Changeset c9ae3a5c


Ignore:
Timestamp:
08/06/2004 05:17:43 AM (18 years ago)
Author:
Randy McMurchy <randy@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, krejzi/svn, lazarus, nosym, perl-modules, plabs/python-mods, qt5new, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/soup3, xry111/test-20220226
Children:
5f102cb2
Parents:
926645ee
Message:

Updated to OpenLDAP-2.2.13

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2571 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • general.ent

    r926645ee rc9ae3a5c  
    1 <!ENTITY day          "05">
     1<!ENTITY day          "06">
    22<!ENTITY month        "08">
    33<!ENTITY year         "2004">
     
    203203<!-- openssh (chapter 18) -->       
    204204<!-- rsync (chaptet 18) -->         
    205 <!ENTITY openldap-version             "2.1.30">
     205<!ENTITY openldap-version             "2.2.13">
    206206<!ENTITY samba3-version               "3.0.4">
    207207<!ENTITY xinetd-version               "2.3.13">
  • introduction/welcome/changelog.xml

    r926645ee rc9ae3a5c  
    1919<itemizedlist>
    2020
     21<listitem><para>August 5th, 2004 [randy]: Updated to
     22OpenLDAP-2.2.13.</para></listitem>
     23
    2124<listitem><para>August 5th, 2004 [igor]: Updated to
    2225Firefox-0.9.3.</para></listitem>
  • server/other/openldap.xml

    r926645ee rc9ae3a5c  
    55  %general-entities;
    66
    7 <!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-release/openldap-&openldap-version;.tgz">
    8 <!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-&openldap-version;.tgz">
    9 <!ENTITY openldap-size "2.0 MB">
    10 <!ENTITY openldap-buildsize "116 MB">
    11 <!ENTITY openldap-time "7.52 SBU">
    12 
     7<!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-stable/openldap-stable-20040614.tgz">
     8<!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-stable/openldap-stable-20040614.tgz">
     9<!ENTITY openldap-size "2.6 MB">
     10<!ENTITY openldap-buildsize "70 MB">
     11<!ENTITY openldap-time "6.02 SBU">
    1312]>
    1413
    1514<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
    1615<?dbhtml filename="openldap.html"?>
    17 <title>Open<acronym>LDAP</acronym>-&openldap-version;</title>
    18 
    19 <sect2>
    20 <title>Introduction to <application>Open<acronym>LDAP</acronym></application></title>
     16<title><application>Open<acronym>LDAP</acronym></application>-&openldap-version;
     17</title>
     18
     19<sect2>
     20<title>Introduction to <application>Open<acronym>LDAP</acronym></application>
     21</title>
    2122
    2223<para>The <application>Open<acronym>LDAP</acronym></application> package
     
    3334</sect3>
    3435
    35 <sect3><title><application>Open<acronym>LDAP</acronym></application> dependencies</title>
     36<sect3><title><application>Open<acronym>LDAP</acronym></application>
     37dependencies</title>
    3638<sect4><title>Required</title>
    3739<para><xref linkend="db"/>
    3840</para></sect4>
     41<sect4><title>Recommended</title>
     42<para><xref linkend="cyrus-sasl"/> and <xref linkend="openssl"/>
     43</para></sect4>
    3944<sect4><title>Optional</title>
    4045<para>
    41 <xref linkend="openssl"/>,
    42 <xref linkend="gdbm"/>,
    43 <xref linkend="tcpwrappers"/>,
    44 <xref linkend="cyrus-sasl"/> and
     46<xref linkend="tcpwrappers"/>,
     47<xref linkend="gdbm"/>,
     48<ulink url="http://www.gnu.org/software/pth/">GNU Pth</ulink>, and
    4549<xref linkend="heimdal"/> or
    4650<xref linkend="mitkrb"/>
     
    5155
    5256<sect2>
    53 <title>Installation of <application>Open<acronym>LDAP</acronym></application></title>
     57<title>Installation of <application>Open<acronym>LDAP</acronym></application>
     58</title>
    5459
    5560<para>Install <application>Open<acronym>LDAP</acronym></application> by
     
    5762
    5863<screen><userinput><command>./configure --prefix=/usr --libexecdir=/usr/sbin \
    59     --sysconfdir=/etc --localstatedir=/var/lib \
    60     --disable-debug --enable-ldbm &amp;&amp;
     64    --sysconfdir=/etc --localstatedir=/srv/ldap \
     65    --enable-ldbm --disable-debug &amp;&amp;
    6166make depend &amp;&amp;
    6267make &amp;&amp;
    6368make test &amp;&amp;
    64 make install</command></userinput></screen>
     69make install &amp;&amp;
     70chmod 755 /usr/lib/libl*-2.2.so.7.0.6</command></userinput></screen>
    6571
    6672</sect2>
     
    6975<title>Command explanations</title>
    7076
    71 <para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file directory to
    72 avoid the default of <filename class="directory">/usr/etc</filename>.</para>
    73 
    74 <para><parameter>--libexecdir=/usr/sbin</parameter>: Puts the server executables in
    75 <filename class="directory">/usr/sbin</filename> instead of <filename
    76 class="directory">/usr/libexec</filename>.</para>
     77<para><parameter>--libexecdir=/usr/sbin</parameter>: Puts the server
     78executables in <filename class="directory">/usr/sbin</filename> instead of
     79<filename class="directory">/usr/libexec</filename>.</para>
     80
     81<para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration file
     82directory to avoid the default of
     83<filename class="directory">/usr/etc</filename>.</para>
     84
     85<para><parameter>--localstatedir=/srv/ldap</parameter>: Sets the directory
     86to use for the <acronym>LDAP</acronym> directory database, replication logs and
     87run-time variable data.</para>
    7788
    7889<para><option>--enable-ldbm</option>: Build <command>slapd</command>
    7990with primary database back end using either <application>Berkeley
    80 DB</application> or
    81 <application><acronym>GNU</acronym> Database Manager</application>.</para>
    82 
    83 <para><option>--disable-debug</option>: Disable debugging code.</para> 
    84 
    85 <para><command>make test</command>: Validate correct build of the package.</para> 
    86 
    87 </sect2>
    88 
    89 <sect2>
    90 <title>Configuring Open<acronym>LDAP</acronym></title>
     91DB</application> or <application><acronym>GNU</acronym> Database
     92Manager</application>.</para>
     93
     94<para><option>--disable-debug</option>: Disable debugging code.</para>
     95
     96<para><command>make test</command>: Validate correct build of the package. If
     97you've enabled <application>tcp_wrappers</application>, ensure you add
     98127.0.0.1 to your <filename>/etc/hosts.allow</filename> file if you have a
     99restrictive <filename>/etc/hosts.deny</filename> file.</para>
     100
     101<para><command>chmod 755 /usr/lib/libl*-2.2.so.7.0.6</command>: This command
     102adds the executable bit to the shared libraries.</para>
     103
     104</sect2>
     105
     106<sect2>
     107<title>Configuring <application>Open<acronym>LDAP</acronym></application>
     108</title>
    91109
    92110<sect3><title>Config files</title>
     
    95113
    96114<sect3><title>Configuration Information</title>
    97 
    98 <para>The only configuration needed for
    99 <application>Open<acronym>LDAP</acronym></application> is
    100 to run <command>ldconfig</command>. The <acronym>LDAP</acronym> server
    101 can be started by <command>/usr/sbin/slapd</command> as described in
    102 the man page slapd(8). You can verify that <acronym>LDAP</acronym> is
    103 running with <command>ps aux</command> and you can verify access to the
    104 <acronym>LDAP</acronym> server with the following command:</para>
     115<para>Configuring the <command>slapd</command> and <command>slurpd</command>
     116servers can be complex. Securing the <acronym>LDAP</acronym> directory,
     117especially if you are storing non-public data such as password databases,
     118can also be a challenging task. You'll need to modify the
     119<filename>/etc/openldap/slapd.conf</filename> and
     120<filename>/etc/openldap/ldap.conf</filename> files to set up
     121<application>Open<acronym>LDAP</acronym></application> for your particular
     122needs.</para>
     123
     124<para>Resources to assist you with topics such as choosing a directory
     125configuration, backend and database definitions, access control settings,
     126running as a user other than root and setting a <command>chroot</command>
     127environment include:
     128</para>
     129
     130<itemizedlist spacing='compact'>
     131<listitem><para>The <command>slapd</command> man page</para></listitem>
     132<listitem><para>The <filename>slapd.conf</filename> man page</para></listitem>
     133<listitem><para>The <ulink
     134url="http://www.openldap.org/doc/admin22/">OpenLDAP 2.2 Administrator's
     135Guide</ulink></para></listitem>
     136<listitem><para>Documents located at
     137<ulink url="http://www.openldap.org/pub/"/></para></listitem>
     138</itemizedlist></sect3>
     139
     140<sect3><title>Utilizing <application>GDBM</application></title>
     141<para>To utilize <application>GDBM</application> as the database
     142backend, the <quote>database</quote> entry in
     143<filename>/etc/openldap/slapd.conf</filename> must be changed from
     144<quote>bdb</quote> to <quote>ldbm</quote>. You can use both by creating an
     145additional database section in <filename>/etc/openldap/slapd.conf</filename>.
     146</para></sect3>
     147
     148<sect3><title><application>Mozilla</application> Address Directory</title>
     149<para>By default, <acronym>LDAP</acronym>v2 support is disabled in the
     150<filename>slapd.conf</filename> file. Once the database is properly
     151set up and <application>Mozilla</application> is configured to use the
     152directory, you must add <option>allow bind_v2</option> to the
     153<filename>slapd.conf</filename> file.</para></sect3>
     154
     155<sect3><title>Init Script</title>
     156<para>To automate the startup of the <acronym>LDAP</acronym> server at system
     157bootup, install the <filename>/etc/rc.d/init.d/openldap</filename> init script
     158included in the <xref linkend="intro-important-bootscripts"/> package using the
     159following command:</para>
     160
     161<screen><userinput><command>make install-openldap1</command></userinput></screen>
     162
     163<para><emphasis>Note:</emphasis> The init script you just installed only starts
     164the <command>slapd</command> daemon. If you wish to also start the
     165<command>slurpd</command> daemon at system startup, install a modified version
     166of the script using this command:</para>
     167
     168<screen><userinput><command>make install-openldap2</command></userinput></screen>
     169</sect3>
     170
     171<sect3><title>Testing the Configuration</title>
     172<para>Start the <acronym>LDAP</acronym> server using the init script:</para>
     173
     174<screen><userinput><command>/etc/rc.d/init.d/openldap start</command></userinput></screen>
     175
     176<para>Verify access to the <acronym>LDAP</acronym> server with the following
     177command:</para>
     178
    105179<screen><userinput><command>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</command></userinput></screen>
    106180
    107 <para>The correct result is:</para>
     181<para>The expected result is:</para>
    108182<screen><computeroutput># extended LDIF
    109183#
     
    125199# numEntries: 1</computeroutput></screen>
    126200
    127 <para>Kill the server with this command:</para>
    128 <screen><userinput><command>kill -INT `cat /var/lib/slapd.pid`</command></userinput></screen>
    129 
    130 <para>You are now ready to modify the
    131 <filename>/etc/openldap/slapd.conf</filename> to be specific to your
    132 installation.</para>
    133 
    134 <para><emphasis>Utilizing <application>GDBM</application></emphasis></para>
    135 
    136 <para>To utilize <application>GDBM</application> as the database
    137 backend, the "database" entry in <filename>/etc/openldap/slapd.conf</filename>
    138 must be changed from "bdb" to "ldbm".  You can use both by creating an
    139 additional database section in <filename>/etc/openldap/slapd.conf</filename>.</para>
    140 
    141 <para><emphasis>Securing your <acronym>LDAP</acronym> server</emphasis></para>
    142 
    143 <para>Significant configuration is needed for
    144 <application>Open<acronym>LDAP</acronym></application> to utilize
    145 security features.  The <ulink
    146 url="http://www.openldap.org/doc/admin21/">OpenLDAP 2.1 Administrator's
    147 Guide</ulink> is a good place to start for access control settings,
    148 running as a user other than root and setting a chroot environment.</para>
    149 
    150 <para><emphasis>User Tools</emphasis></para>
    151 
    152 <para>Data can be added to the <acronym>LDAP</acronym> database via
    153 <command>ldapadd</command>. There are other programs that can use
    154 the database. For more information see the appropriate man page.</para>
    155 
    156 <para><emphasis><application>Mozilla</application> Address Directory</emphasis></para>
    157 
    158 <para>By default, LDAPv2 support is disabled in the
    159 <filename>slapd.conf</filename> file. Once the database is properly
    160 setup and <application>Mozilla</application> is configured to use the
    161 directory, you must add <option>allow bind_v2</option> to the
    162 <filename>slapd.conf</filename> file.</para>
    163 
    164 
    165 </sect3>
    166 
     201</sect3>
    167202</sect2>
    168203
     
    170205<title>Contents</title>
    171206
    172 <para>The Open<acronym><acronym>LDAP</acronym></acronym> package contains
     207<para>The Open<acronym>LDAP</acronym> package contains
    173208<command>ldapadd</command>,
    174209<command>ldapcompare</command>,
     
    182217<command>slapcat</command>,
    183218<command>slapd</command>,
     219<command>slapdn</command>,
    184220<command>slapindex</command>,
    185221<command>slappasswd</command>,
     222<command>slaptest</command>,
    186223<command>slurpd</command>,
    187 <filename class="libraryfile">liblber</filename> and
    188 <filename class="libraryfile">libldap</filename>.</para>
     224<filename class="libraryfile">liblber</filename> and the
     225<filename class="libraryfile">libldap</filename> libraries.</para>
    189226
    190227</sect2>
     
    193230
    194231<sect3><title>ldapadd</title>
    195 <para><command>ldapadd</command> opens a connection to an <acronym>LDAP</acronym> server,
    196 binds and adds entries.</para></sect3>
     232<para><command>ldapadd</command> opens a connection to an
     233<acronym>LDAP</acronym> server, binds and adds entries.</para></sect3>
    197234
    198235<sect3><title>ldapcompare</title>
    199 <para><command>ldapcompare</command> opens a connection to an <acronym>LDAP</acronym>
    200 server, binds and performs a compare using specified
     236<para><command>ldapcompare</command> opens a connection to an
     237<acronym>LDAP</acronym> server, binds and performs a compare using specified
    201238parameters.</para></sect3>
    202239
    203240<sect3><title>ldapdelete</title>
    204 <para><command>ldapdelete</command> opens a connection to an <acronym>LDAP</acronym> server,
    205 binds and deletes one or more entries.</para></sect3>
     241<para><command>ldapdelete</command> opens a connection to an
     242<acronym>LDAP</acronym> server, binds and deletes one or more entries.</para>
     243</sect3>
    206244
    207245<sect3><title>ldapmodify</title>
    208 <para><command>ldapmodify</command> opens a connection to an <acronym>LDAP</acronym>
    209 server, binds and modifies entries.</para></sect3>
     246<para><command>ldapmodify</command> opens a connection to an
     247<acronym>LDAP</acronym> server, binds and modifies entries.</para></sect3>
    210248
    211249<sect3><title>ldapmodrdn</title>
    212 <para><command>ldapmodrdn</command> opens a connection to an <acronym>LDAP</acronym>
    213 server, binds and modifies the <acronym>RDN</acronym> of
    214 entries.</para></sect3>
     250<para><command>ldapmodrdn</command> opens a connection to an
     251<acronym>LDAP</acronym> server, binds and modifies the
     252<acronym>RDN</acronym> of entries.</para></sect3>
    215253
    216254<sect3><title>ldappasswd</title>
     
    219257
    220258<sect3><title>ldapsearch</title>
    221 <para><command>ldapsearch</command> opens a connection to an <acronym>LDAP</acronym>
    222 server, binds and performs a search using specified
     259<para><command>ldapsearch</command> opens a connection to an
     260<acronym>LDAP</acronym> server, binds and performs a search using specified
    223261parameters.</para></sect3>
    224262
    225263<sect3><title>ldapwhoami</title>
    226 <para><command>ldapwhoami</command> open a connection to an <acronym>LDAP</acronym> server,
    227 binds and performs a whoami operation.</para></sect3>
     264<para><command>ldapwhoami</command> opens a connection to an
     265<acronym>LDAP</acronym> server, binds and displays whoami information.</para>
     266</sect3>
    228267
    229268<sect3><title>slapadd</title>
    230269<para><command>slapadd</command> is used to add entries specified in
    231 <acronym>LDAP</acronym> Directory Interchange Format (<acronym>LDIF</acronym>) to a
    232 slapd database.</para></sect3>
     270<acronym>LDAP</acronym> Directory Interchange Format (<acronym>LDIF</acronym>)
     271to an <acronym>LDAP</acronym> database.</para></sect3>
    233272
    234273<sect3><title>slapcat</title>
     
    238277
    239278<sect3><title>slapd</title>
    240 <para><command>slapd</command> is the stand-alone <acronym>LDAP</acronym> server.</para></sect3>
     279<para><command>slapd</command> is the stand-alone <acronym>LDAP</acronym>
     280server.</para></sect3>
     281
     282<sect3><title>slapdn</title>
     283<para><command>slapdn</command> checks a list of string-represented
     284<acronym>DN</acronym>s based on schema syntax.</para></sect3>
    241285
    242286<sect3><title>slapindex</title>
     
    248292utility.</para></sect3>
    249293
     294<sect3><title>slaptest</title>
     295<para><command>slaptest</command> checks the sanity of the
     296<filename>slapd.conf</filename> file.</para></sect3>
     297
    250298<sect3><title>slurpd</title>
    251299<para><command>slurpd</command> is the stand-alone
     
    253301
    254302<sect3><title>liblber and libldap</title>
    255 <para>These libraries support the <acronym>LDAP</acronym> programs and provide functionality for
    256 other programs interacting with <acronym>LDAP</acronym>.</para></sect3>
     303<para>These libraries support the <acronym>LDAP</acronym> programs and provide
     304functionality for other programs interacting with <acronym>LDAP</acronym>.
     305</para></sect3>
    257306
    258307</sect2>
Note: See TracChangeset for help on using the changeset viewer.