Context Navigation

openldap.xml@ 7bff1b2

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 7bff1b2 was 7bff1b2, checked in by Randy McMurchy <randy@…>, 15 years ago

Commented out all unnecessary references to GDBM as it is in LFS now

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7845 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 20.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
8	<!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
9	<!ENTITY openldap-md5sum "e3fec2953c948f6990ccdc3af7bf7f18">
10	<!ENTITY openldap-size "3.6 MB">
11	<!ENTITY openldap-buildsize "94 MB">
12	<!ENTITY openldap-time "1.2 SBU and approximately 30 minutes to run the tests (processor independent)">
13	]>
14
15	<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
16	<?dbhtml filename="openldap.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>OpenLDAP-&openldap-version;</title>
24
25	<indexterm zone="openldap">
26	<primary sortas="a-OpenLDAP">OpenLDAP</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to OpenLDAP</title>
31
32	<para>The <application>OpenLDAP</application> package provides an open
33	source implementation of the Lightweight Directory Access Protocol.</para>
34
35	<bridgehead renderas="sect3">Package Information</bridgehead>
36	<itemizedlist spacing="compact">
37	<listitem>
38	<para>Download (HTTP): <ulink url="&openldap-download-http;"/></para>
39	</listitem>
40	<listitem>
41	<para>Download (FTP): <ulink url="&openldap-download-ftp;"/></para>
42	</listitem>
43	<listitem>
44	<para>Download MD5 sum: &openldap-md5sum;</para>
45	</listitem>
46	<listitem>
47	<para>Download size: &openldap-size;</para>
48	</listitem>
49	<listitem>
50	<para>Estimated disk space required: &openldap-buildsize;</para>
51	</listitem>
52	<listitem>
53	<para>Estimated build time: &openldap-time;</para>
54	</listitem>
55	</itemizedlist>
56
57	<note>
58	<para>The <application>OpenLDAP</application> stable releases are
59	packaged without version numbers in the tarball names. You can see the
60	relationship between the version number and name of the tarball at <ulink
61	url="http://www.openldap.org/software/download/"/>.</para>
62	</note>
63
64	<bridgehead renderas="sect3">OpenLDAP Dependencies</bridgehead>
65
66	<!-- <bridgehead renderas="sect4">Required</bridgehead>
67	<para role="required"><xref linkend="db"/> is recommended (built in LFS) or
68	<xref linkend="db"/>
69	<xref linkend="gdbm"/></para> -->
70
71	<bridgehead renderas="sect4">Recommended</bridgehead>
72	<para role="recommended"><xref linkend="cyrus-sasl"/> and
73	<xref linkend="openssl"/></para>
74
75	<bridgehead renderas="sect4">Optional</bridgehead>
76	<para role="optional"><xref linkend="tcpwrappers"/>,
77	<xref linkend="unixodbc"/>,
78	<ulink url="http://www.openslp.org/">OpenSLP</ulink>,
79	<xref linkend="pth"/>, and one of
80	<xref linkend="mysql"/>,
81	<ulink url="http://www.oracle.com/technologies/linux/index.html">Oracle</ulink>, or
82	<xref linkend="postgresql"/></para>
83
84	<para condition="html" role="usernotes">User Notes:
85	<ulink url="&blfs-wiki;/openldap"/></para>
86
87	</sect2>
88
89	<sect2 role="installation">
90	<title>Installation of OpenLDAP</title>
91
92	<para>Install <application>OpenLDAP</application> by
93	running the following commands:</para>
94
95	<screen><userinput>./configure --prefix=/usr \
96	--libexecdir=/usr/sbin \
97	--sysconfdir=/etc \
98	--localstatedir=/srv/ldap \
99	--disable-debug \
100	--enable-dynamic \
101	--enable-crypt \
102	--enable-modules \
103	--enable-rlookups \
104	--enable-backends \
105	--enable-overlays \
106	--disable-sql &&
107	make depend &&
108	make</userinput></screen>
109
110	<para>To test the results, issue: <command>make test</command>. If you've
111	enabled <application>tcp_wrappers</application>, ensure you add 127.0.0.1
112	to the <parameter>slapd</parameter> line in the
113	<filename>/etc/hosts.allow</filename> file if you have a restrictive
114	<filename>/etc/hosts.deny</filename> file.</para>
115
116	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
117
118	<screen role="root"><userinput>make install &&
119
120	for LINK in lber ldap ldap_r; do
121	chmod -v 0755 /usr/lib/$(readlink /usr/lib/lib${LINK}.so)
122	done &&
123
124	install -v -m755 -d /usr/share/doc/openldap-&openldap-version;/{drafts,guide,rfc} &&
125	install -v -m644 doc/drafts/* /usr/share/doc/openldap-&openldap-version;/drafts &&
126	install -v -m644 doc/rfc/* /usr/share/doc/openldap-&openldap-version;/rfc &&
127	cp -v -R doc/guide/* /usr/share/doc/openldap-&openldap-version;/guide</userinput></screen>
128
129	</sect2>
130
131	<sect2 role="commands">
132	<title>Command Explanations</title>
133
134	<para><parameter>--libexecdir=/usr/sbin</parameter>: Installs the
135	<command>slapd</command> and <command>slurpd</command> daemon programs in
136	<filename class="directory">/usr/sbin</filename> instead of
137	<filename class="directory">/usr/libexec</filename>.</para>
138
139	<para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file
140	directory to avoid the default of
141	<filename class="directory">/usr/etc</filename>.</para>
142
143	<para><parameter>--localstatedir=/srv/ldap</parameter>: Sets the directory
144	to use for the LDAP directory database, replication logs and
145	run-time variable data.</para>
146
147	<para><parameter>--disable-debug</parameter>: Disable debugging code.</para>
148
149	<para><parameter>--enable-dynamic</parameter>: This forces the
150	<application>OpenLDAP</application> libraries to be dynamically linked
151	to the executable programs.</para>
152
153	<para><parameter>--enable-crypt</parameter>: Enables crypt(3)
154	passwords.</para>
155
156	<para><parameter>--enable-modules</parameter>: Enables dynamic module
157	support.</para>
158
159	<!-- <para><parameter>-enable-ldap</parameter>: Enables the
160	<command>slapd</command> LDAP backend.</para>
161
162	<para><parameter>-enable-ldbm</parameter>: Build <command>slapd</command>
163	with the primary database back end using either
164	<application>Berkeley DB</application> or
165	<application>GNU Database Manager</application>.</para> -->
166
167	<para><parameter>--enable-rlookups</parameter>: This parameter enables
168	reverse lookups of client hostnames.</para>
169
170	<para><parameter>--enable-backends</parameter>: This parameter enables
171	all available backends.</para>
172
173	<para><parameter>--enable-overlays</parameter>: This parameter enables
174	all available overlays.</para>
175
176	<para><parameter>--disable-sql</parameter>: This parameter explicitly
177	disables the sql backend. Omit this switch if a SQL server is
178	installed.</para>
179
180	<para><option>--disable-bdb --disable-hdb --with-ldbm-api=gdbm</option>:
181	Pass these parameters to the <command>configure</command> command if you
182	wish to use <application>GDBM</application> instead of
183	<application>Berkeley DB</application> as the primary backend
184	database.</para>
185
186	<para><command>chmod -v 0755 ...</command>: This
187	command adds the executable bit to the shared libraries.</para>
188
189	<note>
190	<para>You can run <command>./configure --help</command> to see if there
191	are other parameters you can pass to the <command>configure</command>
192	command to enable other options or dependency packages.</para>
193	</note>
194
195	</sect2>
196
197	<sect2 role="configuration">
198	<title>Configuring OpenLDAP</title>
199
200	<sect3 id="openldap-config">
201	<title>Config Files</title>
202
203	<para><filename>/etc/openldap/*</filename></para>
204
205	<indexterm zone="openldap openldap-config">
206	<primary sortas="e-etc-openldap">/etc/openldap/*</primary>
207	</indexterm>
208
209	</sect3>
210
211	<sect3>
212	<title>Configuration Information</title>
213
214	<para>Configuring the <command>slapd</command> and
215	<command>slurpd</command> servers can be complex. Securing the LDAP
216	directory, especially if you are storing non-public data such as
217	password databases, can also be a challenging task. You'll need to
218	modify the <filename>/etc/openldap/slapd.conf</filename> and
219	<filename>/etc/openldap/ldap.conf</filename> files to set up
220	<application>OpenLDAP</application> for your particular needs.</para>
221
222	<indexterm zone="openldap openldap-config">
223	<primary
224	sortas="e-etc-openldap-slapd.conf">/etc/openldap/slapd.conf</primary>
225	</indexterm>
226
227	<indexterm zone="openldap openldap-config">
228	<primary
229	sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary>
230	</indexterm>
231
232	<para>Resources to assist you with topics such as choosing a directory
233	configuration, backend and database definitions, access control settings,
234	running as a user other than <systemitem class="username">root</systemitem>
235	and setting a <command>chroot</command> environment include:</para>
236
237	<itemizedlist spacing='compact'>
238	<listitem>
239	<para>The <command>slapd</command> man page</para>
240	</listitem>
241	<listitem>
242	<para>The <filename>slapd.conf</filename> man page</para>
243	</listitem>
244	<listitem>
245	<para>The <ulink
246	url="http://www.openldap.org/doc/admin23/">OpenLDAP 2.3
247	Administrator's Guide</ulink> (also installed locally in
248	<filename class='directory'>
249	/usr/share/doc/openldap-&openldap-version;/guide/admin</filename>)</para>
250	</listitem>
251	<listitem>
252	<para>Documents located at
253	<ulink url="http://www.openldap.org/pub/"/></para>
254	</listitem>
255	</itemizedlist>
256
257	</sect3>
258
259	<sect3>
260	<title>Utilizing GDBM</title>
261
262	<para>To utilize <application>GDBM</application> as the database
263	backend, the <quote>database</quote> entry in
264	<filename>/etc/openldap/slapd.conf</filename> must be changed from
265	<quote>bdb</quote> to <quote>ldbm</quote>. You can use both by
266	creating an additional database section in
267	<filename>/etc/openldap/slapd.conf</filename>.</para>
268
269	</sect3>
270
271	<sect3>
272	<title>Mozilla Address Directory</title>
273
274	<para>By default, LDAPv2 support is disabled in the
275	<filename>slapd.conf</filename> file. Once the database is properly
276	set up and <application>Mozilla</application> is configured to use the
277	directory, you must add <option>allow bind_v2</option> to the
278	<filename>slapd.conf</filename> file.</para>
279
280	</sect3>
281
282	<sect3 id="openldap-init">
283	<title>Boot Script</title>
284
285	<para>To automate the startup of the LDAP server at system bootup,
286	install the <filename>/etc/rc.d/init.d/openldap</filename> init script
287	included in the <xref linkend="bootscripts"/> package
288	using the following command:</para>
289
290	<indexterm zone="openldap openldap-init">
291	<primary sortas="f-openldap">openldap</primary>
292	</indexterm>
293
294	<screen role="root"><userinput>make install-openldap1</userinput></screen>
295
296	<para><emphasis>Note:</emphasis> The init script you just installed only
297	starts the <command>slapd</command> daemon. If you wish to also start the
298	<command>slurpd</command> daemon at system startup, install a modified
299	version of the script using this command:</para>
300
301	<screen role="root"><userinput>make install-openldap2</userinput></screen>
302
303	<note>
304	<para>The init script starts the daemons without any parameters.
305	You'll need to modify the script to include the parameters needed for
306	your specific configuration. See the <command>slapd</command> and
307	<command>slurpd</command> man pages for parameter information.</para>
308	</note>
309
310	</sect3>
311
312	<sect3>
313	<title>Testing the Configuration</title>
314
315	<para>Start the LDAP server using the init script:</para>
316
317	<screen role="root"><userinput>/etc/rc.d/init.d/openldap start</userinput></screen>
318
319	<para>Verify access to the LDAP server with the following
320	command:</para>
321
322	<screen><userinput>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</userinput></screen>
323
324	<para>The expected result is:</para>
325
326	<screen><computeroutput># extended LDIF
327	#
328	# LDAPv3
329	# base <> with scope base
330	# filter: (objectclass=*)
331	# requesting: namingContexts
332	#
333
334	#
335	dn:
336	namingContexts: dc=my-domain,dc=com
337
338	# search result
339	search: 2
340	result: 0 Success
341
342	# numResponses: 2
343	# numEntries: 1</computeroutput></screen>
344
345	</sect3>
346
347	</sect2>
348
349	<sect2 role="content">
350	<title>Contents</title>
351
352	<segmentedlist>
353	<segtitle>Installed Programs</segtitle>
354	<segtitle>Installed Libraries</segtitle>
355	<segtitle>Installed Directories</segtitle>
356
357	<seglistitem>
358	<seg>ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn,
359	ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn,
360	slapindex, slappasswd, slaptest, and slurpd</seg>
361	<seg>liblber.{so,a}, libldap.{so,a}, and libldap_r.{so,a}</seg>
362	<seg>/etc/openldap, /srv/ldap, and /usr/share/openldap</seg>
363	</seglistitem>
364	</segmentedlist>
365
366	<variablelist>
367	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
368	<?dbfo list-presentation="list"?>
369	<?dbhtml list-presentation="table"?>
370
371	<varlistentry id="ldapadd">
372	<term><command>ldapadd</command></term>
373	<listitem>
374	<para>opens a connection to an LDAP server, binds and adds
375	entries.</para>
376	<indexterm zone="openldap ldapadd">
377	<primary sortas="b-ldapadd">ldapadd</primary>
378	</indexterm>
379	</listitem>
380	</varlistentry>
381
382	<varlistentry id="ldapcompare">
383	<term><command>ldapcompare</command></term>
384	<listitem>
385	<para>opens a connection to an LDAP server, binds and performs
386	a compare using specified parameters.</para>
387	<indexterm zone="openldap ldapcompare">
388	<primary sortas="b-ldapcompare">ldapcompare</primary>
389	</indexterm>
390	</listitem>
391	</varlistentry>
392
393	<varlistentry id="ldapdelete">
394	<term><command>ldapdelete</command></term>
395	<listitem>
396	<para> opens a connection to an LDAP server, binds and deletes
397	one or more entries.</para>
398	<indexterm zone="openldap ldapdelete">
399	<primary sortas="b-ldapdelete">ldapdelete</primary>
400	</indexterm>
401	</listitem>
402	</varlistentry>
403
404	<varlistentry id="ldapmodify">
405	<term><command>ldapmodify</command></term>
406	<listitem>
407	<para>opens a connection to an LDAP server, binds and modifies
408	entries.</para>
409	<indexterm zone="openldap ldapmodify">
410	<primary sortas="b-ldapmodify">ldapmodify</primary>
411	</indexterm>
412	</listitem>
413	</varlistentry>
414
415	<varlistentry id="ldapmodrdn">
416	<term><command>ldapmodrdn</command></term>
417	<listitem>
418	<para>opens a connection to an LDAP server, binds and modifies
419	the RDN of entries.</para>
420	<indexterm zone="openldap ldapmodrdn">
421	<primary sortas="b-ldapmodrdn">ldapmodrdn</primary>
422	</indexterm>
423	</listitem>
424	</varlistentry>
425
426	<varlistentry id="ldappasswd">
427	<term><command>ldappasswd</command></term>
428	<listitem>
429	<para>is a tool to set the password of an LDAP user.</para>
430	<indexterm zone="openldap ldappasswd">
431	<primary sortas="b-ldappasswd">ldappasswd</primary>
432	</indexterm>
433	</listitem>
434	</varlistentry>
435
436	<varlistentry id="ldapsearch">
437	<term><command>ldapsearch</command></term>
438	<listitem>
439	<para>opens a connection to an LDAP server, binds and performs
440	a search using specified parameters.</para>
441	<indexterm zone="openldap ldapsearch">
442	<primary sortas="b-ldapsearch">ldapsearch</primary>
443	</indexterm>
444	</listitem>
445	</varlistentry>
446
447	<varlistentry id="ldapwhoami">
448	<term><command>ldapwhoami</command></term>
449	<listitem>
450	<para>opens a connection to an LDAP server, binds and displays
451	whoami information.</para>
452	<indexterm zone="openldap ldapwhoami">
453	<primary sortas="b-ldapwhoami">ldapwhoami</primary>
454	</indexterm>
455	</listitem>
456	</varlistentry>
457
458	<varlistentry id="slapadd">
459	<term><command>slapadd</command></term>
460	<listitem>
461	<para>is used to add entries specified in LDAP Directory Interchange
462	Format (LDIF) to an LDAP database.</para>
463	<indexterm zone="openldap slapadd">
464	<primary sortas="b-slapadd">slapadd</primary>
465	</indexterm>
466	</listitem>
467	</varlistentry>
468
469	<varlistentry id="slapcat">
470	<term><command>slapcat</command></term>
471	<listitem>
472	<para>is used to generate an LDAP LDIF output based upon the
473	contents of a slapd database.</para>
474	<indexterm zone="openldap slapcat">
475	<primary sortas="b-slapcat">slapcat</primary>
476	</indexterm>
477	</listitem>
478	</varlistentry>
479
480	<varlistentry id="slapd">
481	<term><command>slapd</command></term>
482	<listitem>
483	<para>is the stand-alone LDAP server.</para>
484	<indexterm zone="openldap slapd">
485	<primary sortas="b-slapd">slapd</primary>
486	</indexterm>
487	</listitem>
488	</varlistentry>
489
490	<varlistentry id="slapdn">
491	<term><command>slapdn</command></term>
492	<listitem>
493	<para>checks a list of string-represented DNs based on schema
494	syntax.</para>
495	<indexterm zone="openldap slapdn">
496	<primary sortas="b-slapdn">slapdn</primary>
497	</indexterm>
498	</listitem>
499	</varlistentry>
500
501	<varlistentry id="slapindex">
502	<term><command>slapindex</command></term>
503	<listitem>
504	<para>is used to regenerate slapd indexes based upon the current
505	contents of a database.</para>
506	<indexterm zone="openldap slapindex">
507	<primary sortas="b-slapindex">slapindex</primary>
508	</indexterm>
509	</listitem>
510	</varlistentry>
511
512	<varlistentry id="slappasswd">
513	<term><command>slappasswd</command></term>
514	<listitem>
515	<para>is an <application>OpenLDAP</application> password
516	utility.</para>
517	<indexterm zone="openldap slappasswd">
518	<primary sortas="b-slappasswd">slappasswd</primary>
519	</indexterm>
520	</listitem>
521	</varlistentry>
522
523	<varlistentry id="slaptest">
524	<term><command>slaptest</command></term>
525	<listitem>
526	<para>checks the sanity of the <filename>slapd.conf</filename>
527	file.</para>
528	<indexterm zone="openldap slaptest">
529	<primary sortas="b-slaptest">slaptest</primary>
530	</indexterm>
531	</listitem>
532	</varlistentry>
533
534	<varlistentry id="slurpd">
535	<term><command>slurpd</command></term>
536	<listitem>
537	<para>is the stand-alone LDAP replication server.</para>
538	<indexterm zone="openldap slurpd">
539	<primary sortas="b-slurpd">slurpd</primary>
540	</indexterm>
541	</listitem>
542	</varlistentry>
543
544	<varlistentry id="liblber">
545	<term><filename class='libraryfile'>liblber.{so,a}</filename></term>
546	<listitem>
547	<para>is a set of lightweight Basic Encoding Rules routines. These
548	routines are used by the LDAP library routines to encode and decode
549	LDAP protocol elements using the (slightly simplified) Basic
550	Encoding Rules defined by LDAP. They are not normally used directly
551	by an LDAP application program except in the handling of controls
552	and extended operations.</para>
553	<indexterm zone="openldap liblber">
554	<primary sortas="c-liblber">liblber.{so,a}</primary>
555	</indexterm>
556	</listitem>
557	</varlistentry>
558
559	<varlistentry id="libldap">
560	<term><filename class='libraryfile'>libldap.{so,a}</filename></term>
561	<listitem>
562	<para>supports the LDAP programs and provide functionality for
563	other programs interacting with LDAP.</para>
564	<indexterm zone="openldap libldap">
565	<primary sortas="c-libldap">libldap.{so,a}</primary>
566	</indexterm>
567	</listitem>
568	</varlistentry>
569
570	<varlistentry id="libldap_r">
571	<term><filename class='libraryfile'>libldap_r.{so,a}</filename></term>
572	<listitem>
573	<para>contains the functions required by the LDAP programs to
574	produce the results from LDAP requests.</para>
575	<indexterm zone="openldap libldap_r">
576	<primary sortas="c-libldap_r">libldap_r.{so,a}</primary>
577	</indexterm>
578	</listitem>
579	</varlistentry>
580
581	</variablelist>
582
583	</sect2>
584
585	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: server/other/openldap.xml@ 7bff1b2

Download in other formats: