Difference between revisions of "OpenLDAP"

Introduction to OpenLDAP

The OpenLDAP package provides an open source implementation of the Lightweight Directory Access Protocol.

Project Homepage: http://www.openldap.org/

Note

This page contains instructions to compile a OpenLDAP Server, Most of the time it is only the client libraries that are required, you can find this information on the OpenLDAP-Client page.

Dependencies

Required

• Berkeley DB or GDBM

Recommended

• CyrusSASL
• OpenSSL

Optional

• TCP Wrappers
• unixODBC
• GMP
• GNU Pth
• OpenSLP

Configuration Information

If you really want to build OpenLDAP with GNU Database Manager instead of Berkeley DB, add the following flags to configure script:

--disable-bdb --disable-hdb --with-ldbm-api=gdbm

Non-Multilib

Compile the package:

CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make

Install the package

make install &&
ln -sv ../lib/openldap/slapd /usr/sbin/slapd &&
install -dv -m755 /usr/share/doc/openldap-2.4.19/{drafts,guide,rfc} &&
install -v -m644 doc/drafts/* /usr/share/doc/openldap-2.4.19/drafts &&
install -v -m644 doc/rfc/*    /usr/share/doc/openldap-2.4.19/rfc &&
cp -Rv doc/guide/*          /usr/share/doc/openldap-2.4.19/guide

Multilib

32Bit

Compile the package:

CC="gcc ${BUILD32}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make

Install the package

make install

N32

Compile the package:

CC="gcc ${BUILDN32}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make

Install the package

make install

64Bit

Compile the package:

CC="gcc ${BUILD64}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr \
    --sysconfdir=/etc --libdir=/usr/lib64 --libexecdir=/usr/lib/openldap \
    --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make

Install the package

make install &&
ln -sv ../lib/openldap/slapd /usr/sbin/slapd &&
install -dv -m755 /usr/share/doc/openldap-2.4.19/{drafts,guide,rfc} &&
install -v -m644 doc/drafts/* /usr/share/doc/openldap-2.4.19/drafts &&
install -v -m644 doc/rfc/* /usr/share/doc/openldap-2.4.19/rfc &&
cp -Rv doc/guide/* /usr/share/doc/openldap-2.4.19/guide

Configuring

Creating a basic slapd configuration file:

cat > /etc/openldap/slapd.conf << "EOF"
# Begin /etc/openldap/slapd.conf

# Schema Definitions
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/krb5-kdc.schema

# The location of the PID file
pidfile /srv/ldap/run/slapd.pid

# List of arguments that will be passed to the server
argsfile /srv/ldap/run/slapd.args

# Load dynamic backend modules:
modulepath /usr/lib/openldap/openldap
moduleload back_bdb.la
#moduleload back_ldap.la
#moduleload back_ldbm.la
#moduleload back_passwd.la
#moduleload back_shell.la

# Use crypt to hash the passwords
password-hash {crypt}

# If you wish to use cyrus-sasl to bind to
# Kerberos uncomment and configure the
# following lines
#sasl-realm <REALMNAME.COM>
#sasl-host <FQDN OF SASL SERVER>

# Define SSL and TLS properties (optional)
#TLSCertificateFile /etc/ssl/ldap.pem
#TLSCertificateKeyFile /etc/openldap/ldap-key.pem
#TLSCACertificateFile /etc/ssl/ldap.pem 

#######################################################################
# Access Lists
#######################################################################

access to attrs=userPassword
  by self write
  by anonymous auth
  by * none

access to attrs=gecos,description,loginShell
  by self write

access to *
  by * read
  by * search

#######################################################################
# BDB database definitions
#######################################################################

database bdb
suffix "<BASEDN>"

rootdn "cn=Manager,<BASEDN>"
rootpw <password hash>

directory "/srv/ldap/openldap-data"

# Indexes
index default pres,eq
index objectClass,uid,uidnumber,gidnumber,cn
index mail,mailalternateaddress,mailforwardingaddress eq

# End /etc/openldap/slapd.conf
EOF

Bootscript

Install the init script included in the bootscripts package.

make install-openldap1

Note

The bootscript openldap1 only starts slapd. openldap2 starts slapd and slurpd.