source: server/other/openldap.xml@ c507fdb3

10.0 10.1 11.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 ken/refactor-virt krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since c507fdb3 was c507fdb3, checked in by Randy McMurchy <randy@…>, 17 years ago

Updated to OpenLDAP-2.2.24

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3663 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 16.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7<!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-release/openldap-&openldap-version;.tgz">
8<!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-&openldap-version;.tgz">
9<!ENTITY openldap-md5sum "383691dbabe05ee2b72a3e9db2042a82">
10<!ENTITY openldap-size "2.6 MB">
11<!ENTITY openldap-buildsize "76.7 MB">
12<!ENTITY openldap-time "6.58 SBU">
13]>
14
15<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
16<sect1info>
17<othername>$LastChangedBy$</othername>
18<date>$Date$</date>
19</sect1info>
20<?dbhtml filename="openldap.html"?>
21<title><application>Open<acronym>LDAP</acronym></application>-&openldap-version;
22</title>
23<indexterm zone="openldap">
24<primary sortas="a-OpenLDAP">OpenLDAP</primary></indexterm>
25
26<sect2>
27<title>Introduction to
28<application>Open<acronym>LDAP</acronym></application></title>
29
30<para>The <application>Open<acronym>LDAP</acronym></application> package
31provides an open source implementation of the Lightweight Directory
32Access Protocol.</para>
33
34<sect3><title>Package information</title>
35<itemizedlist spacing='compact'>
36<listitem><para>Download (HTTP):
37<ulink url="&openldap-download-http;"/></para></listitem>
38<listitem><para>Download (FTP):
39<ulink url="&openldap-download-ftp;"/></para></listitem>
40<listitem><para>Download MD5 sum: &openldap-md5sum;</para></listitem>
41<listitem><para>Download size: &openldap-size;</para></listitem>
42<listitem><para>Estimated disk space required:
43&openldap-buildsize;</para></listitem>
44<listitem><para>Estimated build time:
45&openldap-time;</para></listitem></itemizedlist>
46</sect3>
47
48<sect3><title><application>Open<acronym>LDAP</acronym></application>
49dependencies</title>
50<sect4><title>Required</title>
51<para><xref linkend="db"/></para>
52</sect4>
53
54<sect4><title>Recommended</title>
55<para><xref linkend="cyrus-sasl"/> and <xref linkend="openssl"/></para>
56</sect4>
57
58<sect4><title>Optional</title>
59<para><xref linkend="tcpwrappers"/>,
60<xref linkend="gdbm"/>,
61<ulink url="http://www.gnu.org/software/pth/">GNU Pth</ulink>, and
62<xref linkend="heimdal"/> or
63<xref linkend="mitkrb"/></para>
64</sect4>
65
66</sect3>
67
68</sect2>
69
70<sect2>
71<title>Installation of
72<application>Open<acronym>LDAP</acronym></application></title>
73
74<para>Install <application>Open<acronym>LDAP</acronym></application> by
75running the following commands:</para>
76
77<screen><userinput><command>./configure --prefix=/usr --libexecdir=/usr/sbin \
78 --sysconfdir=/etc --localstatedir=/srv/ldap \
79 --enable-ldbm --disable-debug &amp;&amp;
80make depend &amp;&amp;
81make &amp;&amp;
82make test</command></userinput></screen>
83
84<para>Now, as the root user:</para>
85
86<screen><userinput role='root'><command>make install &amp;&amp;
87chmod 755 /usr/lib/libl*-2.2.so.7.0.13</command></userinput></screen>
88
89</sect2>
90
91<sect2>
92<title>Command explanations</title>
93
94<para><parameter>--libexecdir=/usr/sbin</parameter>: Installs the server
95executables in <filename class="directory">/usr/sbin</filename> instead of
96<filename class="directory">/usr/libexec</filename>.</para>
97
98<para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file
99directory to avoid the default of
100<filename class="directory">/usr/etc</filename>.</para>
101
102<para><parameter>--localstatedir=/srv/ldap</parameter>: Sets the directory
103to use for the <acronym>LDAP</acronym> directory database, replication logs and
104run-time variable data.</para>
105
106<para><parameter>--enable-ldbm</parameter>: Build <command>slapd</command>
107with the primary database back end using either
108<application>Berkeley DB</application> or
109<application><acronym>GNU</acronym> Database Manager</application>.</para>
110
111<para><parameter>--disable-debug</parameter>: Disable debugging code.</para>
112
113<para><command>make test</command>: Validates the correct build of the
114package. If you've enabled <application>tcp_wrappers</application>, ensure you
115add 127.0.0.1 to the <parameter>slapd</parameter> line in the
116<filename>/etc/hosts.allow</filename> file if you have a
117restrictive <filename>/etc/hosts.deny</filename> file. If you logged the
118output of the <command>make test</command>, an easy test to see if all the
119tests succeeded is to issue <command>grep ">>>>> Test succeeded"
120<replaceable>[logfilename]</replaceable> | wc -l</command>. You should have
121<computeroutput>39</computeroutput> returned.</para>
122
123<para><command>chmod 755 /usr/lib/libl*-2.2.so.7.0.10</command>: This command
124adds the executable bit to the shared libraries.</para>
125
126</sect2>
127
128<sect2>
129<title>Configuring
130<application>Open<acronym>LDAP</acronym></application></title>
131
132<sect3 id="openldap-config"><title>Config files</title>
133<para><filename>/etc/openldap/*</filename></para>
134<indexterm zone="openldap openldap-config">
135<primary sortas="e-etc-openldap">/etc/openldap/*</primary></indexterm>
136</sect3>
137
138<sect3><title>Configuration Information</title>
139<para>Configuring the <command>slapd</command> and <command>slurpd</command>
140servers can be complex. Securing the <acronym>LDAP</acronym> directory,
141especially if you are storing non-public data such as password databases,
142can also be a challenging task. You'll need to modify the
143<filename>/etc/openldap/slapd.conf</filename> and
144<filename>/etc/openldap/ldap.conf</filename> files to set up
145<application>Open<acronym>LDAP</acronym></application> for your particular
146needs.</para>
147<indexterm zone="openldap openldap-config">
148<primary sortas="e-etc-openldap-slapd.conf">/etc/openldap/slapd.conf</primary>
149</indexterm>
150<indexterm zone="openldap openldap-config">
151<primary sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary>
152</indexterm>
153
154<para>Resources to assist you with topics such as choosing a directory
155configuration, backend and database definitions, access control settings,
156running as a user other than root and setting a <command>chroot</command>
157environment include:
158</para>
159
160<itemizedlist spacing='compact'>
161<listitem><para>The <command>slapd</command> man page</para></listitem>
162<listitem><para>The <filename>slapd.conf</filename> man page</para></listitem>
163<listitem><para>The <ulink
164url="http://www.openldap.org/doc/admin22/">OpenLDAP 2.2 Administrator's
165Guide</ulink></para></listitem>
166<listitem><para>Documents located at
167<ulink url="http://www.openldap.org/pub/"/></para></listitem>
168</itemizedlist></sect3>
169
170<sect3><title>Utilizing <application>GDBM</application></title>
171<para>To utilize <application>GDBM</application> as the database
172backend, the <quote>database</quote> entry in
173<filename>/etc/openldap/slapd.conf</filename> must be changed from
174<quote>bdb</quote> to <quote>ldbm</quote>. You can use both by creating an
175additional database section in <filename>/etc/openldap/slapd.conf</filename>.
176</para></sect3>
177
178<sect3><title><application>Mozilla</application> Address Directory</title>
179<para>By default, <acronym>LDAP</acronym>v2 support is disabled in the
180<filename>slapd.conf</filename> file. Once the database is properly
181set up and <application>Mozilla</application> is configured to use the
182directory, you must add <option>allow bind_v2</option> to the
183<filename>slapd.conf</filename> file.</para></sect3>
184
185<sect3 id="openldap-init"><title>Init Script</title>
186<para>To automate the startup of the <acronym>LDAP</acronym> server at system
187bootup, install the <filename>/etc/rc.d/init.d/openldap</filename> init script
188included in the <xref linkend="intro-important-bootscripts"/> package using the
189following command:</para>
190<indexterm zone="openldap openldap-init">
191<primary sortas="f-openldap">openldap</primary></indexterm>
192
193<screen><userinput><command>make install-openldap1</command></userinput></screen>
194
195<para><emphasis>Note:</emphasis> The init script you just installed only starts
196the <command>slapd</command> daemon. If you wish to also start the
197<command>slurpd</command> daemon at system startup, install a modified version
198of the script using this command:</para>
199
200<screen><userinput><command>make install-openldap2</command></userinput></screen>
201
202<note><para>The init script starts the daemons without any parameters. You'll
203need to modify the script to include the parameters needed for your specific
204configuration. See the <command>slapd</command> and <command>slurpd</command>
205man pages for parameter information.</para></note>
206</sect3>
207
208<sect3><title>Testing the Configuration</title>
209<para>Start the <acronym>LDAP</acronym> server using the init script:</para>
210
211<screen><userinput><command>/etc/rc.d/init.d/openldap start</command></userinput></screen>
212
213<para>Verify access to the <acronym>LDAP</acronym> server with the following
214command:</para>
215
216<screen><userinput><command>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</command></userinput></screen>
217
218<para>The expected result is:</para>
219<screen><computeroutput># extended LDIF
220#
221# LDAPv3
222# base &lt;&gt; with scope base
223# filter: (objectclass=*)
224# requesting: namingContexts
225#
226
227#
228dn:
229namingContexts: dc=my-domain,dc=com
230
231# search result
232search: 2
233result: 0 Success
234
235# numResponses: 2
236# numEntries: 1</computeroutput></screen>
237
238</sect3>
239</sect2>
240
241<sect2>
242<title>Contents</title>
243
244<segmentedlist>
245<segtitle>Installed Programs</segtitle>
246<segtitle>Installed Libraries</segtitle>
247<segtitle>Installed Directories</segtitle>
248
249<seglistitem>
250<seg>ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn, ldappasswd,
251ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn, slapindex,
252slappasswd, slaptest and slurpd</seg>
253<seg>liblber.[so,a], libldap.[so,a] and libldap_r.[so,a]</seg>
254<seg>/etc/openldap, /srv/ldap and /usr/share/openldap</seg>
255</seglistitem>
256</segmentedlist>
257
258<variablelist>
259<bridgehead renderas="sect3">Short Descriptions</bridgehead>
260<?dbfo list-presentation="list"?>
261
262<varlistentry id="ldapadd">
263<term><command>ldapadd</command></term>
264<listitem><para>opens a connection to an <acronym>LDAP</acronym> server,
265binds and adds entries.</para>
266<indexterm zone="openldap ldapadd">
267<primary sortas="b-ldapadd">ldapadd</primary>
268</indexterm></listitem>
269</varlistentry>
270
271<varlistentry id="ldapcompare">
272<term><command>ldapcompare</command></term>
273<listitem><para>opens a connection to an <acronym>LDAP</acronym> server,
274binds and performs a compare using specified parameters.</para>
275<indexterm zone="openldap ldapcompare">
276<primary sortas="b-ldapcompare">ldapcompare</primary>
277</indexterm></listitem>
278</varlistentry>
279
280<varlistentry id="ldapdelete">
281<term><command>ldapdelete</command></term>
282<listitem><para> opens a connection to an <acronym>LDAP</acronym> server,
283binds and deletes one or more entries.</para>
284<indexterm zone="openldap ldapdelete">
285<primary sortas="b-ldapdelete">ldapdelete</primary>
286</indexterm></listitem>
287</varlistentry>
288
289<varlistentry id="ldapmodify">
290<term><command>ldapmodify</command></term>
291<listitem><para>opens a connection to an <acronym>LDAP</acronym> server,
292binds and modifies entries.</para>
293<indexterm zone="openldap ldapmodify">
294<primary sortas="b-ldapmodify">ldapmodify</primary>
295</indexterm></listitem>
296</varlistentry>
297
298<varlistentry id="ldapmodrdn">
299<term><command>ldapmodrdn</command></term>
300<listitem><para>opens a connection to an <acronym>LDAP</acronym> server,
301binds and modifies the <acronym>RDN</acronym> of entries.</para>
302<indexterm zone="openldap ldapmodrdn">
303<primary sortas="b-ldapmodrdn">ldapmodrdn</primary>
304</indexterm></listitem>
305</varlistentry>
306
307<varlistentry id="ldappasswd">
308<term><command>ldappasswd</command></term>
309<listitem><para>is a tool to set the password of an <acronym>LDAP</acronym>
310user.</para>
311<indexterm zone="openldap ldappasswd">
312<primary sortas="b-ldappasswd">ldappasswd</primary>
313</indexterm></listitem>
314</varlistentry>
315
316<varlistentry id="ldapsearch">
317<term><command>ldapsearch</command></term>
318<listitem><para>opens a connection to an <acronym>LDAP</acronym> server,
319binds and performs a search using specified parameters.</para>
320<indexterm zone="openldap ldapsearch">
321<primary sortas="b-ldapsearch">ldapsearch</primary>
322</indexterm></listitem>
323</varlistentry>
324
325<varlistentry id="ldapwhoami">
326<term><command>ldapwhoami</command></term>
327<listitem><para>opens a connection to an <acronym>LDAP</acronym> server,
328binds and displays whoami information.</para>
329<indexterm zone="openldap ldapwhoami">
330<primary sortas="b-ldapwhoami">ldapwhoami</primary>
331</indexterm></listitem>
332</varlistentry>
333
334<varlistentry id="slapadd">
335<term><command>slapadd</command></term>
336<listitem><para>is used to add entries specified in <acronym>LDAP</acronym>
337Directory Interchange Format (<acronym>LDIF</acronym>) to an
338<acronym>LDAP</acronym> database.</para>
339<indexterm zone="openldap slapadd">
340<primary sortas="b-slapadd">slapadd</primary>
341</indexterm></listitem>
342</varlistentry>
343
344<varlistentry id="slapcat">
345<term><command>slapcat</command></term>
346<listitem><para>is used to generate an <acronym>LDAP</acronym>
347<acronym>LDIF</acronym> output based upon the contents of a slapd
348database.</para>
349<indexterm zone="openldap slapcat">
350<primary sortas="b-slapcat">slapcat</primary>
351</indexterm></listitem>
352</varlistentry>
353
354<varlistentry id="slapd">
355<term><command>slapd</command></term>
356<listitem><para>is the stand-alone <acronym>LDAP</acronym> server.</para>
357<indexterm zone="openldap slapd">
358<primary sortas="b-slapd">slapd</primary>
359</indexterm></listitem>
360</varlistentry>
361
362<varlistentry id="slapdn">
363<term><command>slapdn</command></term>
364<listitem><para>checks a list of string-represented <acronym>DN</acronym>s
365based on schema syntax.</para>
366<indexterm zone="openldap slapdn">
367<primary sortas="b-slapdn">slapdn</primary>
368</indexterm></listitem>
369</varlistentry>
370
371<varlistentry id="slapindex">
372<term><command>slapindex</command></term>
373<listitem><para>is used to regenerate slapd indices based upon the current
374contents of a database.</para>
375<indexterm zone="openldap slapindex">
376<primary sortas="b-slapindex">slapindex</primary>
377</indexterm></listitem>
378</varlistentry>
379
380<varlistentry id="slappasswd">
381<term><command>slappasswd</command></term>
382<listitem><para>is an <application>Open<acronym>LDAP</acronym></application>
383password utility.</para>
384<indexterm zone="openldap slappasswd">
385<primary sortas="b-slappasswd">slappasswd</primary>
386</indexterm></listitem>
387</varlistentry>
388
389<varlistentry id="slaptest">
390<term><command>slaptest</command></term>
391<listitem><para>checks the sanity of the <filename>slapd.conf</filename>
392file.</para>
393<indexterm zone="openldap slaptest">
394<primary sortas="b-slaptest">slaptest</primary>
395</indexterm></listitem>
396</varlistentry>
397
398<varlistentry id="slurpd">
399<term><command>slurpd</command></term>
400<listitem><para>is the stand-alone <acronym>LDAP</acronym> replication
401server.</para>
402<indexterm zone="openldap slurpd">
403<primary sortas="b-slurpd">slurpd</primary>
404</indexterm></listitem>
405</varlistentry>
406
407<varlistentry id="liblber">
408<term><filename class='libraryfile'>liblber.[so,a]</filename></term>
409<listitem><para>is a set of lightweight Basic Encoding Rules routines. These
410routines are used by the <acronym>LDAP</acronym> library routines to encode
411and decode <acronym>LDAP</acronym> protocol elements using the (slightly
412simplified) Basic Encoding Rules defined by <acronym>LDAP</acronym>. They are
413not normally used directly by an <acronym>LDAP</acronym> application program
414except in the handling of controls and extended operations.</para>
415<indexterm zone="openldap liblber">
416<primary sortas="c-liblber">liblber.[so,a]</primary>
417</indexterm></listitem>
418</varlistentry>
419
420<varlistentry id="libldap">
421<term><filename class='libraryfile'>libldap.[so,a]</filename></term>
422<listitem><para>supports the <acronym>LDAP</acronym> programs and provide
423functionality for other programs interacting with
424<acronym>LDAP</acronym>.</para>
425<indexterm zone="openldap libldap">
426<primary sortas="c-libldap">libldap.[so,a]</primary>
427</indexterm></listitem>
428</varlistentry>
429
430<varlistentry id="libldap_r">
431<term><filename class='libraryfile'>libldap_r.[so,a]</filename></term>
432<listitem><para>contains the functions required by the <acronym>LDAP</acronym>
433programs to produce the results from <acronym>LDAP</acronym> requests.</para>
434<indexterm zone="openldap libldap_r">
435<primary sortas="c-libldap_r">libldap_r.[so,a]</primary>
436</indexterm></listitem>
437</varlistentry>
438</variablelist>
439
440</sect2>
441
442</sect1>
Note: See TracBrowser for help on using the repository browser.