2 # Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
3 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
5 H1: A Quick-Start Guide
7 The following is a quick start guide to OpenLDAP 2.0 software,
8 including the stand-alone LDAP daemon, {{slapd}}(8).
10 It is meant to step you through the basic steps needed to install
11 and configure OpenLDAP software. It should be used in conjunction
12 with the other chapters of this document, manual pages, and
13 other materials provided with the distribution (e.g. the {{F:INSTALL}}
14 document) or on the OpenLDAP web site (in particular, the
15 OpenLDAP Software FAQ).
17 If you intend to run OpenLDAP seriously, you should review the all
18 of this document before attempt to install the software.
20 Note: This quick start guide does not use strong authentication nor
21 any privacy and integrity protection services. These services are
22 described in other chapters of the OpenLDAP Administrator's Guide.
26 ^{{B: Get the software}}
28 . You can obtain a copy of the software by following the
29 instructions on the OpenLDAP download
30 page ({{URL: http://www.openldap.org/software/download/}}).
31 It is recommended that new users start with the (latest)
36 +{{B: Unpack the distribution}}
38 .Pick a directory for the LDAP source to live under, change
39 directory to there, and unpack the distribution using the
42 ..{{EX:gunzip -c openldap-VERSION.tgz | tar xvfB -}}
44 . then relocate yourself into the distribution directory:
46 ..{{EX:cd openldap-VERSION}}
48 . You'll have to replace {{F:VERSION}} with the version
53 +{{B: Review documentation}}
55 . You should now review the {{F:COPYRIGHT}}, {{F:LICENSE}},
56 {{F:README}} and {{F:INSTALL}} documents provided with the distribution.
57 The {{F:COPYRIGHT}} and {{F:LICENSE}} provide information on
58 acceptable use, copying, and limitation of warranty of OpenLDAP
62 . You should also review other chapters of this document.
63 In particular, the {{SECT:Building and Installing OpenLDAP Software}}
64 chapter of this document provides detailed information on prerequisite
65 software and installation procedures.
69 +{{B: Run {{EX:configure}}}}
71 . You will need to run the provided {{EX:configure}} script to
72 {{configure}} to the distribution for building on your system. The
73 {{EX:configure}} script accepts many command line options that enable or
74 disable optional software features. Usually the defaults are okay,
75 but you may want to change them. To get a complete list of options
76 that {{EX:configure}} accepts, use the {{EX:--help}} option:
78 ..{{EX:./configure --help}}
80 . However, given that you using this guide, we'll assume you'll
81 are brave enough to just let {{EX:configure}} to determine
86 . Assuming {{EX:configure}} doesn't dislike your system, you can
87 proceed with building the software. If {{EX:configure}} did
88 complain, well, you'll likely need to go to the FAQ Installation
89 Section ({{URL:http://www.openldap.org/faq/}} and/or actually
90 read the {{SECT:Building and Installing OpenLDAP Software}}
91 chapter of this document.
95 +{{B:Build the software}}.
97 . The next step is to build the software. This step has two
98 parts, first we construct dependencies and then we compile the
105 . Both makes should complete without error.
109 +{{B:Test the build}}.
111 . To ensure a correct build, you should run the test suite
112 (it only takes a few minutes):
116 . Tests which apply to your configuration will run and they
117 should pass. Some tests, such as the replication test, may
122 +{{B:Install the software}}.
124 . You are now ready to install the software, this usually requires
125 {{super-user}} privledges:
127 ..{{EX:su root -c 'make install'}}
129 . Everything should now be installed under {{F:/usr/local}} (or
130 whatever installation prefix was used by {{EX:configure}}.
134 +{{B:Edit the configuration file}}.
136 . Use your favorite editor to edit the provided {{slapd.conf}}(5)
137 example (usually installed as {{F:/usr/local/etc/openldap/slapd.conf}})
138 to contain an LDBM database definition of the form:
140 ..{{EX:database ldbm}}
141 ..{{EX:suffix "dc=<MY-DOMAIN>,dc=<COM>"}}
142 ..{{EX:rootdn "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>"}}
143 ..{{EX:rootpw secret}}
144 ..{{EX:directory /usr/local/var/openldap-ldbm}}
146 . Be sure to replace {{EX:<MY-DOMAIN>}} and {{EX:<COM>}} with
147 the appropriate domain components of your domain name. For
148 example, for {{EX:example.com}}, use:
150 ..{{EX:database ldbm}}
151 ..{{EX:suffix "dc=example,dc=com"}}
152 ..{{EX:rootdn "cn=Manager,dc=example,dc=com"}}
153 ..{{EX:rootpw secret}}
154 ..{{EX:directory /usr/local/var/openldap-ldbm}}
156 .If your domain contains additional components, such as
157 {{EX:eng.uni.edu.eu}}, use:
159 ..{{EX:database ldbm}}
160 ..{{EX:suffix "dc=eng,dc=uni,dc=edu,dc=eu"}}
161 ..{{EX:rootdn "cn=Manager,dc=eng,dc=uni,dc=edu,dc=eu"}}
162 ..{{EX:rootpw secret}}
163 ..{{EX:directory /usr/local/var/openldap-ldbm}}
165 . Details regarding configuring {{slapd}}(8) can be found
166 in the {{slapd.conf}}(5) manual page and the
167 {{SECT:The slapd Configuration File}} chapter of this
173 . You are now ready to start the stand-alone LDAP server, slapd(8),
174 by running the command:
176 ..{{EX:su root -c /usr/local/libexec/slapd}}
179 . To check to see if the server is running and configured correctly,
180 you can run a search against it with {{ldapsearch}}(1). By default,
181 ldapsearch is installed as {{F:/usr/local/bin/ldapsearch}}:
183 ..{{EX:ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts}}
185 . Note the use of single quotes around command parameters to prevent
186 special characters from being interpreted by the shell. This should return:
189 ..{{EX:namingContexts: dc=example,dc=com}}
191 . Details regarding running {{slapd}}(8) can be found
192 in the {{slapd}}(8) manual page and the
193 {{SECT:Running slapd}} chapter of this document.
197 +{{B:Add initial entries to your directory}}.
199 . You can use {{ldapadd}}(1) to add entries to your LDAP directory.
200 {{ldapadd}} expects input in LDIF form. We'll do it in two steps:
202 ^^ create an LDIF file
205 . Use your favorite editor and create an LDIF file that contains:
207 ..{{EX:dn: dc=<MY-DOMAIN>,dc=<COM>}}
208 ..{{EX:objectclass: dcObject}}
209 ..{{EX:objectclass: organization}}
210 ..{{EX:o: <MY ORGANIZATION>}}
211 ..{{EX:dc: <MY-DOMAIN>}}
213 ..{{EX:dn: cn=Manager,dc=<MY-DOMAIN>,dc=<COM>}}
214 ..{{EX:objectclass: organizationalRole}}
217 . Be sure to replace <MY-DOMAIN> and <COM> with the appropriate domain
218 components of your domain name. <MY ORGANIZATION> should be replaced
219 with the name of your organization. If you cut and paste, be sure
220 to trim any leading and trailing whitespace from the example.
222 ..{{EX:dn: dc=example,dc=com}}
223 ..{{EX:objectclass: dcObject}}
224 ..{{EX:objectclass: organization}}
225 ..{{EX:o: Example Company}}
228 ..{{EX:dn: cn=Manager,dc=example,dc=com}}
229 ..{{EX:objectclass: organizationalRole}}
232 . Now, you may run {{ldapadd}}(1) to insert these entries into
235 ..{{EX:ldapadd -x -D "cn=Manager,dc=<MY-DOMAIN>,dc=<COM>" -W -f example.ldif}}
237 . Be sure to replace {{EX:<MY-DOMAIN>}} and {{EX:<COM>}} with the
238 appropriate domain components of your domain name. You will be
239 prompted for the "{{EX:secret}}" specified in {{F:slapd.conf}}.
240 For example, for {{EX:example.com}}, use:
242 ..{{EX:ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f example.ldif}}
244 . where {{F:example.ldif}} is the file you created above.
246 . Additional informaton regarding directory creation can be found
247 in the {{SECT:Database Creation and Maintenance Tools}} chapter of
251 +{{B:See if it works}}.
253 . Now we're ready to verify the added entries are in your directory.
254 You can use any LDAP client to do this, but our example uses the
255 {{ldapsearch}}(1) tool. Remember to replace {{EX:dc=example,dc=com}}
256 with the correct values for your site:
258 ..{{EX:ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'}}
260 . This command will search for and retrieve every entry in the database.
262 You are now ready to add more entries using {{ldapadd}}(1) or
263 another LDAP client, experiment with various configuration options,
264 backend arrangements, etc.
266 Note that by default, the {{slapd}}(8) database grants {{read access
267 to everybody}} excepting the {{super-user}} (as specified by the
268 {{EX:rootdn}} configuration directive). It is highly recommended that
269 you establish controls to restrict access to authorized users. Access
270 controls are discussed in the {{SECT:Access Control}} section of the
271 {{SECT:The slapd Configuration File}} chapter.
273 The following chapters provide more detailed information on making,
274 installing, and running {{slapd}}(8).