OpenLDAP: Difference between revisions
From CBLFS
Jump to navigationJump to search
| Line 217: | Line 217: | ||
{{Note|The bootscript '''openldap1''' only starts slapd. '''openldap2''' starts slapd and slurpd.}} | {{Note|The bootscript '''openldap1''' only starts slapd. '''openldap2''' starts slapd and slurpd.}} | ||
=== Populating the Directory === | |||
Before continuing with the following, start the ldap service: | |||
/etc/rc.d/init.d/openldap start | |||
Creating an initial LDIF: | |||
cat > entries.ldif << "EOF" | |||
# Organization for Example Corporation | |||
dn: ''dc=example,dc=com'' | |||
objectClass: dcObject | |||
objectClass: organization | |||
dc: ''example'' | |||
o: ''Example Corporation'' | |||
description: ''The Example Corperation'' | |||
# Organizational Role for Directory Manager | |||
dn: cn=Manager,''<BASEDN>'' | |||
objectClass: organizationalRole | |||
cn: Manager | |||
description: Directory Manager | |||
EOF | |||
Revision as of 19:40, 12 November 2008
| Download Source: | ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.19.tgz |
|---|
Introduction to OpenLDAP
The OpenLDAP package provides an open source implementation of the Lightweight Directory Access Protocol.
Project Homepage: http://www.openldap.org/
Note
This page contains instructions to compile a OpenLDAP Server, Most of the time it is only the client libraries that are required, you can find this information on the OpenLDAP-Client page.
Dependencies
Required
- Berkeley DB or GDBM
Recommended
Optional
Configuration Information
If you really want to build OpenLDAP with GNU Database Manager instead of Berkeley DB, add the following flags to configure script:
--disable-bdb --disable-hdb --with-ldbm-api=gdbm
Non-Multilib
Compile the package:
CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
--libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
--enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
--enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
--enable-monitor=mod --enable-perl=mod --enable-relay=mod \
--enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
--enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make
Install the package
make install &&
ln -sv ../lib/openldap/slapd /usr/sbin/slapd &&
install -dv -m755 /usr/share/doc/openldap-2.4.19/{drafts,guide,rfc} &&
install -v -m644 doc/drafts/* /usr/share/doc/openldap-2.4.19/drafts &&
install -v -m644 doc/rfc/* /usr/share/doc/openldap-2.4.19/rfc &&
cp -Rv doc/guide/* /usr/share/doc/openldap-2.4.19/guide
Multilib
32Bit
Compile the package:
CC="gcc ${BUILD32}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
--libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
--enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
--enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
--enable-monitor=mod --enable-perl=mod --enable-relay=mod \
--enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
--enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make
Install the package
make install
N32
Compile the package:
CC="gcc ${BUILDN32}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
--libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
--enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
--enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
--enable-monitor=mod --enable-perl=mod --enable-relay=mod \
--enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
--enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make
Install the package
make install
64Bit
Compile the package:
CC="gcc ${BUILD64}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr \
--sysconfdir=/etc --libdir=/usr/lib64 --libexecdir=/usr/lib/openldap \
--localstatedir=/srv/ldap --disable-debug \
--enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
--enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
--enable-monitor=mod --enable-perl=mod --enable-relay=mod \
--enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
--enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make
Install the package
make install &&
ln -sv ../lib/openldap/slapd /usr/sbin/slapd &&
install -dv -m755 /usr/share/doc/openldap-2.4.19/{drafts,guide,rfc} &&
install -v -m644 doc/drafts/* /usr/share/doc/openldap-2.4.19/drafts &&
install -v -m644 doc/rfc/* /usr/share/doc/openldap-2.4.19/rfc &&
cp -Rv doc/guide/* /usr/share/doc/openldap-2.4.19/guide
Configuring
If you download the following schema files to the ldap schema directory you can remove the comments on the corresponding lines:
http://cross-lfs.org/~jciccone/ldap-schemas/krb5-kdc.schema http://cross-lfs.org/~jciccone/ldap-schemas/sudo.schema
Creating a basic slapd configuration file:
cat > /etc/openldap/slapd.conf << "EOF"
# Begin /etc/openldap/slapd.conf
# Schema Definitions
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/misc.schema
#include /etc/openldap/schema/krb5-kdc.schema
# The location of the PID file
pidfile /srv/ldap/run/slapd.pid
# List of arguments that will be passed to the server
argsfile /srv/ldap/run/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib/openldap/openldap
moduleload back_bdb.la
#moduleload back_ldap.la
#moduleload back_ldbm.la
#moduleload back_passwd.la
#moduleload back_shell.la
# Use crypt to hash the passwords
password-hash {crypt}
# If you wish to use cyrus-sasl to bind to
# Kerberos uncomment and configure the
# following lines
#sasl-realm <REALMNAME.COM>
#sasl-host <FQDN OF SASL SERVER>
# Define SSL and TLS properties (optional)
#TLSCertificateFile /etc/ssl/ldap.pem
#TLSCertificateKeyFile /etc/openldap/ldap-key.pem
#TLSCACertificateFile /etc/ssl/ldap.pem
#######################################################################
# Access Lists
#######################################################################
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to attrs=gecos,description,loginShell
by self write
access to *
by * read
by * search
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "<BASEDN>"
# By Default the rootdn always has complete access to the entire ldap directory
rootdn "cn=Manager,<BASEDN>"
rootpw <password hash>
directory "/srv/ldap/openldap-data"
# Indexes
index default pres,eq
index objectClass,uid,uidnumber,gidnumber,cn
index mail eq
# End /etc/openldap/slapd.conf
EOF
When creating the configuration file above replace <BASEDN> with your Base DN. eg. dc=cross-lfs,dc=org.
You can generate a password hash for the rootdn with the following command:
slappasswd -h {SHA}
Bootscript
Install the init script included in the bootscripts package.
make install-openldap1
Note
The bootscript openldap1 only starts slapd. openldap2 starts slapd and slurpd.
Populating the Directory
Before continuing with the following, start the ldap service:
/etc/rc.d/init.d/openldap start
Creating an initial LDIF:
cat > entries.ldif << "EOF" # Organization for Example Corporation dn: dc=example,dc=com objectClass: dcObject objectClass: organization dc: example o: Example Corporation description: The Example Corperation
# Organizational Role for Directory Manager dn: cn=Manager,<BASEDN> objectClass: organizationalRole cn: Manager description: Directory Manager EOF
