source: server/other/openldap.xml@ bccbdaea

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since bccbdaea was bccbdaea, checked in by Manuel Canales Esparcia <manuel@…>, 18 years ago

Trailing spaces clean-up. Basicnet, book, and general parts.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@5327 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 19.2 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
8 <!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
9 <!ENTITY openldap-md5sum "afc8700b5738da863b30208e1d3e9de8">
10 <!ENTITY openldap-size "2.6 MB">
11 <!ENTITY openldap-buildsize "86 MB">
12 <!ENTITY openldap-time "1.5 SBU with an additional 15 minutes to run the tests (processor independent)">
13]>
14
15<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
16 <?dbhtml filename="openldap.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>OpenLDAP-&openldap-version;</title>
24
25 <indexterm zone="openldap">
26 <primary sortas="a-OpenLDAP">OpenLDAP</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to OpenLDAP</title>
31
32 <para>The <application>OpenLDAP</application> package provides an open
33 source implementation of the Lightweight Directory Access Protocol.</para>
34
35 <bridgehead renderas="sect3">Package Information</bridgehead>
36 <itemizedlist spacing="compact">
37 <listitem>
38 <para>Download (HTTP): <ulink url="&openldap-download-http;"/></para>
39 </listitem>
40 <listitem>
41 <para>Download (FTP): <ulink url="&openldap-download-ftp;"/></para>
42 </listitem>
43 <listitem>
44 <para>Download MD5 sum: &openldap-md5sum;</para>
45 </listitem>
46 <listitem>
47 <para>Download size: &openldap-size;</para>
48 </listitem>
49 <listitem>
50 <para>Estimated disk space required: &openldap-buildsize;</para>
51 </listitem>
52 <listitem>
53 <para>Estimated build time: &openldap-time;</para>
54 </listitem>
55 </itemizedlist>
56
57 <note>
58 <para>The <application>OpenLDAP</application> stable releases are
59 packaged without version numbers in the tarball names. You can see the
60 relationship between the version number and name of the tarball at <ulink
61 url="http://www.openldap.org/software/download/"/>.</para>
62 </note>
63
64 <bridgehead renderas="sect3">OpenLDAP Dependencies</bridgehead>
65
66 <bridgehead renderas="sect4">Required</bridgehead>
67 <para><xref linkend="db"/> (recommended) or
68 <xref linkend="gdbm"/></para>
69
70 <bridgehead renderas="sect4">Recommended</bridgehead>
71 <para><xref linkend="cyrus-sasl"/> and <xref linkend="openssl"/></para>
72
73 <bridgehead renderas="sect4">Optional</bridgehead>
74 <para><xref linkend="tcpwrappers"/>,
75 <xref linkend="unixodbc"/>,
76 <ulink url="http://www.gnu.org/software/pth/">GNU Pth</ulink> and
77 <ulink url="http://www.openslp.org/">OpenSLP</ulink></para>
78
79 </sect2>
80
81 <sect2 role="installation">
82 <title>Installation of OpenLDAP</title>
83
84 <para>Install <application>OpenLDAP</application> by
85 running the following commands:</para>
86
87<screen><userinput>./configure --prefix=/usr --libexecdir=/usr/sbin \
88 --sysconfdir=/etc --localstatedir=/srv/ldap \
89 --enable-dynamic --enable-ldbm --disable-debug &amp;&amp;
90make depend &amp;&amp;
91make &amp;&amp;
92make test</userinput></screen>
93
94 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
95
96<screen role="root"><userinput>make install &amp;&amp;
97chmod 755 /usr/lib/libl*-2.2.so.7.0.19 &amp;&amp;
98install -v -m755 -d /usr/share/doc/openldap-&openldap-version;/{drafts,rfc} &amp;&amp;
99install -v -m644 doc/drafts/* \
100 /usr/share/doc/openldap-&openldap-version;/drafts &amp;&amp;
101install -v -m644 doc/rfc/* \
102 /usr/share/doc/openldap-&openldap-version;/rfc</userinput></screen>
103
104 </sect2>
105
106 <sect2 role="commands">
107 <title>Command Explanations</title>
108
109 <para><parameter>--libexecdir=/usr/sbin</parameter>: Installs the server
110 executables in <filename class="directory">/usr/sbin</filename> instead of
111 <filename class="directory">/usr/libexec</filename>.</para>
112
113 <para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file
114 directory to avoid the default of
115 <filename class="directory">/usr/etc</filename>.</para>
116
117 <para><parameter>--localstatedir=/srv/ldap</parameter>: Sets the directory
118 to use for the LDAP directory database, replication logs and
119 run-time variable data.</para>
120
121 <para><parameter>--enable-dynamic</parameter>: This forces the
122 <application>OpenLDAP</application> libraries to be dynamically linked
123 to the executable programs.</para>
124
125 <para><parameter>--enable-ldbm</parameter>: Build <command>slapd</command>
126 with the primary database back end using either
127 <application>Berkeley DB</application> or
128 <application>GNU Database Manager</application>.</para>
129
130 <para><parameter>--disable-debug</parameter>: Disable debugging code.</para>
131
132 <para><command>make test</command>: Validates the correct build of the
133 package. If you've enabled <application>tcp_wrappers</application>, ensure you
134 add 127.0.0.1 to the <parameter>slapd</parameter> line in the
135 <filename>/etc/hosts.allow</filename> file if you have a
136 restrictive <filename>/etc/hosts.deny</filename> file. If you logged the
137 output of the <command>make test</command>, an easy test to see if all the
138 tests succeeded is to issue <command>grep ">>>>> Test succeeded"
139 <replaceable>[logfilename]</replaceable> | wc -l</command>. You should have
140 <computeroutput>39</computeroutput> returned.</para>
141
142 <para><command>chmod 755 /usr/lib/libl*-2.2.so.7.0.17</command>: This command
143 adds the executable bit to the shared libraries.</para>
144
145 <para><option>--disable-bdb --disable-hdb --with-ldbm-api=gdbm</option>:
146 Use these parameters to the <command>configure</command> command if you
147 wish to use GDBM instead of Berkeley DB as the primary backend
148 database.</para>
149 </sect2>
150
151 <sect2 role="configuration">
152 <title>Configuring OpenLDAP</title>
153
154 <sect3 id="openldap-config">
155 <title>Config Files</title>
156
157 <para><filename>/etc/openldap/*</filename></para>
158
159 <indexterm zone="openldap openldap-config">
160 <primary sortas="e-etc-openldap">/etc/openldap/*</primary>
161 </indexterm>
162
163 </sect3>
164
165 <sect3>
166 <title>Configuration Information</title>
167
168 <para>Configuring the <command>slapd</command> and
169 <command>slurpd</command> servers can be complex. Securing the LDAP
170 directory, especially if you are storing non-public data such as
171 password databases, can also be a challenging task. You'll need to
172 modify the <filename>/etc/openldap/slapd.conf</filename> and
173 <filename>/etc/openldap/ldap.conf</filename> files to set up
174 <application>OpenLDAP</application> for your particular needs.</para>
175
176 <indexterm zone="openldap openldap-config">
177 <primary
178 sortas="e-etc-openldap-slapd.conf">/etc/openldap/slapd.conf</primary>
179 </indexterm>
180
181 <indexterm zone="openldap openldap-config">
182 <primary
183 sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary>
184 </indexterm>
185
186 <para>Resources to assist you with topics such as choosing a directory
187 configuration, backend and database definitions, access control settings,
188 running as a user other than <systemitem class="username">root</systemitem>
189 and setting a <command>chroot</command> environment include:</para>
190
191 <itemizedlist spacing='compact'>
192 <listitem>
193 <para>The <command>slapd</command> man page</para>
194 </listitem>
195 <listitem>
196 <para>The <filename>slapd.conf</filename> man page</para>
197 </listitem>
198 <listitem>
199 <para>The <ulink
200 url="http://www.openldap.org/doc/admin22/">OpenLDAP 2.2 Administrator's
201 Guide</ulink></para>
202 </listitem>
203 <listitem>
204 <para>Documents located at
205 <ulink url="http://www.openldap.org/pub/"/></para>
206 </listitem>
207 </itemizedlist>
208
209 </sect3>
210
211 <sect3>
212 <title>Utilizing GDBM</title>
213
214 <para>To utilize <application>GDBM</application> as the database
215 backend, the <quote>database</quote> entry in
216 <filename>/etc/openldap/slapd.conf</filename> must be changed from
217 <quote>bdb</quote> to <quote>ldbm</quote>. You can use both by
218 creating an additional database section in
219 <filename>/etc/openldap/slapd.conf</filename>.</para>
220
221 </sect3>
222
223 <sect3>
224 <title>Mozilla Address Directory</title>
225
226 <para>By default, LDAPv2 support is disabled in the
227 <filename>slapd.conf</filename> file. Once the database is properly
228 set up and <application>Mozilla</application> is configured to use the
229 directory, you must add <option>allow bind_v2</option> to the
230 <filename>slapd.conf</filename> file.</para>
231
232 </sect3>
233
234 <sect3 id="openldap-init">
235 <title>Boot Script</title>
236
237 <para>To automate the startup of the LDAP server at system bootup,
238 install the <filename>/etc/rc.d/init.d/openldap</filename> init script
239 included in the <xref linkend="intro-important-bootscripts"/> package
240 using the following command:</para>
241
242 <indexterm zone="openldap openldap-init">
243 <primary sortas="f-openldap">openldap</primary>
244 </indexterm>
245
246<screen role="root"><userinput>make install-openldap1</userinput></screen>
247
248 <para><emphasis>Note:</emphasis> The init script you just installed only
249 starts the <command>slapd</command> daemon. If you wish to also start the
250 <command>slurpd</command> daemon at system startup, install a modified
251 version of the script using this command:</para>
252
253<screen role="root"><userinput>make install-openldap2</userinput></screen>
254
255 <note>
256 <para>The init script starts the daemons without any parameters.
257 You'll need to modify the script to include the parameters needed for
258 your specific configuration. See the <command>slapd</command> and
259 <command>slurpd</command> man pages for parameter information.</para>
260 </note>
261
262 </sect3>
263
264 <sect3>
265 <title>Testing the Configuration</title>
266
267 <para>Start the LDAP server using the init script:</para>
268
269<screen role="root"><userinput>/etc/rc.d/init.d/openldap start</userinput></screen>
270
271 <para>Verify access to the LDAP server with the following
272 command:</para>
273
274<screen><userinput>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</userinput></screen>
275
276 <para>The expected result is:</para>
277
278<screen><computeroutput># extended LDIF
279#
280# LDAPv3
281# base &lt;&gt; with scope base
282# filter: (objectclass=*)
283# requesting: namingContexts
284#
285
286#
287dn:
288namingContexts: dc=my-domain,dc=com
289
290# search result
291search: 2
292result: 0 Success
293
294# numResponses: 2
295# numEntries: 1</computeroutput></screen>
296
297 </sect3>
298
299 </sect2>
300
301 <sect2 role="content">
302 <title>Contents</title>
303
304 <segmentedlist>
305 <segtitle>Installed Programs</segtitle>
306 <segtitle>Installed Libraries</segtitle>
307 <segtitle>Installed Directories</segtitle>
308
309 <seglistitem>
310 <seg>ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn,
311 ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn,
312 slapindex, slappasswd, slaptest, and slurpd</seg>
313 <seg>liblber.[so,a], libldap.[so,a], and libldap_r.[so,a]</seg>
314 <seg>/etc/openldap, /srv/ldap, and /usr/share/openldap</seg>
315 </seglistitem>
316 </segmentedlist>
317
318 <variablelist>
319 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
320 <?dbfo list-presentation="list"?>
321 <?dbhtml list-presentation="table"?>
322
323 <varlistentry id="ldapadd">
324 <term><command>ldapadd</command></term>
325 <listitem>
326 <para>opens a connection to an LDAP server, binds and adds
327 entries.</para>
328 <indexterm zone="openldap ldapadd">
329 <primary sortas="b-ldapadd">ldapadd</primary>
330 </indexterm>
331 </listitem>
332 </varlistentry>
333
334 <varlistentry id="ldapcompare">
335 <term><command>ldapcompare</command></term>
336 <listitem>
337 <para>opens a connection to an LDAP server, binds and performs
338 a compare using specified parameters.</para>
339 <indexterm zone="openldap ldapcompare">
340 <primary sortas="b-ldapcompare">ldapcompare</primary>
341 </indexterm>
342 </listitem>
343 </varlistentry>
344
345 <varlistentry id="ldapdelete">
346 <term><command>ldapdelete</command></term>
347 <listitem>
348 <para> opens a connection to an LDAP server, binds and deletes
349 one or more entries.</para>
350 <indexterm zone="openldap ldapdelete">
351 <primary sortas="b-ldapdelete">ldapdelete</primary>
352 </indexterm>
353 </listitem>
354 </varlistentry>
355
356 <varlistentry id="ldapmodify">
357 <term><command>ldapmodify</command></term>
358 <listitem>
359 <para>opens a connection to an LDAP server, binds and modifies
360 entries.</para>
361 <indexterm zone="openldap ldapmodify">
362 <primary sortas="b-ldapmodify">ldapmodify</primary>
363 </indexterm>
364 </listitem>
365 </varlistentry>
366
367 <varlistentry id="ldapmodrdn">
368 <term><command>ldapmodrdn</command></term>
369 <listitem>
370 <para>opens a connection to an LDAP server, binds and modifies
371 the RDN of entries.</para>
372 <indexterm zone="openldap ldapmodrdn">
373 <primary sortas="b-ldapmodrdn">ldapmodrdn</primary>
374 </indexterm>
375 </listitem>
376 </varlistentry>
377
378 <varlistentry id="ldappasswd">
379 <term><command>ldappasswd</command></term>
380 <listitem>
381 <para>is a tool to set the password of an LDAP user.</para>
382 <indexterm zone="openldap ldappasswd">
383 <primary sortas="b-ldappasswd">ldappasswd</primary>
384 </indexterm>
385 </listitem>
386 </varlistentry>
387
388 <varlistentry id="ldapsearch">
389 <term><command>ldapsearch</command></term>
390 <listitem>
391 <para>opens a connection to an LDAP server, binds and performs
392 a search using specified parameters.</para>
393 <indexterm zone="openldap ldapsearch">
394 <primary sortas="b-ldapsearch">ldapsearch</primary>
395 </indexterm>
396 </listitem>
397 </varlistentry>
398
399 <varlistentry id="ldapwhoami">
400 <term><command>ldapwhoami</command></term>
401 <listitem>
402 <para>opens a connection to an LDAP server, binds and displays
403 whoami information.</para>
404 <indexterm zone="openldap ldapwhoami">
405 <primary sortas="b-ldapwhoami">ldapwhoami</primary>
406 </indexterm>
407 </listitem>
408 </varlistentry>
409
410 <varlistentry id="slapadd">
411 <term><command>slapadd</command></term>
412 <listitem>
413 <para>is used to add entries specified in LDAP Directory Interchange
414 Format (LDIF) to an LDAP database.</para>
415 <indexterm zone="openldap slapadd">
416 <primary sortas="b-slapadd">slapadd</primary>
417 </indexterm>
418 </listitem>
419 </varlistentry>
420
421 <varlistentry id="slapcat">
422 <term><command>slapcat</command></term>
423 <listitem>
424 <para>is used to generate an LDAP LDIF output based upon the
425 contents of a slapd database.</para>
426 <indexterm zone="openldap slapcat">
427 <primary sortas="b-slapcat">slapcat</primary>
428 </indexterm>
429 </listitem>
430 </varlistentry>
431
432 <varlistentry id="slapd">
433 <term><command>slapd</command></term>
434 <listitem>
435 <para>is the stand-alone LDAP server.</para>
436 <indexterm zone="openldap slapd">
437 <primary sortas="b-slapd">slapd</primary>
438 </indexterm>
439 </listitem>
440 </varlistentry>
441
442 <varlistentry id="slapdn">
443 <term><command>slapdn</command></term>
444 <listitem>
445 <para>checks a list of string-represented DNs based on schema
446 syntax.</para>
447 <indexterm zone="openldap slapdn">
448 <primary sortas="b-slapdn">slapdn</primary>
449 </indexterm>
450 </listitem>
451 </varlistentry>
452
453 <varlistentry id="slapindex">
454 <term><command>slapindex</command></term>
455 <listitem>
456 <para>is used to regenerate slapd indices based upon the current
457 contents of a database.</para>
458 <indexterm zone="openldap slapindex">
459 <primary sortas="b-slapindex">slapindex</primary>
460 </indexterm>
461 </listitem>
462 </varlistentry>
463
464 <varlistentry id="slappasswd">
465 <term><command>slappasswd</command></term>
466 <listitem>
467 <para>is an <application>OpenLDAP</application> password
468 utility.</para>
469 <indexterm zone="openldap slappasswd">
470 <primary sortas="b-slappasswd">slappasswd</primary>
471 </indexterm>
472 </listitem>
473 </varlistentry>
474
475 <varlistentry id="slaptest">
476 <term><command>slaptest</command></term>
477 <listitem>
478 <para>checks the sanity of the <filename>slapd.conf</filename>
479 file.</para>
480 <indexterm zone="openldap slaptest">
481 <primary sortas="b-slaptest">slaptest</primary>
482 </indexterm>
483 </listitem>
484 </varlistentry>
485
486 <varlistentry id="slurpd">
487 <term><command>slurpd</command></term>
488 <listitem>
489 <para>is the stand-alone LDAP replication server.</para>
490 <indexterm zone="openldap slurpd">
491 <primary sortas="b-slurpd">slurpd</primary>
492 </indexterm>
493 </listitem>
494 </varlistentry>
495
496 <varlistentry id="liblber">
497 <term><filename class='libraryfile'>liblber.[so,a]</filename></term>
498 <listitem>
499 <para>is a set of lightweight Basic Encoding Rules routines. These
500 routines are used by the LDAP library routines to encode and decode
501 LDAP protocol elements using the (slightly simplified) Basic
502 Encoding Rules defined by LDAP. They are not normally used directly
503 by an LDAP application program except in the handling of controls
504 and extended operations.</para>
505 <indexterm zone="openldap liblber">
506 <primary sortas="c-liblber">liblber.[so,a]</primary>
507 </indexterm>
508 </listitem>
509 </varlistentry>
510
511 <varlistentry id="libldap">
512 <term><filename class='libraryfile'>libldap.[so,a]</filename></term>
513 <listitem>
514 <para>supports the LDAP programs and provide functionality for
515 other programs interacting with LDAP.</para>
516 <indexterm zone="openldap libldap">
517 <primary sortas="c-libldap">libldap.[so,a]</primary>
518 </indexterm>
519 </listitem>
520 </varlistentry>
521
522 <varlistentry id="libldap_r">
523 <term><filename class='libraryfile'>libldap_r.[so,a]</filename></term>
524 <listitem>
525 <para>contains the functions required by the LDAP programs to
526 produce the results from LDAP requests.</para>
527 <indexterm zone="openldap libldap_r">
528 <primary sortas="c-libldap_r">libldap_r.[so,a]</primary>
529 </indexterm>
530 </listitem>
531 </varlistentry>
532
533 </variablelist>
534
535 </sect2>
536
537</sect1>
Note: See TracBrowser for help on using the repository browser.