2 # Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
3 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
4 H1: Building and Installing OpenLDAP Software
6 This chapter details how to build and install the {{ORG:OpenLDAP}}
7 Software package including {{slapd}}(8), the stand-alone LDAP
8 daemon and {{slurpd}}(8), the stand-alone update replication daemon.
10 Building and installing OpenLDAP requires several steps: installing
11 prerequisite software, configuring OpenLDAP itself, making, and finally
12 installing. The following sections describe this process in detail.
14 In case you haven't already obtained OpenLDAP it is available at
15 the following location:
16 {{URL: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release.tgz}}.
18 The {{ORG[expand]OLP}} also maintains an extensive site
19 ({{URL:http://www.OpenLDAP.org/}}) on the World Wide Web. The site
20 makes available a number of resources which you may utilize to
21 properly install OpenLDAP Software. This includes:
23 !block table; align=Center; coltags="N,URL"; \
24 title="Table 4.1: Other OpenLDAP resources"
26 Document Catalog http://www.OpenLDAP.org/doc/
27 Frequently Asked Questions http://www.OpenLDAP.org/faq/
28 Issue Tracking System http://www.OpenLDAP.org/its/
29 Mailing Lists http://www.OpenLDAP.org/lists/
30 Software Pages http://www.OpenLDAP.org/software/
31 Support Page http://www.OpenLDAP.org/support/
34 H2: Prerequisite software
36 OpenLDAP Software relies upon a number of software packages distributed
37 by third parties. Depending on the features you intend to use,
38 you may have to download and install a number of additional
39 software packages. This section details commonly needed third party
40 software packages you might have to install. Note that some of
41 these third party packages may depend on additional software
42 packages. Install each package per installation instructions
45 H3: {{TERM[expand]TLS}}
47 OpenLDAP clients and servers require installation of {{PRD:OpenSSL}}
48 {{TERM:TLS}} libraries to provide {{TERM[expand]TLS}} services. Though
49 some operating systems may provide these libraries as part of the
50 base system or as an optional software component, OpenSSL often
51 requires separate installation.
53 OpenSSL is available from {{URL: http://www.openssl.org/}}.
55 OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's
56 {{EX:configure}} detects a usable OpenSSL installation.
59 H3: Kerberos Authentication Services
61 OpenLDAP clients and servers support Kerberos-based authentication
63 In particular, OpenLDAP supports {{TERM:SASL}}/{{TERM:GSSAPI}}
64 authentication mechanism using either {{PRD:Heimdal}} or
65 {{PRD:MIT Kerberos}} V packages.
66 If you desire to use Kerberos-based SASL/GSSAPI authentication,
67 you should install either Heimdal or MIT Kerberos V.
69 Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
70 MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
72 Use of strong authentication services, such as those provided by
73 Kerberos, is highly recommended.
76 H3: {{TERM[expand]SASL}}
78 OpenLDAP clients and servers require installation of {{PRD:Cyrus}}'s
79 {{PRD:SASL}} libraries to provide {{TERM[expand]SASL}} services. Though
80 some operating systems may provide this library as part of the
81 base system or as an optional software component, Cyrus SASL
82 often requires separate installation.
84 Cyrus SASL is available from
85 {{URL:http://asg.web.cmu.edu/sasl/sasl-library.html}}.
86 Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries
89 OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's
90 configure detects a usable Cyrus SASL installation.
95 OpenLDAP's {{slapd}}(8) primary database backend, {{TERM:LDBM}},
96 requires that a compatible database package for entry storage. LDBM
97 is compatible with {{ORG[expand]Sleepy}}'s {{PRD:BerkeleyDB}} (recommended)
98 or the {{ORG[expand]FSF}}'s {{PRD:GNU}} Database Manager ({{PRD:GDBM}}).
99 If neither of these packages are available at configure time,
100 you will not be able build slapd(8) with primary database backend.
102 Your operating system may provide one of these two packages in
103 in base system or as an optional software component. You may
104 need may need to obtain the software and install it yourself.
106 {{PRD:BerkeleyDB}} is available from {{ORG[expand]Sleepy}}'s
107 download page {{URL: http://www.sleepycat.com/download.html}}.
108 There are several versions available. At the time of this writing,
109 the latest release, version 3.1, is recommended.
111 {{PRD:GDBM}} is available from {{ORG:FSF}}'s download site
112 {{URL: ftp://ftp.gnu.org/pub/gnu/gdbm/}}.
113 At the time of this writing, version 1.8 is the latest release.
118 OpenLDAP is designed to take advantage of threads. OpenLDAP
119 supports POSIX {{pthreads}}, Mach {{CThreads}}, and a number of
120 other varieties. {{EX:configure}} will complain if it cannot
121 find a suitable thread subsystem. If this occurs, please
122 consult the {{F:Software|Installation|Platform Hints}} section
123 of the OpenLDAP FAQ {{URL: http://www.openldap.org/faq/}}.
128 {{slapd}}(8) supports TCP wrappers (IP level access control filters)
129 if preinstalled. Use of TCP wrappers or other IP level access
130 filters (such as those provided by a IP-level firewall) is recommended
131 for servers containing non-public information.
134 H2: Running configure
136 If you haven't already done so, extra the distribution for the
137 compressed archive file and change directory to the top of the
140 .{{EX:gunzip -c openldap-VERSION.tgz | tar xf -}}
141 .{{EX:cd openldap-VERSION}}
143 Replacing {{EX:VERSION}} with the appropriate version string.
145 Note: If you intend to build OpenLDAP for multiple platforms from a
146 single source tree you should consult the {{F: INSTALL}} file in the
147 top level distribution directory before running {{EX:configure}}.
149 Now you should probably run the {{EX:configure}} script with the
150 {{EX:--help}} option.
151 This will give you a list of options that you can change when building
152 OpenLDAP. Many of the features of OpenLDAP can be enabled or disabled
153 using this method. Please see the appendix for a more detailed list
154 of configure options, and their usage.
155 .{{EX:./configure --help}}
157 The {{EX:configure}} script will also look at certain environment variables
158 for certain settings. These environment variables are:
160 !block table; align=Center; coltags="EX,N"; title="Table 4.1: Environment Variables"
162 CC Specify alternative C Compiler
163 CFLAGS Specify additional compiler flags
164 CPPFLAGS Specify C Preprocessor flags
165 LDFLAGS Specify linker flags
166 LIBS Specify additional libraries
169 Now run the configure script with any desired configure options or
170 environment variables.
172 > [[env] settings] ./configure [options]
174 As an example, lets assume that we want a copy of OpenLDAP configured to use the
175 LDBM backend, and the shell backend. The LDBM backend is turned on by default, so we don't need to do anything special to enable it.
177 Additionally, we've installed the BerkeleyDB database package.
178 {{EX:configure}} is smart enough to use BerkeleyDB automatically
179 if it can find it, but BerkeleyDB is installed by default in a
180 place {{EX:configure}} won't look at automatically. BerkeleyDB
181 is usually installed in {{F:/usr/local/BerkeleyDB.3.1}} (assuming
182 that version 3.1 is being used.)
184 The following example shows how to run {{EX:configure}} and specify where to
185 find BerkeleyDB and turn on the DNS-SRV backend. The example should be
186 entered on a single line (it has been split onto separate lines for clarity.)
188 > env CPPFLAGS="-I/usr/local/BerkeleyDB.3.1/include" \
189 > LDFLAGS="-L/usr/local/BerkeleyDB.3.1/lib" \
190 > ./configure --enable-dnssrv
192 Note: Some shells, such as those derived from the Bourne {{sh}}(1),
193 do not require use of the {{env}}(1) command. In some cases, environmental
194 variables have to be specified using alternative syntaxes.
196 For more information on backends see the chapter on configuration.
198 The {{EX:configure}} script will normally auto-detect appropriate settings.
199 If you have problems at this stage, consult any platform specific
200 hints and check your {{EX:configure}} options if any.
203 H2: Building the Software
205 Once you have run the {{EX:configure}} script the last line of output
207 > Please "make depend" to build dependencies
209 If the last line of output does not match, {{EX:configure}} has failed.
210 You should not proceed until {{EX:configure}} completes successfully.
212 To build dependencies, run:
215 Now build the software, this step will actually compile OpenLDAP.
218 You should examine the output of this command carefully to make sure
219 everything is built correctly. Note that this command builds the LDAP
220 libraries and associated clients as well as {{slapd}}(8) and {{slurpd}}(8).
223 H2: Testing the Software
225 Once the software has been properly configured and successfully
226 made, you should run the test suite to verify the build.
230 The test will run a number of tests.
233 H2: Installing the Software
235 One you have successfully tested the software, you are ready to install it.
236 You will need to have write permission
237 to the installation directories you specified when you ran configure.
238 By default OpenLDAP is installed in {{F:/usr/local}}. If you changed this
239 setting with the {{F:--prefix}} configure option, it will be installed
240 in the location you provided.
242 Typically, the installation is done as {{root}}. From the top level OpenLDAP
243 source directory, type:
247 You should examine the output of this command carefully to make sure
248 everything is installed correctly. You will find the configuration files
249 for slapd in {{F:/usr/local/etc/openldap}} by default. See the
250 {{SECT:The slapd Configuration File}} chapter for additional information.