OpenLDAP

From CBLFS
Revision as of 17:59, 12 November 2008 by Jciccone (talk | contribs) (Configuring)
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Download Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.19.tgz

Introduction to OpenLDAP

The OpenLDAP package provides an open source implementation of the Lightweight Directory Access Protocol.

Project Homepage: http://www.openldap.org/

Note

This page contains instructions to compile a OpenLDAP Server, Most of the time it is only the client libraries that are required, you can find this information on the OpenLDAP-Client page.

Dependencies

Required

Optional

Configuration Information

If you really want to build OpenLDAP with GNU Database Manager instead of Berkeley DB, add the following flags to configure script: 

--disable-bdb --disable-hdb --with-ldbm-api=gdbm

Non-Multilib

Compile the package: 

CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make

Install the package 

make install &&
ln -sv ../lib/openldap/slapd /usr/sbin/slapd &&
install -dv -m755 /usr/share/doc/openldap-2.4.19/{drafts,guide,rfc} &&
install -v -m644 doc/drafts/* /usr/share/doc/openldap-2.4.19/drafts &&
install -v -m644 doc/rfc/*    /usr/share/doc/openldap-2.4.19/rfc &&
cp -Rv doc/guide/*          /usr/share/doc/openldap-2.4.19/guide

Multilib

32Bit

Compile the package: 

CC="gcc ${BUILD32}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make

Install the package 

make install

N32

Compile the package: 

CC="gcc ${BUILDN32}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make

Install the package 

make install

64Bit

Compile the package: 

CC="gcc ${BUILD64}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr \
    --sysconfdir=/etc --libdir=/usr/lib64 --libexecdir=/usr/lib/openldap \
    --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
make

Install the package 

make install &&
ln -sv ../lib/openldap/slapd /usr/sbin/slapd &&
install -dv -m755 /usr/share/doc/openldap-2.4.19/{drafts,guide,rfc} &&
install -v -m644 doc/drafts/* /usr/share/doc/openldap-2.4.19/drafts &&
install -v -m644 doc/rfc/* /usr/share/doc/openldap-2.4.19/rfc &&
cp -Rv doc/guide/* /usr/share/doc/openldap-2.4.19/guide

Configuring

If you download the following schema files to the ldap schema directory you can remove the comments on the corresponding lines: 

http://cross-lfs.org/~jciccone/ldap-schemas/krb5-kdc.schema
http://cross-lfs.org/~jciccone/ldap-schemas/sudo.schema

Creating a basic slapd configuration file: 

cat > /etc/openldap/slapd.conf << "EOF"
# Begin /etc/openldap/slapd.conf

# Schema Definitions
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/misc.schema
#include /etc/openldap/schema/krb5-kdc.schema

# The location of the PID file
pidfile /srv/ldap/run/slapd.pid

# List of arguments that will be passed to the server
argsfile /srv/ldap/run/slapd.args

# Load dynamic backend modules:
modulepath /usr/lib/openldap/openldap
moduleload back_bdb.la
#moduleload back_ldap.la
#moduleload back_ldbm.la
#moduleload back_passwd.la
#moduleload back_shell.la

# Use crypt to hash the passwords
password-hash {crypt}

# If you wish to use cyrus-sasl to bind to
# Kerberos uncomment and configure the
# following lines
#sasl-realm <REALMNAME.COM>
#sasl-host <FQDN OF SASL SERVER>

# Define SSL and TLS properties (optional)
#TLSCertificateFile /etc/ssl/ldap.pem
#TLSCertificateKeyFile /etc/openldap/ldap-key.pem
#TLSCACertificateFile /etc/ssl/ldap.pem 

#######################################################################
# Access Lists
#######################################################################

access to attrs=userPassword
  by self write
  by anonymous auth
  by * none

access to attrs=gecos,description,loginShell
  by self write

access to *
# Uncomment the following line if you're utilizing SASL/Kerberos
# by "dn="uid=ldapadm.+\+realm=<REALMNAME.COM>" write"
  by * read
  by * search

#######################################################################
# BDB database definitions
#######################################################################

database bdb
suffix "<BASEDN>"

# By Default the rootdn always has complete access to the entire ldap directory
rootdn "cn=Manager,<BASEDN>"
rootpw <password hash>

directory "/srv/ldap/openldap-data"

# Indexes
index default pres,eq
index objectClass,uid,uidnumber,gidnumber,cn
index mail eq

# End /etc/openldap/slapd.conf
EOF

When creating the configuration file above replace <BASEDN> with your Base DN. eg. dc=cross-lfs,dc=org.

You can generate a password hash for the rootdn with the following command: 

slappasswd -h {SHA}

Bootscript

Install the init script included in the bootscripts package. 

make install-openldap1

Note

The bootscript openldap1 only starts slapd. openldap2 starts slapd and slurpd.
Retrieved from "?title=OpenLDAP&oldid=16010"