This documents the installation of the LDAP server at IMB.

LDAP Server and Replication Server

slapd and slurpd

slapd is the OpenLDAP directory server. slurpd is the daemon that propagates updates from the LDAP server to the replication server.

Hardware/Software

Our initial implementation of LDAP will use two computers, both running recent versions of linux.

• LDAP server - runs slapd and slurpd
• LDAP Replication server - runs slapd only

LDAP server

First, remove any OpenSSL and OpenLDAP rpm's that may have been installed in your implementation of linux. These will only confuse the issue. (rpm -qa | grep -i openssl and rpm -qa | grep -i openldap should come back clear). This is optional but if you keep various packages it can become very difficult to determine which binaries are being used.

• OpenSSL

  Download the latest version of openssl (0.9.7a) from http://www.openssl.org/.

  Then install it.

  [lance@ldap]$ gunzip openssl-0.9.7a.tar.gz
[lance@ldap]$ tar -xvf openssl-0.9.7a.tar
[lance@ldap]$ cd openssl-0.9.7
[lance@ldap]$ ./config
[lance@ldap]$ make
[lance@ldap]$ make test
[lance@ldap]$ su
[root@ldap]# make install


• Berkeley DB

  This provides the database backend for the LDAP servers

  Download the latest source code (4.1.25) from http://www.sleepycat.com/

  [lance@ldap]$ gunzip db-4.1.25.tar.gz
[lance@ldap]$ tar -xvf db-4.1.25.tar
[lance@ldap]$ cd db-4.1.25/build_unix/
[lance@ldap]$ ../dist/configure
[lance@ldap]$ make
[lance@ldap]$ su
[root@ldap]# make install


• OpenLDAP

  Download the latest stable source code (2.1.16) from http://www.openldap.org/ Our implementation involves enabling slurpd and TLS.

  [lance@ldap]$ gunzip openldap-2.1.16.tgz
[lance@ldap]$ tar -xvf openldap-2.1.16.tar
[lance@ldap]$ cd openldap-2.1.16
[lance@ldap]$ env CPPFLAGS="-I/usr/local/ssl/include -I/usr/local/BerkeleyDB.4.1/include" LDFLAGS="-L/usr/local/ssl/lib -L/usr/local/BerkeleyDB.4.1/lib" ./configure --with-tls --enable-slurpd
[lance@ldap]$ make depend
[lance@ldap]$ make
[lance@ldap]$ su
[root@ldap]# make install


  ERRORS using configure on OpenLDAP

  • checking for openssl/ssl.h... no
checking for ssl.h... no
configure: error: Could not locate TLS/SSL package


    You have not installed OpenSSL properly or you did not set your environmental variables correctly. The settings above (CPPFLAGS="-I/usr/local/ssl/include" LDFLAGS="-L/usr/local/ssl/lib") assume you have installed openSSL in /usr/local/ssl.

  • checking for db.h... no
configure: error: BDB: BerkeleyDB not available

    You have not installed BerkerleyDB properly or you did not set your environmental variables correctly. The settings above (CPPFLAGS="-I/usr/local/BerkeleyDB.4.1/include" LDFLAGS="-L/usr/local/BerkeleyDB.4.1/lib") assume you have installed BerkeleyDB in /usr/local/BerkeleyDB.4.1. Obviously this will need to be changed to suit your BerkeleyDB version.

• Starting OpenLDAP

  There are a number of options when starting OpenLDAP. The main executable is slapd. The basic startup command is:

  [root@ldap]# /usr/local/libexec/slapd


  To start using SSL (as opposed to TLS) you could use something like:

  [root@ldap]# /usr/local/libexec/slapd -h "ldap:/// ldaps:///"


---

Author: Lance Rathbone
Last modified: Wednesday June 18, 2008
Home