source: server/other/openldap.xml@ eab03ca

10.0 10.1 11.0 11.1 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/test-20220226
Last change on this file since eab03ca was eab03ca, checked in by Randy McMurchy <randy@…>, 15 years ago

Added new package Pth-2.0.7

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7065 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 20.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
8 <!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
9 <!ENTITY openldap-md5sum "154d674cf95a8f8acc496cc6cb0671e1">
10 <!ENTITY openldap-size "3.7 MB">
11 <!ENTITY openldap-buildsize "112 MB">
12 <!ENTITY openldap-time "1.7 SBU and approximately 30 minutes to run the tests (processor independent)">
13]>
14
15<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
16 <?dbhtml filename="openldap.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>OpenLDAP-&openldap-version;</title>
24
25 <indexterm zone="openldap">
26 <primary sortas="a-OpenLDAP">OpenLDAP</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to OpenLDAP</title>
31
32 <para>The <application>OpenLDAP</application> package provides an open
33 source implementation of the Lightweight Directory Access Protocol.</para>
34
35 <bridgehead renderas="sect3">Package Information</bridgehead>
36 <itemizedlist spacing="compact">
37 <listitem>
38 <para>Download (HTTP): <ulink url="&openldap-download-http;"/></para>
39 </listitem>
40 <listitem>
41 <para>Download (FTP): <ulink url="&openldap-download-ftp;"/></para>
42 </listitem>
43 <listitem>
44 <para>Download MD5 sum: &openldap-md5sum;</para>
45 </listitem>
46 <listitem>
47 <para>Download size: &openldap-size;</para>
48 </listitem>
49 <listitem>
50 <para>Estimated disk space required: &openldap-buildsize;</para>
51 </listitem>
52 <listitem>
53 <para>Estimated build time: &openldap-time;</para>
54 </listitem>
55 </itemizedlist>
56
57 <note>
58 <para>The <application>OpenLDAP</application> stable releases are
59 packaged without version numbers in the tarball names. You can see the
60 relationship between the version number and name of the tarball at <ulink
61 url="http://www.openldap.org/software/download/"/>.</para>
62 </note>
63
64 <bridgehead renderas="sect3">OpenLDAP Dependencies</bridgehead>
65
66 <bridgehead renderas="sect4">Required</bridgehead>
67 <para role="required"><xref linkend="db"/> is recommended (built in LFS) or
68 <!-- <xref linkend="db"/> -->
69 <xref linkend="gdbm"/></para>
70
71 <bridgehead renderas="sect4">Recommended</bridgehead>
72 <para role="recommended"><xref linkend="cyrus-sasl"/> and
73 <xref linkend="openssl"/></para>
74
75 <bridgehead renderas="sect4">Optional</bridgehead>
76 <para role="optional"><xref linkend="tcpwrappers"/>,
77 <xref linkend="unixodbc"/>,
78 <xref linkend="gmp"/>,
79 <xref linkend="pth"/>, and
80 <ulink url="http://www.openslp.org/">OpenSLP</ulink></para>
81
82 <para condition="html" role="usernotes">User Notes:
83 <ulink url="&blfs-wiki;/openldap"/></para>
84
85 </sect2>
86
87 <sect2 role="installation">
88 <title>Installation of OpenLDAP</title>
89
90 <para>Install <application>OpenLDAP</application> by
91 running the following commands:</para>
92
93<screen><userinput>./configure --prefix=/usr \
94 --libexecdir=/usr/sbin \
95 --sysconfdir=/etc \
96 --localstatedir=/srv/ldap \
97 --disable-debug \
98 --enable-dynamic \
99 --enable-crypt \
100 --enable-modules \
101 --enable-rlookups \
102 --enable-backends \
103 --enable-overlays &amp;&amp;
104make depend &amp;&amp;
105make</userinput></screen>
106
107 <para>To test the results, issue: <command>make test</command>. If you've
108 enabled <application>tcp_wrappers</application>, ensure you add 127.0.0.1
109 to the <parameter>slapd</parameter> line in the
110 <filename>/etc/hosts.allow</filename> file if you have a restrictive
111 <filename>/etc/hosts.deny</filename> file.</para>
112
113 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
114
115<screen role="root"><userinput>make install &amp;&amp;
116chmod -v 755 /usr/lib/libl*-2.3.so.0.2.20 &amp;&amp;
117install -v -m755 -d /usr/share/doc/openldap-&openldap-version;/{drafts,guide,rfc} &amp;&amp;
118install -v -m644 doc/drafts/* /usr/share/doc/openldap-&openldap-version;/drafts &amp;&amp;
119install -v -m644 doc/rfc/* /usr/share/doc/openldap-&openldap-version;/rfc &amp;&amp;
120cp -v -R doc/guide/* /usr/share/doc/openldap-&openldap-version;/guide</userinput></screen>
121
122 </sect2>
123
124 <sect2 role="commands">
125 <title>Command Explanations</title>
126
127 <para><parameter>--libexecdir=/usr/sbin</parameter>: Installs the
128 <command>slapd</command> and <command>slurpd</command> daemon programs in
129 <filename class="directory">/usr/sbin</filename> instead of
130 <filename class="directory">/usr/libexec</filename>.</para>
131
132 <para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file
133 directory to avoid the default of
134 <filename class="directory">/usr/etc</filename>.</para>
135
136 <para><parameter>--localstatedir=/srv/ldap</parameter>: Sets the directory
137 to use for the LDAP directory database, replication logs and
138 run-time variable data.</para>
139
140 <para><parameter>--disable-debug</parameter>: Disable debugging code.</para>
141
142 <para><parameter>--enable-dynamic</parameter>: This forces the
143 <application>OpenLDAP</application> libraries to be dynamically linked
144 to the executable programs.</para>
145
146 <para><parameter>--enable-crypt</parameter>: Enables crypt(3)
147 passwords.</para>
148
149 <para><parameter>--enable-modules</parameter>: Enables dynamic module
150 support.</para>
151
152 <!-- <para><parameter>-enable-ldap</parameter>: Enables the
153 <command>slapd</command> LDAP backend.</para>
154
155 <para><parameter>-enable-ldbm</parameter>: Build <command>slapd</command>
156 with the primary database back end using either
157 <application>Berkeley DB</application> or
158 <application>GNU Database Manager</application>.</para> -->
159
160 <para><parameter>--enable-rlookups</parameter>: This parameter enables
161 reverse lookups of client hostnames.</para>
162
163 <para><parameter>--enable-backends</parameter>: This parameter enables
164 all available backends.</para>
165
166 <para><parameter>--enable-overlays</parameter>: This parameter enables
167 all available overlays.</para>
168
169 <para><option>--disable-bdb --disable-hdb --with-ldbm-api=gdbm</option>:
170 Pass these parameters to the <command>configure</command> command if you
171 wish to use <application>GDBM</application> instead of
172 <application>Berkeley DB</application> as the primary backend
173 database.</para>
174
175 <para><command>chmod -v 755 /usr/lib/libl*-2.3.so.0.2.20</command>: This
176 command adds the executable bit to the shared libraries.</para>
177
178 <note>
179 <para>You can run <command>./configure --help</command> to see if there
180 are other parameters you can pass to the <command>configure</command>
181 command to enable other options or dependency packages.</para>
182 </note>
183
184 </sect2>
185
186 <sect2 role="configuration">
187 <title>Configuring OpenLDAP</title>
188
189 <sect3 id="openldap-config">
190 <title>Config Files</title>
191
192 <para><filename>/etc/openldap/*</filename></para>
193
194 <indexterm zone="openldap openldap-config">
195 <primary sortas="e-etc-openldap">/etc/openldap/*</primary>
196 </indexterm>
197
198 </sect3>
199
200 <sect3>
201 <title>Configuration Information</title>
202
203 <para>Configuring the <command>slapd</command> and
204 <command>slurpd</command> servers can be complex. Securing the LDAP
205 directory, especially if you are storing non-public data such as
206 password databases, can also be a challenging task. You'll need to
207 modify the <filename>/etc/openldap/slapd.conf</filename> and
208 <filename>/etc/openldap/ldap.conf</filename> files to set up
209 <application>OpenLDAP</application> for your particular needs.</para>
210
211 <indexterm zone="openldap openldap-config">
212 <primary
213 sortas="e-etc-openldap-slapd.conf">/etc/openldap/slapd.conf</primary>
214 </indexterm>
215
216 <indexterm zone="openldap openldap-config">
217 <primary
218 sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary>
219 </indexterm>
220
221 <para>Resources to assist you with topics such as choosing a directory
222 configuration, backend and database definitions, access control settings,
223 running as a user other than <systemitem class="username">root</systemitem>
224 and setting a <command>chroot</command> environment include:</para>
225
226 <itemizedlist spacing='compact'>
227 <listitem>
228 <para>The <command>slapd</command> man page</para>
229 </listitem>
230 <listitem>
231 <para>The <filename>slapd.conf</filename> man page</para>
232 </listitem>
233 <listitem>
234 <para>The <ulink
235 url="http://www.openldap.org/doc/admin23/">OpenLDAP 2.3
236 Administrator's Guide</ulink> (also installed locally in
237 <filename class='directory'>
238 /usr/share/doc/openldap-&openldap-version;/guide/admin</filename>)</para>
239 </listitem>
240 <listitem>
241 <para>Documents located at
242 <ulink url="http://www.openldap.org/pub/"/></para>
243 </listitem>
244 </itemizedlist>
245
246 </sect3>
247
248 <sect3>
249 <title>Utilizing GDBM</title>
250
251 <para>To utilize <application>GDBM</application> as the database
252 backend, the <quote>database</quote> entry in
253 <filename>/etc/openldap/slapd.conf</filename> must be changed from
254 <quote>bdb</quote> to <quote>ldbm</quote>. You can use both by
255 creating an additional database section in
256 <filename>/etc/openldap/slapd.conf</filename>.</para>
257
258 </sect3>
259
260 <sect3>
261 <title>Mozilla Address Directory</title>
262
263 <para>By default, LDAPv2 support is disabled in the
264 <filename>slapd.conf</filename> file. Once the database is properly
265 set up and <application>Mozilla</application> is configured to use the
266 directory, you must add <option>allow bind_v2</option> to the
267 <filename>slapd.conf</filename> file.</para>
268
269 </sect3>
270
271 <sect3 id="openldap-init">
272 <title>Boot Script</title>
273
274 <para>To automate the startup of the LDAP server at system bootup,
275 install the <filename>/etc/rc.d/init.d/openldap</filename> init script
276 included in the <xref linkend="bootscripts"/> package
277 using the following command:</para>
278
279 <indexterm zone="openldap openldap-init">
280 <primary sortas="f-openldap">openldap</primary>
281 </indexterm>
282
283<screen role="root"><userinput>make install-openldap1</userinput></screen>
284
285 <para><emphasis>Note:</emphasis> The init script you just installed only
286 starts the <command>slapd</command> daemon. If you wish to also start the
287 <command>slurpd</command> daemon at system startup, install a modified
288 version of the script using this command:</para>
289
290<screen role="root"><userinput>make install-openldap2</userinput></screen>
291
292 <note>
293 <para>The init script starts the daemons without any parameters.
294 You'll need to modify the script to include the parameters needed for
295 your specific configuration. See the <command>slapd</command> and
296 <command>slurpd</command> man pages for parameter information.</para>
297 </note>
298
299 </sect3>
300
301 <sect3>
302 <title>Testing the Configuration</title>
303
304 <para>Start the LDAP server using the init script:</para>
305
306<screen role="root"><userinput>/etc/rc.d/init.d/openldap start</userinput></screen>
307
308 <para>Verify access to the LDAP server with the following
309 command:</para>
310
311<screen><userinput>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</userinput></screen>
312
313 <para>The expected result is:</para>
314
315<screen><computeroutput># extended LDIF
316#
317# LDAPv3
318# base &lt;&gt; with scope base
319# filter: (objectclass=*)
320# requesting: namingContexts
321#
322
323#
324dn:
325namingContexts: dc=my-domain,dc=com
326
327# search result
328search: 2
329result: 0 Success
330
331# numResponses: 2
332# numEntries: 1</computeroutput></screen>
333
334 </sect3>
335
336 </sect2>
337
338 <sect2 role="content">
339 <title>Contents</title>
340
341 <segmentedlist>
342 <segtitle>Installed Programs</segtitle>
343 <segtitle>Installed Libraries</segtitle>
344 <segtitle>Installed Directories</segtitle>
345
346 <seglistitem>
347 <seg>ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn,
348 ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn,
349 slapindex, slappasswd, slaptest, and slurpd</seg>
350 <seg>liblber.{so,a}, libldap.{so,a}, and libldap_r.{so,a}</seg>
351 <seg>/etc/openldap, /srv/ldap, and /usr/share/openldap</seg>
352 </seglistitem>
353 </segmentedlist>
354
355 <variablelist>
356 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
357 <?dbfo list-presentation="list"?>
358 <?dbhtml list-presentation="table"?>
359
360 <varlistentry id="ldapadd">
361 <term><command>ldapadd</command></term>
362 <listitem>
363 <para>opens a connection to an LDAP server, binds and adds
364 entries.</para>
365 <indexterm zone="openldap ldapadd">
366 <primary sortas="b-ldapadd">ldapadd</primary>
367 </indexterm>
368 </listitem>
369 </varlistentry>
370
371 <varlistentry id="ldapcompare">
372 <term><command>ldapcompare</command></term>
373 <listitem>
374 <para>opens a connection to an LDAP server, binds and performs
375 a compare using specified parameters.</para>
376 <indexterm zone="openldap ldapcompare">
377 <primary sortas="b-ldapcompare">ldapcompare</primary>
378 </indexterm>
379 </listitem>
380 </varlistentry>
381
382 <varlistentry id="ldapdelete">
383 <term><command>ldapdelete</command></term>
384 <listitem>
385 <para> opens a connection to an LDAP server, binds and deletes
386 one or more entries.</para>
387 <indexterm zone="openldap ldapdelete">
388 <primary sortas="b-ldapdelete">ldapdelete</primary>
389 </indexterm>
390 </listitem>
391 </varlistentry>
392
393 <varlistentry id="ldapmodify">
394 <term><command>ldapmodify</command></term>
395 <listitem>
396 <para>opens a connection to an LDAP server, binds and modifies
397 entries.</para>
398 <indexterm zone="openldap ldapmodify">
399 <primary sortas="b-ldapmodify">ldapmodify</primary>
400 </indexterm>
401 </listitem>
402 </varlistentry>
403
404 <varlistentry id="ldapmodrdn">
405 <term><command>ldapmodrdn</command></term>
406 <listitem>
407 <para>opens a connection to an LDAP server, binds and modifies
408 the RDN of entries.</para>
409 <indexterm zone="openldap ldapmodrdn">
410 <primary sortas="b-ldapmodrdn">ldapmodrdn</primary>
411 </indexterm>
412 </listitem>
413 </varlistentry>
414
415 <varlistentry id="ldappasswd">
416 <term><command>ldappasswd</command></term>
417 <listitem>
418 <para>is a tool to set the password of an LDAP user.</para>
419 <indexterm zone="openldap ldappasswd">
420 <primary sortas="b-ldappasswd">ldappasswd</primary>
421 </indexterm>
422 </listitem>
423 </varlistentry>
424
425 <varlistentry id="ldapsearch">
426 <term><command>ldapsearch</command></term>
427 <listitem>
428 <para>opens a connection to an LDAP server, binds and performs
429 a search using specified parameters.</para>
430 <indexterm zone="openldap ldapsearch">
431 <primary sortas="b-ldapsearch">ldapsearch</primary>
432 </indexterm>
433 </listitem>
434 </varlistentry>
435
436 <varlistentry id="ldapwhoami">
437 <term><command>ldapwhoami</command></term>
438 <listitem>
439 <para>opens a connection to an LDAP server, binds and displays
440 whoami information.</para>
441 <indexterm zone="openldap ldapwhoami">
442 <primary sortas="b-ldapwhoami">ldapwhoami</primary>
443 </indexterm>
444 </listitem>
445 </varlistentry>
446
447 <varlistentry id="slapadd">
448 <term><command>slapadd</command></term>
449 <listitem>
450 <para>is used to add entries specified in LDAP Directory Interchange
451 Format (LDIF) to an LDAP database.</para>
452 <indexterm zone="openldap slapadd">
453 <primary sortas="b-slapadd">slapadd</primary>
454 </indexterm>
455 </listitem>
456 </varlistentry>
457
458 <varlistentry id="slapcat">
459 <term><command>slapcat</command></term>
460 <listitem>
461 <para>is used to generate an LDAP LDIF output based upon the
462 contents of a slapd database.</para>
463 <indexterm zone="openldap slapcat">
464 <primary sortas="b-slapcat">slapcat</primary>
465 </indexterm>
466 </listitem>
467 </varlistentry>
468
469 <varlistentry id="slapd">
470 <term><command>slapd</command></term>
471 <listitem>
472 <para>is the stand-alone LDAP server.</para>
473 <indexterm zone="openldap slapd">
474 <primary sortas="b-slapd">slapd</primary>
475 </indexterm>
476 </listitem>
477 </varlistentry>
478
479 <varlistentry id="slapdn">
480 <term><command>slapdn</command></term>
481 <listitem>
482 <para>checks a list of string-represented DNs based on schema
483 syntax.</para>
484 <indexterm zone="openldap slapdn">
485 <primary sortas="b-slapdn">slapdn</primary>
486 </indexterm>
487 </listitem>
488 </varlistentry>
489
490 <varlistentry id="slapindex">
491 <term><command>slapindex</command></term>
492 <listitem>
493 <para>is used to regenerate slapd indices based upon the current
494 contents of a database.</para>
495 <indexterm zone="openldap slapindex">
496 <primary sortas="b-slapindex">slapindex</primary>
497 </indexterm>
498 </listitem>
499 </varlistentry>
500
501 <varlistentry id="slappasswd">
502 <term><command>slappasswd</command></term>
503 <listitem>
504 <para>is an <application>OpenLDAP</application> password
505 utility.</para>
506 <indexterm zone="openldap slappasswd">
507 <primary sortas="b-slappasswd">slappasswd</primary>
508 </indexterm>
509 </listitem>
510 </varlistentry>
511
512 <varlistentry id="slaptest">
513 <term><command>slaptest</command></term>
514 <listitem>
515 <para>checks the sanity of the <filename>slapd.conf</filename>
516 file.</para>
517 <indexterm zone="openldap slaptest">
518 <primary sortas="b-slaptest">slaptest</primary>
519 </indexterm>
520 </listitem>
521 </varlistentry>
522
523 <varlistentry id="slurpd">
524 <term><command>slurpd</command></term>
525 <listitem>
526 <para>is the stand-alone LDAP replication server.</para>
527 <indexterm zone="openldap slurpd">
528 <primary sortas="b-slurpd">slurpd</primary>
529 </indexterm>
530 </listitem>
531 </varlistentry>
532
533 <varlistentry id="liblber">
534 <term><filename class='libraryfile'>liblber.{so,a}</filename></term>
535 <listitem>
536 <para>is a set of lightweight Basic Encoding Rules routines. These
537 routines are used by the LDAP library routines to encode and decode
538 LDAP protocol elements using the (slightly simplified) Basic
539 Encoding Rules defined by LDAP. They are not normally used directly
540 by an LDAP application program except in the handling of controls
541 and extended operations.</para>
542 <indexterm zone="openldap liblber">
543 <primary sortas="c-liblber">liblber.{so,a}</primary>
544 </indexterm>
545 </listitem>
546 </varlistentry>
547
548 <varlistentry id="libldap">
549 <term><filename class='libraryfile'>libldap.{so,a}</filename></term>
550 <listitem>
551 <para>supports the LDAP programs and provide functionality for
552 other programs interacting with LDAP.</para>
553 <indexterm zone="openldap libldap">
554 <primary sortas="c-libldap">libldap.{so,a}</primary>
555 </indexterm>
556 </listitem>
557 </varlistentry>
558
559 <varlistentry id="libldap_r">
560 <term><filename class='libraryfile'>libldap_r.{so,a}</filename></term>
561 <listitem>
562 <para>contains the functions required by the LDAP programs to
563 produce the results from LDAP requests.</para>
564 <indexterm zone="openldap libldap_r">
565 <primary sortas="c-libldap_r">libldap_r.{so,a}</primary>
566 </indexterm>
567 </listitem>
568 </varlistentry>
569
570 </variablelist>
571
572 </sect2>
573
574</sect1>
Note: See TracBrowser for help on using the repository browser.