Now, I need to play with LDAP. So, what is LDAP?
LDAP (Lightweight Directory Access Protocol) is an industry standard application protocol for accessing and maintaining distributed directory information server over an Network
Then, what is OpenLDAP? Well, it is an open-source implementation of LDAP.
For some reason, their default downloading mirroring sites are either timing me out or not valid. So, it will be easier to download OpenLDAP from their FTP over HTTP site (http://www.openldap.org/software/download/OpenLDAP/)
This notes will only be a high level guide on the steps (which I had tried) to install OpenLDAP. It will also highlight the problems and solutions during the installation
OpenLDAP has the following prerequisites
1. Require Transport Layer Security services. I would suggest to use OpenSSL. By default, during the configuration, it will detect whether any TLS library is available. If you want to check whether your system support OpenSSL, you can try
to check the currently install OpenSSL version
2. Require Cyrus SASL libraries to provide
Simple Authentication and Security Layer services. To check if SASL is installed, you can use
ls -al /usr/lib/sasl2
to check whether the library exist
3. Install MIT Kerberos if you need Kerberos support from OpenSSL
4. Require Oracle Berkeley Database.
BDB and HDB is the primary database backends for OpenLDAP
Now, during configuration, if you encounter the following error
checking for Berkeley DB major version in db.h... 4
checking for Berkeley DB minor version in db.h... 3
checking if Berkeley DB version supported by BDB/HDB backends... no
configure: error: BerkeleyDB version incompatible with BDB/HDB backends
This means that you need to upgrade your Berkeley Database because OpenLDAP support database version >= 4.4. You can do the following to upgrade your Berkeley Database
Installing the latest Berkeley Database
You can get the latest installer from http://www.oracle.com/technetwork/database/database-technologies/berkeleydb/downloads/index.html
For some reason, although Oracle said that the download is Berkeley DB X.X.XX.tar.gz, the downloaded file is call db-X.X.XX.gz (X.X.XX is the current version number). So assuming that X.X.XX is 6.0.30, all you need to do is to change db-6.0.30.gz to db-6.0.30.tar.gz and use tar -zxvf db-6.0.30.tar.gz to extract the installation file.
Now, you can follow these instruction to install latest Berkeley Database http://docs.oracle.com/cd/E17076_03/html/installation/build_unix.html
Export Paths before performing ./configure
You need to export the following (assuming that the downloaded version is 6.0.30)
The above will tell ./configure to look for the latest Berkeley Database for library linkage
Below are the summary steps for installation
1. Get the installation package. The current version is openldap-2.4.39.tgz. and I will use this as an example
2. Unpack the installation
gunzip -c openldap-2.4.39.tgz | tar xvfB -
3. Navigate to the OpenLDAP installation directory
4. Run configure
5. Build the software
6. Test the build
7. Install OpenLDAP. Usually, it will installed in /usr/local
su root -c 'make install'
sudo make install
8. Edit the configuration file at /usr/local/etc/openldap/slapd.conf as root
Add the following (using example.com as example)
9. Start slapd (Standalone LDAP Daemon)
su root -c /usr/local/libexec/slapd
If you encounter the following error
/usr/local/libexec/slapd: error while loading shared libraries: libdb-6.0.so: cannot open shared object file: No such file or director
It means that you had not set up the shared library for Berkeley Database 6.0 correctly. You can use the following steps to fix it.
a. Create a file at /etc/ld.so.conf.d/db-6.conf
b. Add /usr/local/BerkeleyDB.6.0/lib in the above file
c. Then, update library cache with sudo ldconfig
d. Run sudo /usr/local/libexec/slapd to test the setting
To check to see if the server is running and configured correctly, you can run the following command
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
It should display (using example.com as example)
The above should help you to set OpenLDAP up and running. If you want to know the details about the setup, see http://www.openldap.org/doc/admin24/quickstart.html for full installation details.