
223	<indexterm zone="openldap openldap-config">
224	<primary
225	sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary>
226	</indexterm>
227
228	<para>Resources to assist you with topics such as choosing a directory
229	configuration, backend and database definitions, access control settings,
230	running as a user other than <systemitem class="username">root</systemitem>
231	and setting a <command>chroot</command> environment include:</para>
232
233	<itemizedlist spacing='compact'>
234	<listitem>
235	<para>The <command>slapd</command> man page</para>
236	</listitem>
237	<listitem>
238	<para>The <filename>slapd.conf</filename> man page</para>
239	</listitem>
240	<listitem>
241	<para>The <ulink
242	url="http://www.openldap.org/doc/admin23/">OpenLDAP 2.3
243	Administrator's Guide</ulink> (also installed locally in
244	<filename class='directory'>
245	/usr/share/doc/openldap-&openldap-version;/guide/admin</filename>)</para>
246	</listitem>
247	<listitem>
248	<para>Documents located at
249	<ulink url="http://www.openldap.org/pub/"/></para>
250	</listitem>
251	</itemizedlist>
252
253	</sect3>
254
255	<sect3>
256	<title>Utilizing GDBM</title>
257
258	<para>To utilize <application>GDBM</application> as the database
259	backend, the <quote>database</quote> entry in
260	<filename>/etc/openldap/slapd.conf</filename> must be changed from
261	<quote>bdb</quote> to <quote>ldbm</quote>. You can use both by
262	creating an additional database section in
263	<filename>/etc/openldap/slapd.conf</filename>.</para>
264
265	</sect3>
266
267	<sect3>
268	<title>Mozilla Address Directory</title>
269
270	<para>By default, LDAPv2 support is disabled in the
271	<filename>slapd.conf</filename> file. Once the database is properly
272	set up and <application>Mozilla</application> is configured to use the
273	directory, you must add <option>allow bind_v2</option> to the
274	<filename>slapd.conf</filename> file.</para>
275
276	</sect3>
277
278	<sect3 id="openldap-init">
279	<title>Boot Script</title>
280
281	<para>To automate the startup of the LDAP server at system bootup,
282	install the <filename>/etc/rc.d/init.d/openldap</filename> init script
283	included in the <xref linkend="intro-important-bootscripts"/> package
284	using the following command:</para>
285
286	<indexterm zone="openldap openldap-init">
287	<primary sortas="f-openldap">openldap</primary>
288	</indexterm>
289
290	<screen role="root"><userinput>make install-openldap1</userinput></screen>
291
292	<para><emphasis>Note:</emphasis> The init script you just installed only
293	starts the <command>slapd</command> daemon. If you wish to also start the
294	<command>slurpd</command> daemon at system startup, install a modified
295	version of the script using this command:</para>
296
297	<screen role="root"><userinput>make install-openldap2</userinput></screen>
298
299	<note>
300	<para>The init script starts the daemons without any parameters.
301	You'll need to modify the script to include the parameters needed for
302	your specific configuration. See the <command>slapd</command> and
303	<command>slurpd</command> man pages for parameter information.</para>
304	</note>
305
306	</sect3>
307
308	<sect3>
309	<title>Testing the Configuration</title>
310
311	<para>Start the LDAP server using the init script:</para>
312
313	<screen role="root"><userinput>/etc/rc.d/init.d/openldap start</userinput></screen>
314
315	<para>Verify access to the LDAP server with the following
316	command:</para>
317
318	<screen><userinput>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</userinput></screen>
319
320	<para>The expected result is:</para>
321
322	<screen><computeroutput># extended LDIF
323	#
324	# LDAPv3
325	# base <> with scope base
326	# filter: (objectclass=*)
327	# requesting: namingContexts
328	#
329
330	#
331	dn:
332	namingContexts: dc=my-domain,dc=com
333
334	# search result
335	search: 2
336	result: 0 Success
337
338	# numResponses: 2
339	# numEntries: 1</computeroutput></screen>
340
341	</sect3>
342
343	</sect2>
344
345	<sect2 role="content">
346	<title>Contents</title>
347
348	<segmentedlist>
349	<segtitle>Installed Programs</segtitle>
350	<segtitle>Installed Libraries</segtitle>
351	<segtitle>Installed Directories</segtitle>
352
353	<seglistitem>
354	<seg>ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn,
355	ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn,
356	slapindex, slappasswd, slaptest, and slurpd</seg>
357	<seg>liblber.[so,a], libldap.[so,a], and libldap_r.[so,a]</seg>
358	<seg>/etc/openldap, /srv/ldap, and /usr/share/openldap</seg>
359	</seglistitem>
360	</segmentedlist>
361
362	<variablelist>
363	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
364	<?dbfo list-presentation="list"?>
365	<?dbhtml list-presentation="table"?>
366
367	<varlistentry id="ldapadd">
368	<term><command>ldapadd</command></term>
369	<listitem>
370	<para>opens a connection to an LDAP server, binds and adds
371	entries.</para>
372	<indexterm zone="openldap ldapadd">
373	<primary sortas="b-ldapadd">ldapadd</primary>
374	</indexterm>
375	</listitem>
376	</varlistentry>
377
378	<varlistentry id="ldapcompare">
379	<term><command>ldapcompare</command></term>
380	<listitem>
381	<para>opens a connection to an LDAP server, binds and performs
382	a compare using specified parameters.</para>
383	<indexterm zone="openldap ldapcompare">
384	<primary sortas="b-ldapcompare">ldapcompare</primary>
385	</indexterm>
386	</listitem>
387	</varlistentry>
388
389	<varlistentry id="ldapdelete">
390	<term><command>ldapdelete</command></term>
391	<listitem>
392	<para> opens a connection to an LDAP server, binds and deletes
393	one or more entries.</para>
394	<indexterm zone="openldap ldapdelete">
395	<primary sortas="b-ldapdelete">ldapdelete</primary>
396	</indexterm>
397	</listitem>
398	</varlistentry>
399
400	<varlistentry id="ldapmodify">
401	<term><command>ldapmodify</command></term>
402	<listitem>
403	<para>opens a connection to an LDAP server, binds and modifies
404	entries.</para>
405	<indexterm zone="openldap ldapmodify">
406	<primary sortas="b-ldapmodify">ldapmodify</primary>
407	</indexterm>
408	</listitem>
409	</varlistentry>
410
411	<varlistentry id="ldapmodrdn">
412	<term><command>ldapmodrdn</command></term>
413	<listitem>
414	<para>opens a connection to an LDAP server, binds and modifies
415	the RDN of entries.</para>
416	<indexterm zone="openldap ldapmodrdn">
417	<primary sortas="b-ldapmodrdn">ldapmodrdn</primary>
418	</indexterm>
419	</listitem>
420	</varlistentry>
421
422	<varlistentry id="ldappasswd">
423	<term><command>ldappasswd</command></term>
424	<listitem>
425	<para>is a tool to set the password of an LDAP user.</para>
426	<indexterm zone="openldap ldappasswd">
427	<primary sortas="b-ldappasswd">ldappasswd</primary>
428	</indexterm>
429	</listitem>
430	</varlistentry>
431
432	<varlistentry id="ldapsearch">
433	<term><command>ldapsearch</command></term>
434	<listitem>
435	<para>opens a connection to an LDAP server, binds and performs
436	a search using specified parameters.</para>
437	<indexterm zone="openldap ldapsearch">
438	<primary sortas="b-ldapsearch">ldapsearch</primary>
439	</indexterm>
440	</listitem>
441	</varlistentry>
442
443	<varlistentry id="ldapwhoami">
444	<term><command>ldapwhoami</command></term>
445	<listitem>
446	<para>opens a connection to an LDAP server, binds and displays
447	whoami information.</para>
448	<indexterm zone="openldap ldapwhoami">
449	<primary sortas="b-ldapwhoami">ldapwhoami</primary>
450	</indexterm>
451	</listitem>
452	</varlistentry>
453
454	<varlistentry id="slapadd">
455	<term><command>slapadd</command></term>
456	<listitem>
457	<para>is used to add entries specified in LDAP Directory Interchange
458	Format (LDIF) to an LDAP database.</para>
459	<indexterm zone="openldap slapadd">
460	<primary sortas="b-slapadd">slapadd</primary>
461	</indexterm>
462	</listitem>
463	</varlistentry>
464
465	<varlistentry id="slapcat">
466	<term><command>slapcat</command></term>
467	<listitem>
468	<para>is used to generate an LDAP LDIF output based upon the
469	contents of a slapd database.</para>
470	<indexterm zone="openldap slapcat">
471	<primary sortas="b-slapcat">slapcat</primary>
472	</indexterm>
473	</listitem>
474	</varlistentry>
475
476	<varlistentry id="slapd">
477	<term><command>slapd</command></term>
478	<listitem>
479	<para>is the stand-alone LDAP server.</para>
480	<indexterm zone="openldap slapd">
481	<primary sortas="b-slapd">slapd</primary>
482	</indexterm>
483	</listitem>
484	</varlistentry>
485
486	<varlistentry id="slapdn">
487	<term><command>slapdn</command></term>
488	<listitem>
489	<para>checks a list of string-represented DNs based on schema
490	syntax.</para>
491	<indexterm zone="openldap slapdn">
492	<primary sortas="b-slapdn">slapdn</primary>
493	</indexterm>
494	</listitem>
495	</varlistentry>
496
497	<varlistentry id="slapindex">
498	<term><command>slapindex</command></term>
499	<listitem>
500	<para>is used to regenerate slapd indices based upon the current
501	contents of a database.</para>
502	<indexterm zone="openldap slapindex">
503	<primary sortas="b-slapindex">slapindex</primary>
504	</indexterm>
505	</listitem>
506	</varlistentry>
507
508	<varlistentry id="slappasswd">
509	<term><command>slappasswd</command></term>
510	<listitem>
511	<para>is an <application>OpenLDAP</application> password
512	utility.</para>
513	<indexterm zone="openldap slappasswd">
514	<primary sortas="b-slappasswd">slappasswd</primary>
515	</indexterm>
516	</listitem>
517	</varlistentry>
518
519	<varlistentry id="slaptest">
520	<term><command>slaptest</command></term>
521	<listitem>
522	<para>checks the sanity of the <filename>slapd.conf</filename>
523	file.</para>
524	<indexterm zone="openldap slaptest">
525	<primary sortas="b-slaptest">slaptest</primary>
526	</indexterm>
527	</listitem>
528	</varlistentry>
529
530	<varlistentry id="slurpd">
531	<term><command>slurpd</command></term>
532	<listitem>
533	<para>is the stand-alone LDAP replication server.</para>
534	<indexterm zone="openldap slurpd">
535	<primary sortas="b-slurpd">slurpd</primary>
536	</indexterm>
537	</listitem>
538	</varlistentry>
539
540	<varlistentry id="liblber">
541	<term><filename class='libraryfile'>liblber.[so,a]</filename></term>
542	<listitem>
543	<para>is a set of lightweight Basic Encoding Rules routines. These
544	routines are used by the LDAP library routines to encode and decode
545	LDAP protocol elements using the (slightly simplified) Basic
546	Encoding Rules defined by LDAP. They are not normally used directly
547	by an LDAP application program except in the handling of controls
548	and extended operations.</para>
549	<indexterm zone="openldap liblber">
550	<primary sortas="c-liblber">liblber.[so,a]</primary>
551	</indexterm>
552	</listitem>
553	</varlistentry>
554
555	<varlistentry id="libldap">
556	<term><filename class='libraryfile'>libldap.[so,a]</filename></term>
557	<listitem>
558	<para>supports the LDAP programs and provide functionality for
559	other programs interacting with LDAP.</para>
560	<indexterm zone="openldap libldap">
561	<primary sortas="c-libldap">libldap.[so,a]</primary>
562	</indexterm>
563	</listitem>
564	</varlistentry>
565
566	<varlistentry id="libldap_r">
567	<term><filename class='libraryfile'>libldap_r.[so,a]</filename></term>
568	<listitem>
569	<para>contains the functions required by the LDAP programs to
570	produce the results from LDAP requests.</para>
571	<indexterm zone="openldap libldap_r">
572	<primary sortas="c-libldap_r">libldap_r.[so,a]</primary>
573	</indexterm>
574	</listitem>
575	</varlistentry>
576
577	</variablelist>
578
579	</sect2>
580
581	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: server/other/openldap.xml@ 39b02ba

Download in other formats: