Five steps are necessary to install the server: Install the pre-required packages (if not already installed), Download the server, Unpack the software, Configure the Makefiles and Build the server.
To be fully LDAPv3 compliant, OpenLDAP clients and servers require installation of some aditional packages:
OpenSSL TLS libraries
Although some operating systems may provide these libraries as part of the base system or as an optional software component, OpenSSL often requires separate installation. OpenSSL is available from http://www.openssl.org
Kerberos Authentication Services
OpenLDAP clients and servers support Kerberos-based authentication services. In particular, OpenLDAP supports SASL/GSSAPI authentication mechanism using either Heimdal or MIT Kerberos V packages. If you desire to use Kerberos-based SASL/GSSAPI authentication, you should install either Heimdal or MIT Kerberos V. Heimdal Kerberos is available from http://www.pdc.kth.se/heimdal.
MIT Kerberos is available from http://web.mit.edu/kerberos/www. Use of strong authentication services, such as those provided by Kerberos, is highly recommended.
Cyrus's Simple Authentication and Security Layer Libraries
Although some operating systems may provide these libraries as part of the base system or as an optional software component, Cyrus SASL often requires separate installation. Cyrus SASL is available from http://asg.web.cmu.edu/sasl/sasl-library.html. Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries if preinstalled.
Database Software
OpenLDAP's slapd primary database backend, LDBM, requires a compatible database package for entry storage. LDBM is compatible with Sleepycat Software's BerkeleyDB (recommended) or with the Free Software Foundation's GNU Database Manager (GDBM). If neither of these packages are available at configure time, you will not be able build slapd with primary database backend support.
Your operating system may provide one of these two packages in the base system or as an optional software component. You may need to obtain the software and install it.
BerkeleyDB is available from Sleepycat Software's download page http://www.sleepycat.com/download.html. There are several versions available. At the time of this writing, the latest release, version 3.1, is recommended.
GDBM is available from FSF's download site ftp://ftp.gnu.org/pub/gnu/gdbm. At the time of this writing, version 1.8 is the latest release.
Threads
OpenLDAP is designed to take advantage of threads. OpenLDAP supports POSIX pthreads, Mach CThreads, and a number of other varieties. configure script will complain if it cannot find a suitable thread subsystem. If this occurs, please consult the Software - Installation - Platform Hints section of the OpenLDAP FAQ http://www.openldap.org/faq.
TCP Wrappers
slapd supports TCP wrappers (IP level access control filters) if preinstalled. Use of TCP wrappers or other IP-level access filters (such as those provided by an IP-level firewall) is recommended for servers containing non-public information.
There are two free distributed LDAP servers: University of Michigan LDAP server and OpenLDAP server. There's also the Netscape Directory Server, which is free only under some conditions (educational institutions get it free, for example).The OpenLDAP server is based on the latest version of the University of Michigan Server and there are mailing lists and additional documentation available for it. This document assumes that you are using the OpenLDAP server.
It's latest tar gzipped version is avaiable on the following address:
If you want to get the latest version of University of Michigan Server, go to this address:
ftp://terminator.rs.itd.umich.edu/ldap
To write this document, I used two versions of the OpenLDAP package : the latest stable version 1.2.11 and the newly released 2.0.4. My operating system is a Slackware Linux with kernel 2.2.13.
On the OpenLDAP site you can always find the latest development and stable versions of the OpenLDAP server. By the time this document was updated, the latest stable version was openldap-stable-20000704.tgz. The latest development version was openldap-2.0.4.tgz.
Now that you have the tar gzipped package on your local machine, you can unpack it.
First copy the package to a desirable directory, for example /usr/local.
Then use the following command:
tar xvzf openldap-stable.tgz
You can use this command too, as well:
gunzip openldap-stable.tgz | tar xvf -
There are several options that you should like to customize so you can build the best software to your site.
To configure the software you just need 2 steps:
In the file include/ldapconfig.h.edit you can set options like the location of the slapd and slurpd daemons. The file itself is well commented and it's default settings also reflect the most common administrator choices so, if you are in a hurry you can skip this step:
vi include/ldapconfig.h.edit
The OpenLDAP server sources are distributed with a configuration script for setting options like instalation directories, compiler and linker flags. Type the following command on the directory where you unpacked the software:
./configure --help
This will print all options that you can customize with the configure script before you build the software. Some usefull options are --prefix=pref , --exec-prefix=eprefix and
--bindir=dir, for setting instalation directories. Normally if you run configure without options, it will auto-detect the appropriate settings and prepar to build things on the default
common location. So just type:
./configure
And watch the output to see if all went well
After configuring the software you can start building it. First build the dependencies, using the command:
make depend
After build the server, using the command:
make
If all goes well, the server will build as configured. If not, return to the previous step to review the configuration settings. You should check the platform specific hints, they are located in the path doc/install/hints under the directory you unpacked the software.
Now install the binaries and man pages. You may need to be superuser to do this (depending on where you are installing things):
su
make install
That's all, now you have the binary of the server and the binaries of several other utilities. Go to the
next section to see how to configure the operation of your LDAP server.
The binary of the OpenLdap 2.0 server is called slapd. OpenLdap 2.0 was officially released on August, 30th and it comprises Ldap protocol v3, as defined on the RFC 2251.
The main features of OpenLDAP 2.0 are:
Note: There will be a document on the Linux Documentation Project (LDP) called LDAP Implementation HOWTO. This document will be a great resource for those who want to explore the new features of OpenLDAP 2.0. The date for it's release is around December 2000.
On the latest versions of the OpenLDAP package, it's also possible to test the recently built binaries. The package comes with a test script, which you can run using the command:
make test
If anything goes wrong with the script you can just abort it hitting Ctrl-C. In my case, the script stopped working before it's total completion. Anyway I still could see some successfull messages about my OpenLDAP configuration.