LDAP - Installing OpenLDAP

[Updated on 2015/9/30]
Berkeley DB version 6.0.20 and later uses a software license that is incompatible with LDAP technology and should not be used with OpenLDAP. From my testing, you the combination of OpenLDAP 2.4.39 with Berkeley Database 6.0.30

Now, I need to play with LDAP. So, what is LDAP?

LDAP (Lightweight Directory Access Protocol) is an industry standard application protocol for accessing and maintaining distributed directory information server over an Network

Then, what is OpenLDAP? Well, it is an open-source implementation of LDAP.

For some reason, their default downloading mirroring sites are either timing me out or not valid. So, it will be easier to download OpenLDAP from their FTP over HTTP site (http://www.openldap.org/software/download/OpenLDAP/)

This notes will only be a high level guide on the steps (which I had tried) to install OpenLDAP. It will also highlight the problems and solutions during the installation

Prerequisites

OpenLDAP has the following prerequisites

1. Require Transport Layer Security services. I would suggest to use OpenSSL. By default, during the configuration, it will detect whether any TLS library is available. If you want to check whether your system support OpenSSL, you can try

openssl version

to check the currently install OpenSSL version

2. Require Cyrus SASL libraries to provide Simple Authentication and Security Layer services. To check if SASL is installed, you can use

ls -al /usr/lib/sasl2

to check whether the library exist

3. Install MIT Kerberos if you need Kerberos support from OpenSSL

4. Require Oracle Berkeley Database. BDB and HDB is the primary database backends for OpenLDAP

Now, during configuration, if you encounter the following error

checking for Berkeley DB major version in db.h... 4
checking for Berkeley DB minor version in db.h... 3
checking if Berkeley DB version supported by BDB/HDB backends... no
configure: error: BerkeleyDB version incompatible with BDB/HDB backends

This means that you need to upgrade your Berkeley Database because OpenLDAP support database version >= 4.4. You can do the following to upgrade your Berkeley Database

Installing the Berkeley Database

Note: Berkeley DB version 6.0.20 and later uses a software license that is incompatible with LDAP technology and should not be used with OpenLDAP.

You can get the latest installer from http://www.oracle.com/technetwork/database/database-technologies/berkeleydb/downloads/index.html

You can download 6.0.20 from http://download.oracle.com/berkeley-db/db-6.0.20.tar.gz

For some reason, although Oracle said that the download is Berkeley DB X.X.XX.tar.gz, the downloaded file is call db-X.X.XX.gz (X.X.XX is the current version number). So assuming that X.X.XX is 6.0.30, all you need to do is to change db-6.0.30.gz to db-6.0.30.tar.gz and use tar -zxvf db-6.0.30.tar.gz to extract the installation file.

Now, you can follow these instruction to install latest Berkeley Database http://docs.oracle.com/cd/E17076_03/html/installation/build_unix.html

Below is the extracted steps (assuming that you are in the Berkeley Database folder)

1) cd build_unix/
2) ../dist/configure
3) make install

Export Paths before performing ./configure

You need to export the following (assuming that the downloaded version is 6.0.30)

export LD_LIBRARY_PATH="/usr/local/BerkeleyDB.6.0/lib"

export CPPFLAGS="-I/usr/local/BerkeleyDB.6.0/include"

export LDFLAGS="-L/usr/local/BerkeleyDB.6.0/lib"   

The above will tell ./configure to look for the latest Berkeley Database for library linkage

Installation

Below are the summary steps for installation

1. Get the installation package. The current version is openldap-2.4.39.tgz. and I will use this as an example

2. Unpack the installation

gunzip -c openldap-2.4.39.tgz | tar xvfB -

3. Navigate to the OpenLDAP installation directory

cd openldap-2.4.39

4. Run configure

./configure

Note: Use ./configure --help to see additional switch. To enable overlay, you need to ./configure --enable-overlays

5. Build the software

make depend
make

6. Test the build

make test

7. Install OpenLDAP. Usually, it will installed in /usr/local

su root -c 'make install'

or

sudo make install

8. Edit the configuration file at /usr/local/etc/openldap/slapd.conf as root

Add the following (using example.com as example)

database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /usr/local/var/openldap-data

9. Start slapd (Standalone LDAP Daemon)

su root -c /usr/local/libexec/slapd

or

sudo /usr/local/libexec/slapd

or (with Debug log to stdout)

su root -c "/usr/local/libexec/slapd -d -1"

Note: 

If you encounter the following error

/usr/local/libexec/slapd: error while loading shared libraries: libdb-6.0.so: cannot open shared object file: No such file or director

It means that you had not set up the shared library for Berkeley Database 6.0 correctly. You can use the following steps to fix it.

a. Create a file at /etc/ld.so.conf.d/db-6.conf 

b. Add /usr/local/BerkeleyDB.6.0/lib in the above file

c. Then, update library cache with sudo ldconfig

d. Run sudo /usr/local/libexec/slapd to test the setting

To check to see if the server is running and configured correctly, you can run the following command

ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

It should display (using example.com as example)

dn:
namingContexts: dc=example,dc=com

The above should help you to set OpenLDAP up and running. If you want to know the details about the setup, see http://www.openldap.org/doc/admin24/quickstart.html for full installation details.

References:

1) http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
2) http://www.openldap.org/doc/admin24/install.html#Running configure