prerequisite software, configuring OpenLDAP itself, making, and finally
installing. The following sections describe this process in detail.
-In case you haven't already obtained OpenLDAP it is available at the following
-location: {{URL: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release.tgz}}
+In case you haven't already obtained OpenLDAP it is available at
+the following location:
+{{URL: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release.tgz}}.
The {{ORG[expand]OLP}} also maintains an extensive site
({{URL:http://www.OpenLDAP.org/}}) on the World Wide Web. The site
makes available a number of resources which you may utilize to
properly install OpenLDAP Software. This includes:
-!block table; align=Center; coltags="N,URL"
+!block table; align=Center; coltags="N,URL"; \
+ title="Table 4.1: Other OpenLDAP resources"
Resource URL
-Documentation Catalog http://www.OpenLDAP.org/doc/
+Document Catalog http://www.OpenLDAP.org/doc/
Frequently Asked Questions http://www.OpenLDAP.org/faq/
Issue Tracking System http://www.OpenLDAP.org/its/
Mailing Lists http://www.OpenLDAP.org/lists/
H2: Prerequisite software
-OpenLDAP relies a number of software packages distributed by third
-parties. Depending on the features you intend to use, you may have
-to download and install a number of additional software packages.
-This section details commonly needed third party software packages
-you might have to install. Note that some of these third party
-packages may depend on additional software packages. Install each
-package per installation instructions provided with it.
+OpenLDAP Software relies upon a number of software packages distributed
+by third parties. Depending on the features you intend to use,
+you may have to download and install a number of additional
+software packages. This section details commonly needed third party
+software packages you might have to install. Note that some of
+these third party packages may depend on additional software
+packages. Install each package per installation instructions
+provided with it.
H3: {{TERM[expand]TLS}}
OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's
{{EX:configure}} detects a usable OpenSSL installation.
+
H3: Kerberos Authentication Services
-OpenLDAP clients and servers support Kerberos based authentication
+OpenLDAP clients and servers support Kerberos-based authentication
services.
-In particular, OpenLDAP supports {{TERM:SASL}}/{{TERM:GSSAPI}} based
-authentication using either {{PRD:Heimdal}} or {{PRD:MIT Kerberos}}
-V packages.
-If you desire to use Kerberos based authentication, you should
-install either Heimdal or MIT Kerberos V.
+In particular, OpenLDAP supports {{TERM:SASL}}/{{TERM:GSSAPI}}
+authentication mechanism using either {{PRD:Heimdal}} or
+{{PRD:MIT Kerberos}} V packages.
+If you desire to use Kerberos-based SASL/GSSAPI authentication,
+you should install either Heimdal or MIT Kerberos V.
Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
Use of strong authentication services, such as those provided by
Kerberos, is highly recommended.
+
H3: {{TERM[expand]SASL}}
-OpenLDAP clients and servers require installation of {{PRD:Cyrus}}
-SASL libraries to provide {{TERM[expand]SASL}} services. Though
-some operating sytems may provide this library as part of the
+OpenLDAP clients and servers require installation of {{PRD:Cyrus}}'s
+{{PRD:SASL}} libraries to provide {{TERM[expand]SASL}} services. Though
+some operating systems may provide this library as part of the
base system or as an optional software component, Cyrus SASL
often requires separate installation.
-Cyrus SASL is available from {{URL:http://asg.cmu.edu/cyrus/sasl/}}.
+Cyrus SASL is available from
+{{URL:http://asg.web.cmu.edu/sasl/sasl-library.html}}.
Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries
if preinstalled.
OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's
configure detects a usable Cyrus SASL installation.
+
H3: Database software
OpenLDAP's {{slapd}}(8) primary database backend, {{TERM:LDBM}},
{{URL: ftp://ftp.gnu.org/pub/gnu/gdbm/}}.
At the time of this writing, version 1.8 is the latest release.
+
H3: Threads
OpenLDAP is designed to take advantage of threads. OpenLDAP
consult the {{F:Software|Installation|Platform Hints}} section
of the OpenLDAP FAQ {{URL: http://www.openldap.org/faq/}}.
+
H3: TCP Wrappers
{{slapd}}(8) supports TCP wrappers (IP level access control filters)
if preinstalled. Use of TCP wrappers or other IP level access
-filters (such as those provided by IP firewalls) is recommended
+filters (such as those provided by a IP-level firewall) is recommended
for servers containing non-public information.
-H2: Configuring OpenLDAP
+H2: Running configure
If you haven't already done so, extra the distribution for the
compressed archive file and change directory to the top of the
> [[env] settings] ./configure [options]
-As an example, lets assume that we want a copy of OpenLDAP configured to use the
-LDBM backend, and the shell backend. The LDBM backend is turned on by default, so we don't need to do anything special to enable it.
+As an example, let's assume that we want a copy of OpenLDAP configured
+to use the LDBM backend, and the shell backend. The LDBM backend
+is turned on by default, so we don't need to do anything special
+to enable it.
Additionally, we've installed the BerkeleyDB database package.
{{EX:configure}} is smart enough to use BerkeleyDB automatically
that version 3.1 is being used.)
The following example shows how to run {{EX:configure}} and specify where to
-find BerkeleyDB and turn on the DNSSRV backend. The example should be
-entered on a single line (it has been split onto seperate lines for clarity.)
+find BerkeleyDB and turn on the DNS-SRV backend. The example should be
+entered on a single line (it has been split onto separate lines for clarity.)
> env CPPFLAGS="-I/usr/local/BerkeleyDB.3.1/include" \
> LDFLAGS="-L/usr/local/BerkeleyDB.3.1/lib" \
If you have problems at this stage, consult any platform specific
hints and check your {{EX:configure}} options if any.
+
H2: Building the Software
Once you have run the {{EX:configure}} script the last line of output
> Please "make depend" to build dependencies
If the last line of output does not match, {{EX:configure}} has failed.
-You should not proceed until {{EX:configure}} completes sucessfuly.
+You should not proceed until {{EX:configure}} completes successfully.
To build dependencies, run:
> make depend
everything is built correctly. Note that this command builds the LDAP
libraries and associated clients as well as {{slapd}}(8) and {{slurpd}}(8).
+
H2: Testing the Software
Once the software has been properly configured and successfully
The test will run a number of tests.
+
H2: Installing the Software
One you have successfully tested the software, you are ready to install it.
You should examine the output of this command carefully to make sure
everything is installed correctly. You will find the configuration files
-for slapd in {{F:/usr/local/etc/openldap}} by default. See chapter 5 for more
-information on the configuration files.
+for slapd in {{F:/usr/local/etc/openldap}} by default. See the
+{{SECT:The slapd Configuration File}} chapter for additional information.