2 # Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
3 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
4 H1: Building and Installing OpenLDAP Software
6 This chapter details how to build and install the {{ORG:OpenLDAP}}
7 Software package including {{slapd}}(8), the stand-alone LDAP
8 daemon and {{slurpd}}(8), the stand-alone update replication daemon.
10 Building and installing OpenLDAP requires several steps: installing
11 prerequisite software, configuring OpenLDAP itself, making, and finally
12 installing. The following sections describe this process in detail.
14 In case you haven't already obtained OpenLDAP it is available at the following
15 location: {{URL: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release.tgz}}
17 The {{ORG[expand]OLP}} also maintains an extensive site
18 ({{URL:http://www.OpenLDAP.org/}}) on the World Wide Web. The site
19 makes available a number of resources which you may utilize to
20 properly install OpenLDAP Software. This includes:
22 !block table; align=Center; coltags="N,URL"; \
23 title="Table 4.1: Other OpenLDAP resources"
25 Documentation Catalog http://www.OpenLDAP.org/doc/
26 Frequently Asked Questions http://www.OpenLDAP.org/faq/
27 Issue Tracking System http://www.OpenLDAP.org/its/
28 Mailing Lists http://www.OpenLDAP.org/lists/
29 Software Pages http://www.OpenLDAP.org/software/
30 Support Page http://www.OpenLDAP.org/support/
33 H2: Prerequisite software
35 OpenLDAP relies a number of software packages distributed by third
36 parties. Depending on the features you intend to use, you may have
37 to download and install a number of additional software packages.
38 This section details commonly needed third party software packages
39 you might have to install. Note that some of these third party
40 packages may depend on additional software packages. Install each
41 package per installation instructions provided with it.
43 H3: {{TERM[expand]TLS}}
45 OpenLDAP clients and servers require installation of {{PRD:OpenSSL}}
46 {{TERM:TLS}} libraries to provide {{TERM[expand]TLS}} services. Though
47 some operating systems may provide these libraries as part of the
48 base system or as an optional software component, OpenSSL often
49 requires separate installation.
51 OpenSSL is available from {{URL: http://www.openssl.org/}}.
53 OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's
54 {{EX:configure}} detects a usable OpenSSL installation.
56 H3: Kerberos Authentication Services
58 OpenLDAP clients and servers support Kerberos based authentication
60 In particular, OpenLDAP supports {{TERM:SASL}}/{{TERM:GSSAPI}} based
61 authentication using either {{PRD:Heimdal}} or {{PRD:MIT Kerberos}}
63 If you desire to use Kerberos based authentication, you should
64 install either Heimdal or MIT Kerberos V.
66 Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
67 MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
69 Use of strong authentication services, such as those provided by
70 Kerberos, is highly recommended.
72 H3: {{TERM[expand]SASL}}
74 OpenLDAP clients and servers require installation of {{PRD:Cyrus}}
75 SASL libraries to provide {{TERM[expand]SASL}} services. Though
76 some operating systems may provide this library as part of the
77 base system or as an optional software component, Cyrus SASL
78 often requires separate installation.
80 Cyrus SASL is available from {{URL:http://asg.cmu.edu/cyrus/sasl/}}.
81 Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries
84 OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's
85 configure detects a usable Cyrus SASL installation.
89 OpenLDAP's {{slapd}}(8) primary database backend, {{TERM:LDBM}},
90 requires that a compatible database package for entry storage. LDBM
91 is compatible with {{ORG[expand]Sleepy}}'s {{PRD:BerkeleyDB}} (recommended)
92 or the {{ORG[expand]FSF}}'s {{PRD:GNU}} Database Manager ({{PRD:GDBM}}).
93 If neither of these packages are available at configure time,
94 you will not be able build slapd(8) with primary database backend.
96 Your operating system may provide one of these two packages in
97 in base system or as an optional software component. You may
98 need may need to obtain the software and install it yourself.
100 {{PRD:BerkeleyDB}} is available from {{ORG[expand]Sleepy}}'s
101 download page {{URL: http://www.sleepycat.com/download.html}}.
102 There are several versions available. At the time of this writing,
103 the latest release, version 3.1, is recommended.
105 {{PRD:GDBM}} is available from {{ORG:FSF}}'s download site
106 {{URL: ftp://ftp.gnu.org/pub/gnu/gdbm/}}.
107 At the time of this writing, version 1.8 is the latest release.
111 OpenLDAP is designed to take advantage of threads. OpenLDAP
112 supports POSIX {{pthreads}}, Mach {{CThreads}}, and a number of
113 other varieties. {{EX:configure}} will complain if it cannot
114 find a suitable thread subsystem. If this occurs, please
115 consult the {{F:Software|Installation|Platform Hints}} section
116 of the OpenLDAP FAQ {{URL: http://www.openldap.org/faq/}}.
120 {{slapd}}(8) supports TCP wrappers (IP level access control filters)
121 if preinstalled. Use of TCP wrappers or other IP level access
122 filters (such as those provided by a IP-level firewall) is recommended
123 for servers containing non-public information.
126 H2: Configuring OpenLDAP
128 If you haven't already done so, extra the distribution for the
129 compressed archive file and change directory to the top of the
132 .{{EX:gunzip -c openldap-VERSION.tgz | tar xf -}}
133 .{{EX:cd openldap-VERSION}}
135 Replacing {{EX:VERSION}} with the appropriate version string.
137 Note: If you intend to build OpenLDAP for multiple platforms from a
138 single source tree you should consult the {{F: INSTALL}} file in the
139 top level distribution directory before running {{EX:configure}}.
141 Now you should probably run the {{EX:configure}} script with the
142 {{EX:--help}} option.
143 This will give you a list of options that you can change when building
144 OpenLDAP. Many of the features of OpenLDAP can be enabled or disabled
145 using this method. Please see the appendix for a more detailed list
146 of configure options, and their usage.
147 .{{EX:./configure --help}}
149 The {{EX:configure}} script will also look at certain environment variables
150 for certain settings. These environment variables are:
152 !block table; align=Center; coltags="EX,N"; title="Table 4.1: Environment Variables"
154 CC Specify alternative C Compiler
155 CFLAGS Specify additional compiler flags
156 CPPFLAGS Specify C Preprocessor flags
157 LDFLAGS Specify linker flags
158 LIBS Specify additional libraries
161 Now run the configure script with any desired configure options or
162 environment variables.
164 > [[env] settings] ./configure [options]
166 As an example, lets assume that we want a copy of OpenLDAP configured to use the
167 LDBM backend, and the shell backend. The LDBM backend is turned on by default, so we don't need to do anything special to enable it.
169 Additionally, we've installed the BerkeleyDB database package.
170 {{EX:configure}} is smart enough to use BerkeleyDB automatically
171 if it can find it, but BerkeleyDB is installed by default in a
172 place {{EX:configure}} won't look at automatically. BerkeleyDB
173 is usually installed in {{F:/usr/local/BerkeleyDB.3.1}} (assuming
174 that version 3.1 is being used.)
176 The following example shows how to run {{EX:configure}} and specify where to
177 find BerkeleyDB and turn on the DNS-SRV backend. The example should be
178 entered on a single line (it has been split onto separate lines for clarity.)
180 > env CPPFLAGS="-I/usr/local/BerkeleyDB.3.1/include" \
181 > LDFLAGS="-L/usr/local/BerkeleyDB.3.1/lib" \
182 > ./configure --enable-dnssrv
184 Note: Some shells, such as those derived from the Bourne {{sh}}(1),
185 do not require use of the {{env}}(1) command. In some cases, environmental
186 variables have to be specified using alternative syntaxes.
188 For more information on backends see the chapter on configuration.
190 The {{EX:configure}} script will normally auto-detect appropriate settings.
191 If you have problems at this stage, consult any platform specific
192 hints and check your {{EX:configure}} options if any.
194 H2: Building the Software
196 Once you have run the {{EX:configure}} script the last line of output
198 > Please "make depend" to build dependencies
200 If the last line of output does not match, {{EX:configure}} has failed.
201 You should not proceed until {{EX:configure}} completes successfully.
203 To build dependencies, run:
206 Now build the software, this step will actually compile OpenLDAP.
209 You should examine the output of this command carefully to make sure
210 everything is built correctly. Note that this command builds the LDAP
211 libraries and associated clients as well as {{slapd}}(8) and {{slurpd}}(8).
213 H2: Testing the Software
215 Once the software has been properly configured and successfully
216 made, you should run the test suite to verify the build.
220 The test will run a number of tests.
222 H2: Installing the Software
224 One you have successfully tested the software, you are ready to install it.
225 You will need to have write permission
226 to the installation directories you specified when you ran configure.
227 By default OpenLDAP is installed in {{F:/usr/local}}. If you changed this
228 setting with the {{F:--prefix}} configure option, it will be installed
229 in the location you provided.
231 Typically, the installation is done as {{root}}. From the top level OpenLDAP
232 source directory, type:
236 You should examine the output of this command carefully to make sure
237 everything is installed correctly. You will find the configuration files
238 for slapd in {{F:/usr/local/etc/openldap}} by default. See chapter 5 for more
239 information on the configuration files.