2 # Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
3 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
4 H1: Building and Installing OpenLDAP Software
6 This chapter details how to build and install the {{ORG:OpenLDAP}}
7 Software package including {{slapd}}(8), the stand-alone LDAP
8 daemon and {{slurpd}}(8), the stand-alone update replication daemon.
10 Building and installing OpenLDAP requires several steps: installing
11 prerequisite software, configuring OpenLDAP itself, making, and finally
12 installing. The following sections describe this process in detail.
14 In case you haven't already obtained OpenLDAP it is available at
15 the following location:
16 {{URL: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release.tgz}}.
18 The {{ORG[expand]OLP}} also maintains an extensive site
19 ({{URL:http://www.OpenLDAP.org/}}) on the World Wide Web. The site
20 makes available a number of resources which you may utilize to
21 properly install OpenLDAP Software. This includes:
23 !block table; align=Center; coltags="N,URL"; \
24 title="Table 4.1: Other OpenLDAP resources"
26 Document Catalog http://www.OpenLDAP.org/doc/
27 Frequently Asked Questions http://www.OpenLDAP.org/faq/
28 Issue Tracking System http://www.OpenLDAP.org/its/
29 Mailing Lists http://www.OpenLDAP.org/lists/
30 Software Pages http://www.OpenLDAP.org/software/
31 Support Page http://www.OpenLDAP.org/support/
34 H2: Prerequisite software
36 OpenLDAP Software relies upon a number of software packages distributed
37 by third parties. Depending on the features you intend to use,
38 you may have to download and install a number of additional
39 software packages. This section details commonly needed third party
40 software packages you might have to install. Note that some of
41 these third party packages may depend on additional software
42 packages. Install each package per installation instructions
45 H3: {{TERM[expand]TLS}}
47 OpenLDAP clients and servers require installation of {{PRD:OpenSSL}}
48 {{TERM:TLS}} libraries to provide {{TERM[expand]TLS}} services. Though
49 some operating systems may provide these libraries as part of the
50 base system or as an optional software component, OpenSSL often
51 requires separate installation.
53 OpenSSL is available from {{URL: http://www.openssl.org/}}.
55 OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's
56 {{EX:configure}} detects a usable OpenSSL installation.
59 H3: Kerberos Authentication Services
61 OpenLDAP clients and servers support Kerberos-based authentication
63 In particular, OpenLDAP supports {{TERM:SASL}}/{{TERM:GSSAPI}}
64 authentication mechanism using either {{PRD:Heimdal}} or
65 {{PRD:MIT Kerberos}} V packages.
66 If you desire to use Kerberos-based SASL/GSSAPI authentication,
67 you should install either Heimdal or MIT Kerberos V.
69 Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
70 MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
72 Use of strong authentication services, such as those provided by
73 Kerberos, is highly recommended.
76 H3: {{TERM[expand]SASL}}
78 OpenLDAP clients and servers require installation of {{PRD:Cyrus}}'s
79 {{PRD:SASL}} libraries to provide {{TERM[expand]SASL}} services. Though
80 some operating systems may provide this library as part of the
81 base system or as an optional software component, Cyrus SASL
82 often requires separate installation.
84 Cyrus SASL is available from
85 {{URL:http://asg.web.cmu.edu/sasl/sasl-library.html}}.
86 Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries
89 OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's
90 configure detects a usable Cyrus SASL installation.
95 OpenLDAP's {{slapd}}(8) primary database backend, {{TERM:LDBM}},
96 requires a compatible database package for entry storage. LDBM
97 is compatible with {{ORG[expand]Sleepy}}'s {{PRD:BerkeleyDB}} (recommended)
98 or the {{ORG[expand]FSF}}'s {{PRD:GNU}} Database Manager ({{PRD:GDBM}}).
99 If neither of these packages are available at configure time,
100 you will not be able build slapd(8) with primary database backend.
102 Your operating system may provide one of these two packages in
103 the base system or as an optional software component. You may
104 need may need to obtain the software and install it yourself.
106 {{PRD:BerkeleyDB}} is available from {{ORG[expand]Sleepy}}'s
107 download page {{URL: http://www.sleepycat.com/download.html}}.
108 There are several versions available. At the time of this writing,
109 the latest release, version 3.1, is recommended.
111 {{PRD:GDBM}} is available from {{ORG:FSF}}'s download site
112 {{URL: ftp://ftp.gnu.org/pub/gnu/gdbm/}}.
113 At the time of this writing, version 1.8 is the latest release.
118 OpenLDAP is designed to take advantage of threads. OpenLDAP
119 supports POSIX {{pthreads}}, Mach {{CThreads}}, and a number of
120 other varieties. {{EX:configure}} will complain if it cannot
121 find a suitable thread subsystem. If this occurs, please
122 consult the {{F:Software|Installation|Platform Hints}} section
123 of the OpenLDAP FAQ {{URL: http://www.openldap.org/faq/}}.
128 {{slapd}}(8) supports TCP wrappers (IP level access control filters)
129 if preinstalled. Use of TCP wrappers or other IP level access
130 filters (such as those provided by an IP-level firewall) is recommended
131 for servers containing non-public information.
134 H2: Running configure
136 If you haven't already done so, extract the distribution from the
137 compressed archive file and change directory to the top of the
140 .{{EX:gunzip -c openldap-VERSION.tgz | tar xf -}}
141 .{{EX:cd openldap-VERSION}}
143 You'll have to replace {{EX:VERSION}} with the version name of the
146 Note: If you intend to build OpenLDAP for multiple platforms from a
147 single source tree you should consult the {{F: INSTALL}} file in the
148 top level distribution directory before running {{EX:configure}}.
150 Now you should probably run the {{EX:configure}} script with the
151 {{EX:--help}} option.
152 This will give you a list of options that you can change when building
153 OpenLDAP. Many of the features of OpenLDAP can be enabled or disabled
154 using this method. Please see the appendix for a more detailed list
155 of configure options, and their usage.
156 .{{EX:./configure --help}}
158 The {{EX:configure}} script will also look at certain environment variables
159 for certain settings. These environment variables are:
161 !block table; align=Center; coltags="EX,N"; title="Table 4.1: Environment Variables"
163 CC Specify alternative C Compiler
164 CFLAGS Specify additional compiler flags
165 CPPFLAGS Specify C Preprocessor flags
166 LDFLAGS Specify linker flags
167 LIBS Specify additional libraries
170 Now run the configure script with any desired configuration options or
171 environment variables.
173 > [[env] settings] ./configure [options]
175 As an example, let's assume that we want a copy of OpenLDAP configured
176 to use the LDBM backend and the shell backend. The LDBM backend
177 is turned on by default, so we don't need to do anything special
180 Additionally, we've installed the BerkeleyDB database package.
181 {{EX:configure}} is smart enough to use BerkeleyDB automatically
182 if it can find it, but BerkeleyDB is installed by default in a
183 place {{EX:configure}} won't look at automatically. BerkeleyDB
184 is usually installed in {{F:/usr/local/BerkeleyDB.3.1}} (assuming
185 that version 3.1 is being used.)
187 The following example shows how to run {{EX:configure}} and specify where to
188 find BerkeleyDB and turn on the DNS-SRV backend. The example should be
189 entered on a single line (it has been split onto separate lines for clarity.)
191 > env CPPFLAGS="-I/usr/local/BerkeleyDB.3.1/include" \
192 > LDFLAGS="-L/usr/local/BerkeleyDB.3.1/lib" \
193 > ./configure --enable-dnssrv
195 Note: Some shells, such as those derived from the Bourne {{sh}}(1),
196 do not require use of the {{env}}(1) command. In some cases, environmental
197 variables have to be specified using alternative syntaxes.
199 For more information on backends see the chapter on configuration.
201 The {{EX:configure}} script will normally auto-detect appropriate settings.
202 If you have problems at this stage, consult any platform specific
203 hints and check your {{EX:configure}} options, if any.
206 H2: Building the Software
208 Once you have run the {{EX:configure}} script the last line of output
210 > Please "make depend" to build dependencies
212 If the last line of output does not match, {{EX:configure}} has failed,
213 and you will need to review its output to determine what went wrong.
214 You should not proceed until {{EX:configure}} completes successfully.
216 To build dependencies, run:
219 Now build the software, this step will actually compile OpenLDAP.
222 You should examine the output of this command carefully to make sure
223 everything is built correctly. Note that this command builds the LDAP
224 libraries and associated clients as well as {{slapd}}(8) and {{slurpd}}(8).
227 H2: Testing the Software
229 Once the software has been properly configured and successfully
230 made, you should run the test suite to verify the build.
234 This command will run a number of tests.
237 H2: Installing the Software
239 One you have successfully tested the software, you are ready to install it.
240 You will need to have write permission
241 to the installation directories you specified when you ran configure.
242 By default OpenLDAP is installed in {{F:/usr/local}}. If you changed this
243 setting with the {{F:--prefix}} configure option, it will be installed
244 in the location you provided.
246 Typically, the installation is done as the super-user: {{root}}. From the top
247 level OpenLDAP source directory, type:
251 You should examine the output of this command carefully to make sure
252 everything is installed correctly. You will find the configuration files
253 for slapd in {{F:/usr/local/etc/openldap}} by default. See the
254 {{SECT:The slapd Configuration File}} chapter for additional information.