Context Navigation

openldap.xml@ f70688a

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since f70688a was f70688a, checked in by Randy McMurchy <randy@…>, 16 years ago

Fixed a typo in the OpenLDAP instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7435 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 20.8 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
8	<!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-stable/openldap-&openldap-download-version;.tgz">
9	<!ENTITY openldap-md5sum "e3fec2953c948f6990ccdc3af7bf7f18">
10	<!ENTITY openldap-size "3.6 MB">
11	<!ENTITY openldap-buildsize "94 MB">
12	<!ENTITY openldap-time "1.2 SBU and approximately 30 minutes to run the tests (processor independent)">
13	]>
14
15	<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
16	<?dbhtml filename="openldap.html"?>
17
18	<sect1info>
19	<othername>$LastChangedBy$</othername>
20	<date>$Date$</date>
21	</sect1info>
22
23	<title>OpenLDAP-&openldap-version;</title>
24
25	<indexterm zone="openldap">
26	<primary sortas="a-OpenLDAP">OpenLDAP</primary>
27	</indexterm>
28
29	<sect2 role="package">
30	<title>Introduction to OpenLDAP</title>
31
32	<para>The <application>OpenLDAP</application> package provides an open
33	source implementation of the Lightweight Directory Access Protocol.</para>
34
35	<bridgehead renderas="sect3">Package Information</bridgehead>
36	<itemizedlist spacing="compact">
37	<listitem>
38	<para>Download (HTTP): <ulink url="&openldap-download-http;"/></para>
39	</listitem>
40	<listitem>
41	<para>Download (FTP): <ulink url="&openldap-download-ftp;"/></para>
42	</listitem>
43	<listitem>
44	<para>Download MD5 sum: &openldap-md5sum;</para>
45	</listitem>
46	<listitem>
47	<para>Download size: &openldap-size;</para>
48	</listitem>
49	<listitem>
50	<para>Estimated disk space required: &openldap-buildsize;</para>
51	</listitem>
52	<listitem>
53	<para>Estimated build time: &openldap-time;</para>
54	</listitem>
55	</itemizedlist>
56
57	<note>
58	<para>The <application>OpenLDAP</application> stable releases are
59	packaged without version numbers in the tarball names. You can see the
60	relationship between the version number and name of the tarball at <ulink
61	url="http://www.openldap.org/software/download/"/>.</para>
62	</note>
63
64	<bridgehead renderas="sect3">OpenLDAP Dependencies</bridgehead>
65
66	<bridgehead renderas="sect4">Required</bridgehead>
67	<para role="required"><xref linkend="db"/> is recommended (built in LFS) or
68	<!-- <xref linkend="db"/> -->
69	<xref linkend="gdbm"/></para>
70
71	<bridgehead renderas="sect4">Recommended</bridgehead>
72	<para role="recommended"><xref linkend="cyrus-sasl"/> and
73	<xref linkend="openssl"/></para>
74
75	<bridgehead renderas="sect4">Optional</bridgehead>
76	<para role="optional"><xref linkend="tcpwrappers"/>,
77	<xref linkend="unixodbc"/>,
78	<xref linkend="gmp"/>,
79	<ulink url="http://www.openslp.org/">OpenSLP</ulink>,
80	<xref linkend="pth"/>, and one of
81	<xref linkend="mysql"/>,
82	<ulink url="http://www.oracle.com/technologies/linux/index.html">Oracle</ulink>, or
83	<xref linkend="postgresql"/></para>
84
85	<para condition="html" role="usernotes">User Notes:
86	<ulink url="&blfs-wiki;/openldap"/></para>
87
88	</sect2>
89
90	<sect2 role="installation">
91	<title>Installation of OpenLDAP</title>
92
93	<para>Install <application>OpenLDAP</application> by
94	running the following commands:</para>
95
96	<screen><userinput>./configure --prefix=/usr \
97	--libexecdir=/usr/sbin \
98	--sysconfdir=/etc \
99	--localstatedir=/srv/ldap \
100	--disable-debug \
101	--enable-dynamic \
102	--enable-crypt \
103	--enable-modules \
104	--enable-rlookups \
105	--enable-backends \
106	--enable-overlays \
107	--disable-sql &&
108	make depend &&
109	make</userinput></screen>
110
111	<para>To test the results, issue: <command>make test</command>. If you've
112	enabled <application>tcp_wrappers</application>, ensure you add 127.0.0.1
113	to the <parameter>slapd</parameter> line in the
114	<filename>/etc/hosts.allow</filename> file if you have a restrictive
115	<filename>/etc/hosts.deny</filename> file.</para>
116
117	<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
118
119	<screen role="root"><userinput>make install &&
120
121	for LINK in lber ldap ldap_r; do
122	chmod -v 0755 /usr/lib/$(readlink /usr/lib/lib${LINK}.so)
123	done &&
124
125	install -v -m755 -d /usr/share/doc/openldap-&openldap-version;/{drafts,guide,rfc} &&
126	install -v -m644 doc/drafts/* /usr/share/doc/openldap-&openldap-version;/drafts &&
127	install -v -m644 doc/rfc/* /usr/share/doc/openldap-&openldap-version;/rfc &&
128	cp -v -R doc/guide/* /usr/share/doc/openldap-&openldap-version;/guide</userinput></screen>
129
130	</sect2>
131
132	<sect2 role="commands">
133	<title>Command Explanations</title>
134
135	<para><parameter>--libexecdir=/usr/sbin</parameter>: Installs the
136	<command>slapd</command> and <command>slurpd</command> daemon programs in
137	<filename class="directory">/usr/sbin</filename> instead of
138	<filename class="directory">/usr/libexec</filename>.</para>
139
140	<para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file
141	directory to avoid the default of
142	<filename class="directory">/usr/etc</filename>.</para>
143
144	<para><parameter>--localstatedir=/srv/ldap</parameter>: Sets the directory
145	to use for the LDAP directory database, replication logs and
146	run-time variable data.</para>
147
148	<para><parameter>--disable-debug</parameter>: Disable debugging code.</para>
149
150	<para><parameter>--enable-dynamic</parameter>: This forces the
151	<application>OpenLDAP</application> libraries to be dynamically linked
152	to the executable programs.</para>
153
154	<para><parameter>--enable-crypt</parameter>: Enables crypt(3)
155	passwords.</para>
156
157	<para><parameter>--enable-modules</parameter>: Enables dynamic module
158	support.</para>
159
160	<!-- <para><parameter>-enable-ldap</parameter>: Enables the
161	<command>slapd</command> LDAP backend.</para>
162
163	<para><parameter>-enable-ldbm</parameter>: Build <command>slapd</command>
164	with the primary database back end using either
165	<application>Berkeley DB</application> or
166	<application>GNU Database Manager</application>.</para> -->
167
168	<para><parameter>--enable-rlookups</parameter>: This parameter enables
169	reverse lookups of client hostnames.</para>
170
171	<para><parameter>--enable-backends</parameter>: This parameter enables
172	all available backends.</para>
173
174	<para><parameter>--enable-overlays</parameter>: This parameter enables
175	all available overlays.</para>
176
177	<para><parameter>--disable-sql</parameter>: This parameter explicity
178	disables the sql backend. Omit this switch if a SQL server is
179	installed.</para>
180
181	<para><option>--disable-bdb --disable-hdb --with-ldbm-api=gdbm</option>:
182	Pass these parameters to the <command>configure</command> command if you
183	wish to use <application>GDBM</application> instead of
184	<application>Berkeley DB</application> as the primary backend
185	database.</para>
186
187	<para><command>chmod -v 0755 ...</command>: This
188	command adds the executable bit to the shared libraries.</para>
189
190	<note>
191	<para>You can run <command>./configure --help</command> to see if there
192	are other parameters you can pass to the <command>configure</command>
193	command to enable other options or dependency packages.</para>
194	</note>
195
196	</sect2>
197
198	<sect2 role="configuration">
199	<title>Configuring OpenLDAP</title>
200
201	<sect3 id="openldap-config">
202	<title>Config Files</title>
203
204	<para><filename>/etc/openldap/*</filename></para>
205
206	<indexterm zone="openldap openldap-config">
207	<primary sortas="e-etc-openldap">/etc/openldap/*</primary>
208	</indexterm>
209
210	</sect3>
211
212	<sect3>
213	<title>Configuration Information</title>
214
215	<para>Configuring the <command>slapd</command> and
216	<command>slurpd</command> servers can be complex. Securing the LDAP
217	directory, especially if you are storing non-public data such as
218	password databases, can also be a challenging task. You'll need to
219	modify the <filename>/etc/openldap/slapd.conf</filename> and
220	<filename>/etc/openldap/ldap.conf</filename> files to set up
221	<application>OpenLDAP</application> for your particular needs.</para>
222
223	<indexterm zone="openldap openldap-config">
224	<primary
225	sortas="e-etc-openldap-slapd.conf">/etc/openldap/slapd.conf</primary>
226	</indexterm>
227
228	<indexterm zone="openldap openldap-config">
229	<primary
230	sortas="e-etc-openldap-ldap.conf">/etc/openldap/ldap.conf</primary>
231	</indexterm>
232
233	<para>Resources to assist you with topics such as choosing a directory
234	configuration, backend and database definitions, access control settings,
235	running as a user other than <systemitem class="username">root</systemitem>
236	and setting a <command>chroot</command> environment include:</para>
237
238	<itemizedlist spacing='compact'>
239	<listitem>
240	<para>The <command>slapd</command> man page</para>
241	</listitem>
242	<listitem>
243	<para>The <filename>slapd.conf</filename> man page</para>
244	</listitem>
245	<listitem>
246	<para>The <ulink
247	url="http://www.openldap.org/doc/admin23/">OpenLDAP 2.3
248	Administrator's Guide</ulink> (also installed locally in
249	<filename class='directory'>
250	/usr/share/doc/openldap-&openldap-version;/guide/admin</filename>)</para>
251	</listitem>
252	<listitem>
253	<para>Documents located at
254	<ulink url="http://www.openldap.org/pub/"/></para>
255	</listitem>
256	</itemizedlist>
257
258	</sect3>
259
260	<sect3>
261	<title>Utilizing GDBM</title>
262
263	<para>To utilize <application>GDBM</application> as the database
264	backend, the <quote>database</quote> entry in
265	<filename>/etc/openldap/slapd.conf</filename> must be changed from
266	<quote>bdb</quote> to <quote>ldbm</quote>. You can use both by
267	creating an additional database section in
268	<filename>/etc/openldap/slapd.conf</filename>.</para>
269
270	</sect3>
271
272	<sect3>
273	<title>Mozilla Address Directory</title>
274
275	<para>By default, LDAPv2 support is disabled in the
276	<filename>slapd.conf</filename> file. Once the database is properly
277	set up and <application>Mozilla</application> is configured to use the
278	directory, you must add <option>allow bind_v2</option> to the
279	<filename>slapd.conf</filename> file.</para>
280
281	</sect3>
282
283	<sect3 id="openldap-init">
284	<title>Boot Script</title>
285
286	<para>To automate the startup of the LDAP server at system bootup,
287	install the <filename>/etc/rc.d/init.d/openldap</filename> init script
288	included in the <xref linkend="bootscripts"/> package
289	using the following command:</para>
290
291	<indexterm zone="openldap openldap-init">
292	<primary sortas="f-openldap">openldap</primary>
293	</indexterm>
294
295	<screen role="root"><userinput>make install-openldap1</userinput></screen>
296
297	<para><emphasis>Note:</emphasis> The init script you just installed only
298	starts the <command>slapd</command> daemon. If you wish to also start the
299	<command>slurpd</command> daemon at system startup, install a modified
300	version of the script using this command:</para>
301
302	<screen role="root"><userinput>make install-openldap2</userinput></screen>
303
304	<note>
305	<para>The init script starts the daemons without any parameters.
306	You'll need to modify the script to include the parameters needed for
307	your specific configuration. See the <command>slapd</command> and
308	<command>slurpd</command> man pages for parameter information.</para>
309	</note>
310
311	</sect3>
312
313	<sect3>
314	<title>Testing the Configuration</title>
315
316	<para>Start the LDAP server using the init script:</para>
317
318	<screen role="root"><userinput>/etc/rc.d/init.d/openldap start</userinput></screen>
319
320	<para>Verify access to the LDAP server with the following
321	command:</para>
322
323	<screen><userinput>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</userinput></screen>
324
325	<para>The expected result is:</para>
326
327	<screen><computeroutput># extended LDIF
328	#
329	# LDAPv3
330	# base <> with scope base
331	# filter: (objectclass=*)
332	# requesting: namingContexts
333	#
334
335	#
336	dn:
337	namingContexts: dc=my-domain,dc=com
338
339	# search result
340	search: 2
341	result: 0 Success
342
343	# numResponses: 2
344	# numEntries: 1</computeroutput></screen>
345
346	</sect3>
347
348	</sect2>
349
350	<sect2 role="content">
351	<title>Contents</title>
352
353	<segmentedlist>
354	<segtitle>Installed Programs</segtitle>
355	<segtitle>Installed Libraries</segtitle>
356	<segtitle>Installed Directories</segtitle>
357
358	<seglistitem>
359	<seg>ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn,
360	ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn,
361	slapindex, slappasswd, slaptest, and slurpd</seg>
362	<seg>liblber.{so,a}, libldap.{so,a}, and libldap_r.{so,a}</seg>
363	<seg>/etc/openldap, /srv/ldap, and /usr/share/openldap</seg>
364	</seglistitem>
365	</segmentedlist>
366
367	<variablelist>
368	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
369	<?dbfo list-presentation="list"?>
370	<?dbhtml list-presentation="table"?>
371
372	<varlistentry id="ldapadd">
373	<term><command>ldapadd</command></term>
374	<listitem>
375	<para>opens a connection to an LDAP server, binds and adds
376	entries.</para>
377	<indexterm zone="openldap ldapadd">
378	<primary sortas="b-ldapadd">ldapadd</primary>
379	</indexterm>
380	</listitem>
381	</varlistentry>
382
383	<varlistentry id="ldapcompare">
384	<term><command>ldapcompare</command></term>
385	<listitem>
386	<para>opens a connection to an LDAP server, binds and performs
387	a compare using specified parameters.</para>
388	<indexterm zone="openldap ldapcompare">
389	<primary sortas="b-ldapcompare">ldapcompare</primary>
390	</indexterm>
391	</listitem>
392	</varlistentry>
393
394	<varlistentry id="ldapdelete">
395	<term><command>ldapdelete</command></term>
396	<listitem>
397	<para> opens a connection to an LDAP server, binds and deletes
398	one or more entries.</para>
399	<indexterm zone="openldap ldapdelete">
400	<primary sortas="b-ldapdelete">ldapdelete</primary>
401	</indexterm>
402	</listitem>
403	</varlistentry>
404
405	<varlistentry id="ldapmodify">
406	<term><command>ldapmodify</command></term>
407	<listitem>
408	<para>opens a connection to an LDAP server, binds and modifies
409	entries.</para>
410	<indexterm zone="openldap ldapmodify">
411	<primary sortas="b-ldapmodify">ldapmodify</primary>
412	</indexterm>
413	</listitem>
414	</varlistentry>
415
416	<varlistentry id="ldapmodrdn">
417	<term><command>ldapmodrdn</command></term>
418	<listitem>
419	<para>opens a connection to an LDAP server, binds and modifies
420	the RDN of entries.</para>
421	<indexterm zone="openldap ldapmodrdn">
422	<primary sortas="b-ldapmodrdn">ldapmodrdn</primary>
423	</indexterm>
424	</listitem>
425	</varlistentry>
426
427	<varlistentry id="ldappasswd">
428	<term><command>ldappasswd</command></term>
429	<listitem>
430	<para>is a tool to set the password of an LDAP user.</para>
431	<indexterm zone="openldap ldappasswd">
432	<primary sortas="b-ldappasswd">ldappasswd</primary>
433	</indexterm>
434	</listitem>
435	</varlistentry>
436
437	<varlistentry id="ldapsearch">
438	<term><command>ldapsearch</command></term>
439	<listitem>
440	<para>opens a connection to an LDAP server, binds and performs
441	a search using specified parameters.</para>
442	<indexterm zone="openldap ldapsearch">
443	<primary sortas="b-ldapsearch">ldapsearch</primary>
444	</indexterm>
445	</listitem>
446	</varlistentry>
447
448	<varlistentry id="ldapwhoami">
449	<term><command>ldapwhoami</command></term>
450	<listitem>
451	<para>opens a connection to an LDAP server, binds and displays
452	whoami information.</para>
453	<indexterm zone="openldap ldapwhoami">
454	<primary sortas="b-ldapwhoami">ldapwhoami</primary>
455	</indexterm>
456	</listitem>
457	</varlistentry>
458
459	<varlistentry id="slapadd">
460	<term><command>slapadd</command></term>
461	<listitem>
462	<para>is used to add entries specified in LDAP Directory Interchange
463	Format (LDIF) to an LDAP database.</para>
464	<indexterm zone="openldap slapadd">
465	<primary sortas="b-slapadd">slapadd</primary>
466	</indexterm>
467	</listitem>
468	</varlistentry>
469
470	<varlistentry id="slapcat">
471	<term><command>slapcat</command></term>
472	<listitem>
473	<para>is used to generate an LDAP LDIF output based upon the
474	contents of a slapd database.</para>
475	<indexterm zone="openldap slapcat">
476	<primary sortas="b-slapcat">slapcat</primary>
477	</indexterm>
478	</listitem>
479	</varlistentry>
480
481	<varlistentry id="slapd">
482	<term><command>slapd</command></term>
483	<listitem>
484	<para>is the stand-alone LDAP server.</para>
485	<indexterm zone="openldap slapd">
486	<primary sortas="b-slapd">slapd</primary>
487	</indexterm>
488	</listitem>
489	</varlistentry>
490
491	<varlistentry id="slapdn">
492	<term><command>slapdn</command></term>
493	<listitem>
494	<para>checks a list of string-represented DNs based on schema
495	syntax.</para>
496	<indexterm zone="openldap slapdn">
497	<primary sortas="b-slapdn">slapdn</primary>
498	</indexterm>
499	</listitem>
500	</varlistentry>
501
502	<varlistentry id="slapindex">
503	<term><command>slapindex</command></term>
504	<listitem>
505	<para>is used to regenerate slapd indices based upon the current
506	contents of a database.</para>
507	<indexterm zone="openldap slapindex">
508	<primary sortas="b-slapindex">slapindex</primary>
509	</indexterm>
510	</listitem>
511	</varlistentry>
512
513	<varlistentry id="slappasswd">
514	<term><command>slappasswd</command></term>
515	<listitem>
516	<para>is an <application>OpenLDAP</application> password
517	utility.</para>
518	<indexterm zone="openldap slappasswd">
519	<primary sortas="b-slappasswd">slappasswd</primary>
520	</indexterm>
521	</listitem>
522	</varlistentry>
523
524	<varlistentry id="slaptest">
525	<term><command>slaptest</command></term>
526	<listitem>
527	<para>checks the sanity of the <filename>slapd.conf</filename>
528	file.</para>
529	<indexterm zone="openldap slaptest">
530	<primary sortas="b-slaptest">slaptest</primary>
531	</indexterm>
532	</listitem>
533	</varlistentry>
534
535	<varlistentry id="slurpd">
536	<term><command>slurpd</command></term>
537	<listitem>
538	<para>is the stand-alone LDAP replication server.</para>
539	<indexterm zone="openldap slurpd">
540	<primary sortas="b-slurpd">slurpd</primary>
541	</indexterm>
542	</listitem>
543	</varlistentry>
544
545	<varlistentry id="liblber">
546	<term><filename class='libraryfile'>liblber.{so,a}</filename></term>
547	<listitem>
548	<para>is a set of lightweight Basic Encoding Rules routines. These
549	routines are used by the LDAP library routines to encode and decode
550	LDAP protocol elements using the (slightly simplified) Basic
551	Encoding Rules defined by LDAP. They are not normally used directly
552	by an LDAP application program except in the handling of controls
553	and extended operations.</para>
554	<indexterm zone="openldap liblber">
555	<primary sortas="c-liblber">liblber.{so,a}</primary>
556	</indexterm>
557	</listitem>
558	</varlistentry>
559
560	<varlistentry id="libldap">
561	<term><filename class='libraryfile'>libldap.{so,a}</filename></term>
562	<listitem>
563	<para>supports the LDAP programs and provide functionality for
564	other programs interacting with LDAP.</para>
565	<indexterm zone="openldap libldap">
566	<primary sortas="c-libldap">libldap.{so,a}</primary>
567	</indexterm>
568	</listitem>
569	</varlistentry>
570
571	<varlistentry id="libldap_r">
572	<term><filename class='libraryfile'>libldap_r.{so,a}</filename></term>
573	<listitem>
574	<para>contains the functions required by the LDAP programs to
575	produce the results from LDAP requests.</para>
576	<indexterm zone="openldap libldap_r">
577	<primary sortas="c-libldap_r">libldap_r.{so,a}</primary>
578	</indexterm>
579	</listitem>
580	</varlistentry>
581
582	</variablelist>
583
584	</sect2>
585
586	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: server/other/openldap.xml@ f70688a

Download in other formats: