2 # Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
3 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
5 H1: A Quick-Start Guide to Running slapd
7 This section provides a quick step-by-step guide to building,
8 installing and running {{I:slapd}}. It is intended to provide users with a
9 simple and quick way to get started only. If you intend to run slapd
10 seriously, you should read the rest of this guide.
13 ^{{B:Get the software}}.
15 .{{I:Slapd}} is part of the OpenLDAP distribution, which
16 you can retrieve from {{URL: http://www.openldap.org/software/download/}}
17 or {{URL: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release.tgz}}.
18 If you are reading this guide, you have probably already done this.
21 +{{B:Unpack the distribution}}.
23 .Pick a directory for the LDAP source to live under and change
24 directory there, and untar it. For example:
26 ..{{EX:cd /usr/local/src}}
27 ..{{EX:gunzip -c openldap-release.tgz | tar xvfB -}}
28 ..{{EX:cd openldap-release}}
30 . You'll have to replace {{FILE:openldap-release}} with the full
34 +{{B: Configure the software}}.
36 .You will need to run the configure script to configure slapd.
40 . Configure accepts many command line options that enable or disable
41 optional features in slapd. Usually the defaults are okay, but you
42 may want to change them. To get a complete list of options that configure
43 accepts, use the {{EX:--help}} option.
45 ..{{EX:./configure --help}}
47 . Once OpenLDAP has been configured, it needs to be compiled.
48 You'll need to make dependencies and then compile the software.
54 . Once OpenLDAP is compiled you need to install it. By default OpenLDAP
55 is installed into {{FILE:/usr/local}}. This is typically done as root.
60 +{{B:Edit the configuration file}}.
62 .Use this section as a brief guide. For more details on the configuration
65 .Now we need to edit the default configuration file that was
66 installed earlier. By default the configuration file for slapd
67 is located at {{FILE:/usr/local/etc/openldap/slapd.conf}}. If
68 you specified the {{EX:--prefix}} option when you ran configure,
69 then replace {{FILE:/usr/local}} with the value you gave as the
70 prefix. For example, if you ran configure as
72 ..{{EX:./configure --prefix=/opt/ldap}}
74 .You would find your configuration file in
75 {{FILE:/opt/ldap/etc/openldap/slapd.conf}}.
76 Now look in the configuration file for a line that begins with
78 ..{{EX:database ldbm}}
80 .This marks the begining of the database configuration for slapd. Everything
81 you will need to change for this example is located after this line.
83 .Listed below are the default settings for the database in
84 {{FILE:slapd.conf}}(8). Lines that begin with a # are considered
85 to be comments by slapd, they have been removed from the listing
86 below to save space. If a line starts with white space it is
87 considered a continuation of the preceeding line.
89 ..{{EX:suffix "dc=my-domain, dc=com"}}
90 ..{{EX:rootdn "cn=Manager, dc=my-domain, dc=com"}}
91 ..{{EX:rootpw secret}}
92 ..{{EX:directory /usr/local/var/openldap-ldbm}}
94 . Now we need to replace all of the references to {{EX:my-domain}}
95 and {{EX:com}} with the correct value. For example, if your domain
96 is {{EX:example.net}} we might use the following.
98 ..{{EX:suffix "dc=example, dc=net"}}
99 ..{{EX:rootdn "cn=Manager, dc=example, dc=net"}}
100 ..{{EX:rootpw secret}}
101 ..{{EX:directory /usr/local/var/openldap-ldbm}}
103 . By default, the database files will be created in
104 {{FILE:/usr/local/var/openldap-ldbm}}.
105 You may specify an alternate directory via the directory option
106 in the {{FILE:slapd.conf}} file. The directory must exist before
107 you start the server.
109 +{{B:Starting the server}}.
111 .You are now ready to start the server by running the command
114 ..{{EX:/usr/local/libexec/slapd}}
116 . At this point the LDAP server is up and running, but there isn't
117 any data in the directory. You can check to see if the server is
118 running and your naming context (the {{EX:suffix}} you specified above)
119 by searching it with {{I:ldapsearch}}(1). By default ldapsearch is
120 installed as {{FILE:/usr/local/bin/ldapsearch}}.
122 ..{{EX:ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts}}
124 .Note the use of single quotes around command parameters to prevent
125 special characters from interpreted by the shell. This should return:
128 ..{{EX:namingContexts: dc=example, dc=net}}
130 +{{B:Create a database}}.
132 . This is a two-step process. The first step is to create a file
133 (we'll call it {{FILE:example.ldif}}) containing the entries you
134 want your database to contain. Use the following example as a
135 guide, or see Section 7.3 for more details.
137 ..{{EX:dn: dc=example, dc=net}}
138 ..{{EX:objectclass: dcObject}}
139 ..{{EX:objectclass: organization}}
140 ..{{EX:o: Example Network}}
143 ..{{EX:dn: cn=Bob Smith, dc=example, dc=net}}
144 ..{{EX:objectclass: person}}
145 ..{{EX:cn: Bob Smith}}
148 .Remember to replace {{EX:dc=example, dc=net}} with the correct
149 values for your site, and to put your name instead of Bob's. You can
150 include additional entries and attributes in this file if you want,
151 or add them later via LDAP.
153 .The second step is to run a tool to add the contents of this file to the
154 your directory. We use the tool {{I:ldapadd}}(1) to populate the directory.
155 Again remember to replace {{EX:dc=example, dc=net}} with the correct values
156 for your site. By default ldapadd is installed as
157 {{FILE:/usr/local/bin/ldapadd}}.
159 ..{{EX:ldapadd -x -D 'cn=Manager,dc=example,dc=net' -w secret -f example.ldif}}
161 .Where {{FILE:example.ldif}} is the file you created above.
163 +{{B:See if it works}}.
165 .Now we're ready to verify the added entries are in your directory.
166 You can use any LDAP client to do this, but our example uses the
167 {{I:ldapsearch}}(1) tool. Remember to replace {{EX:dc=example,dc=net}}
168 with the correct values for your site.
170 ..{{EX:ldapsearch -x -b 'dc=example,dc=net' '(objectclass=*)'}}
172 .This command will search for and retrieve every entry in the database.
174 You are now ready to add more entries using {{I:ldapadd}}(1) or
175 another LDAP client, experiment with various configuration options,
176 backend arrangements, etc. Note that by default, the {{I:slapd}}(8)
177 database grants {{I:read access to everybody}}. So if you want to add
178 or modify entries over LDAP, you will have to bind as the {{EX:rootdn}}
179 specified in the config file (see Section 5.2.2), or change the
180 default access control (see Section 5.3).
183 The following sections provide more detailed information on making,
184 installing, and running {{I:slapd}}(8).