X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=doc%2Fguide%2Fadmin%2Finstall.sdf;h=1d4e7b5ab02f1aa183534c6b8787943fb30a51f0;hb=221e0f727be9967543ff6255c05d4221e70338f0;hp=515b94e627f2b39a8b6afe65d51225bb7c4ded2a;hpb=0d6c14b41dae95d12a0c7439b5cbb788de0ba097;p=openldap diff --git a/doc/guide/admin/install.sdf b/doc/guide/admin/install.sdf index 515b94e627..1d4e7b5ab0 100644 --- a/doc/guide/admin/install.sdf +++ b/doc/guide/admin/install.sdf @@ -1,15 +1,15 @@ # $OpenLDAP$ -# Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved. +# Copyright 1999-2007 The OpenLDAP Foundation, All Rights Reserved. # COPYING RESTRICTIONS APPLY, see COPYRIGHT. H1: Building and Installing OpenLDAP Software -This chapter details how to build and install the {{ORG:OpenLDAP}} -Software package including {{slapd}}(8), the stand-alone LDAP -daemon and {{slurpd}}(8), the stand-alone update replication daemon. -Building and installing OpenLDAP requires several steps: installing -prerequisite software, configuring OpenLDAP itself, making, and finally -installing. The following sections describe this process in detail. +This chapter details how to build and install the {{PRD:OpenLDAP}} +Software package including {{slapd}}(8), the Standalone {{TERM:LDAP}} +Daemon. Building and installing OpenLDAP Software requires several +steps: installing prerequisite software, configuring OpenLDAP +Software itself, making, and finally installing. The following +sections describe this process in detail. H2: Obtaining and Extracting the Software @@ -20,19 +20,19 @@ directly from the project's {{TERM:FTP}} service at {{URL: ftp://ftp.openldap.org/pub/OpenLDAP/}}. The project makes available two series of packages for {{general -use}}. The project makes {{releases}} as new features and bug -fixes come available. Though the project takes steps to improve -stablity of these releases, it is common for problems to arise -only after {{release}}. The latest {{release}} which has -demonstrated stability through general use. +use}}. The project makes {{releases}} as new features and bug fixes +come available. Though the project takes steps to improve stability +of these releases, it is common for problems to arise only after +{{release}}. The {{stable}} release is the latest {{release}} which +has demonstrated stability through general use. Users of OpenLDAP Software can choose, depending on their desire -for the {{latest features}} versus {{demonstrated stability}}, -the most appropriate series to install. +for the {{latest features}} versus {{demonstrated stability}}, the +most appropriate series to install. After downloading OpenLDAP Software, you need to extract the -distribution from the compressed archive file and change your -working directory to the top directory of the distribution: +distribution from the compressed archive file and change your working +directory to the top directory of the distribution: .{{EX:gunzip -c openldap-VERSION.tgz | tar xf -}} .{{EX:cd openldap-VERSION}} @@ -40,62 +40,47 @@ working directory to the top directory of the distribution: You'll have to replace {{EX:VERSION}} with the version name of the release. -You should now review the {{F:COPYRIGHT}}, {{F:LICENSE}}, -{{F:README}} and {{F:INSTALL}} documents provided with the -distribution. The {{F:COPYRIGHT}} and {{F:LICENSE}} provide -information on acceptable use, copying, and limitation of warranty -of OpenLDAP software. The {{F:README}} and {{F:INSTALL}} documents -provide detailed information on prerequisite software and -installation procedures. +You should now review the {{F:COPYRIGHT}}, {{F:LICENSE}}, {{F:README}} +and {{F:INSTALL}} documents provided with the distribution. The +{{F:COPYRIGHT}} and {{F:LICENSE}} provide information on acceptable +use, copying, and limitation of warranty of OpenLDAP Software. The +{{F:README}} and {{F:INSTALL}} documents provide detailed information +on prerequisite software and installation procedures. H2: Prerequisite software OpenLDAP Software relies upon a number of software packages distributed -by third parties. Depending on the features you intend to use, -you may have to download and install a number of additional -software packages. This section details commonly needed third party -software packages you might have to install. Note that some of -these third party packages may depend on additional software -packages. Install each package per installation instructions -provided with it. +by third parties. Depending on the features you intend to use, you +may have to download and install a number of additional software +packages. This section details commonly needed third party software +packages you might have to install. However, for an up-to-date +prerequisite information, the {{F:README}} document should be +consulted. Note that some of these third party packages may depend +on additional software packages. Install each package per the +installation instructions provided with it. H3: {{TERM[expand]TLS}} -OpenLDAP clients and servers require installation of {{PRD:OpenSSL}} +OpenLDAP clients and servers require installation of either {{PRD:OpenSSL}} +or {{PRD:GnuTLS}} {{TERM:TLS}} libraries to provide {{TERM[expand]TLS}} services. Though some operating systems may provide these libraries as part of the -base system or as an optional software component, OpenSSL often -requires separate installation. +base system or as an optional software component, OpenSSL and GnuTLS often +require separate installation. OpenSSL is available from {{URL: http://www.openssl.org/}}. +GnuTLS is available from {{URL: http://www.gnu.org/software/gnutls/}}. -OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's -{{EX:configure}} detects a usable OpenSSL installation. - - -H3: Kerberos Authentication Services - -OpenLDAP clients and servers support Kerberos-based authentication -services. -In particular, OpenLDAP supports {{TERM:SASL}}/{{TERM:GSSAPI}} -authentication mechanism using either {{PRD:Heimdal}} or -{{PRD:MIT Kerberos}} V packages. -If you desire to use Kerberos-based SASL/GSSAPI authentication, -you should install either Heimdal or MIT Kerberos V. - -Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}. -MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}. - -Use of strong authentication services, such as those provided by -Kerberos, is highly recommended. +OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's +{{EX:configure}} detects a usable TLS library. H3: {{TERM[expand]SASL}} -OpenLDAP clients and servers require installation of {{PRD:Cyrus}}'s -{{PRD:SASL}} libraries to provide {{TERM[expand]SASL}} services. Though +OpenLDAP clients and servers require installation of {{PRD:Cyrus SASL}} +libraries to provide {{TERM[expand]SASL}} services. Though some operating systems may provide this library as part of the base system or as an optional software component, Cyrus SASL often requires separate installation. @@ -105,32 +90,44 @@ Cyrus SASL is available from Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries if preinstalled. -OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's +OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's configure detects a usable Cyrus SASL installation. -H3: Database Software +H3: {{TERM[expand]Kerberos}} -OpenLDAP's {{slapd}}(8) primary database backend, {{TERM:LDBM}}, -requires a compatible database package for entry storage. LDBM -is compatible with {{ORG[expand]Sleepycat}}'s {{PRD:BerkeleyDB}} (recommended) -or the {{ORG[expand]FSF}}'s {{PRD:GNU}} Database Manager ({{PRD:GDBM}}). -If neither of these packages are available at configure time, -you will not be able build {{slapd}}(8) with a primary database backend. +OpenLDAP clients and servers support {{TERM:Kerberos}} authentication +services. In particular, OpenLDAP supports the Kerberos V +{{TERM:GSS-API}} {{TERM:SASL}} authentication mechanism known as +the {{TERM:GSSAPI}} mechanism. This feature requires, in addition to +Cyrus SASL libraries, either {{PRD:Heimdal}} or {{PRD:MIT Kerberos}} +V libraries. + +Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}. +MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}. + +Use of strong authentication services, such as those provided by +Kerberos, is highly recommended. -Your operating system may provide one or both of these packages in -the base system or as an optional software component. If not, -you'll have to obtain and install one of these packages yourself. -{{PRD:BerkeleyDB}} is available from {{ORG[expand]Sleepycat}}'s -download page {{URL: http://www.sleepycat.com/download.html}}. -There are several versions available. At the time of this writing, -the latest release, version 4.0, is recommended. This package -is required if you wish to use the {{TERM:BDB}} database backend. -{{PRD:GDBM}} is available from {{ORG:FSF}}'s download site -{{URL: ftp://ftp.gnu.org/pub/gnu/gdbm/}}. -At the time of this writing, version 1.8 is the latest release. +H3: Database Software + +OpenLDAP's {{slapd}}(8) {{TERM:BDB}} and {{TERM:HDB}} primary database backends +require {{ORG[expand]Oracle}} {{PRD:Berkeley DB}}. +If not available at configure time, you will not be able build +{{slapd}}(8) with these primary database backends. + +Your operating system may provide a supported version of +{{PRD:Berkeley DB}} in the base system or as an optional +software component. If not, you'll have to obtain and +install it yourself. + +{{PRD:Berkeley DB}} is available from {{ORG[expand]Oracle}}'s Berkeley DB +download page +{{URL: http://www.oracle.com/technology/software/products/berkeley-db/index.html}}. There are several versions available. Generally, the most recent +release (with published patches) is recommended. This package is required +if you wish to use the {{TERM:BDB}} or {{TERM:HDB}} database backends. H3: Threads @@ -145,8 +142,8 @@ of the OpenLDAP FAQ {{URL: http://www.openldap.org/faq/}}. H3: TCP Wrappers -{{slapd}}(8) supports TCP wrappers (IP level access control filters) -if preinstalled. Use of TCP wrappers or other IP-level access +{{slapd}}(8) supports TCP Wrappers (IP level access control filters) +if preinstalled. Use of TCP Wrappers or other IP-level access filters (such as those provided by an IP-level firewall) is recommended for servers containing non-public information. @@ -182,9 +179,9 @@ environment variables. > [[env] settings] ./configure [options] As an example, let's assume that we want to install OpenLDAP with -LDBM backend and TCP wrapper support. By default, LDBM -is enabled and TCP wrappers is not. So, we just need to specify -{{EX:--with-wrappers}} to include TCP wrapper support: +BDB backend and TCP Wrappers support. By default, BDB +is enabled and TCP Wrappers is not. So, we just need to specify +{{EX:--with-wrappers}} to include TCP Wrappers support: > ./configure --with-wrappers @@ -223,8 +220,8 @@ Now build the software, this step will actually compile OpenLDAP. > make You should examine the output of this command carefully to make sure -everything is built correctly. Note that this command builds the LDAP -libraries and associated clients as well as {{slapd}}(8) and {{slurpd}}(8). +everything is built correctly. Note that this command builds the LDAP +libraries and associated clients as well as {{slapd}}(8). H2: Testing the Software @@ -241,20 +238,22 @@ by your configuration. H2: Installing the Software -Once you have successfully tested the software, you are ready to install it. -You will need to have write permission -to the installation directories you specified when you ran configure. -By default OpenLDAP is installed in {{F:/usr/local}}. If you changed this -setting with the {{EX:--prefix}} configure option, it will be installed -in the location you provided. +Once you have successfully tested the software, you are ready to +install it. You will need to have write permission to the installation +directories you specified when you ran configure. By default +OpenLDAP Software is installed in {{F:/usr/local}}. If you changed +this setting with the {{EX:--prefix}} configure option, it will be +installed in the location you provided. -Typically, the installation typically requires super-user priviledges. +Typically, the installation requires {{super-user}} privileges. From the top level OpenLDAP source directory, type: > su root -c 'make install' +and enter the appropriate password when requested. + You should examine the output of this command carefully to make sure everything is installed correctly. You will find the configuration files for {{slapd}}(8) in {{F:/usr/local/etc/openldap}} by default. See the -{{SECT:The slapd Configuration File}} chapter for additional information. +chapter {{SECT:Configuring slapd}} for additional information.