diff --git a/server/other/openldap.xml b/server/other/openldap.xml index 55b1aec4a2..b6db1cfd67 100644 --- a/server/other/openldap.xml +++ b/server/other/openldap.xml @@ -4,224 +4,263 @@ %general-entities; - - - - - - + + + + + + ]> - -$LastChangedBy$ -$Date$ - - -<application>Open<acronym>LDAP</acronym></application>-&openldap-version; - - -OpenLDAP + - -Introduction to -<application>Open<acronym>LDAP</acronym></application> + + $LastChangedBy$ + $Date$ + -The OpenLDAP package -provides an open source implementation of the Lightweight Directory -Access Protocol. + OpenLDAP-&openldap-version; -Package information - -Download (HTTP): - -Download (FTP): - -Download MD5 sum: &openldap-md5sum; -Download size: &openldap-size; -Estimated disk space required: -&openldap-buildsize; -Estimated build time: -&openldap-time; - + + OpenLDAP + -<application>Open<acronym>LDAP</acronym></application> -dependencies -Required - - + + Introduction to OpenLDAP -Recommended - and - + The OpenLDAP package provides an open + source implementation of the Lightweight Directory Access Protocol. -Optional -, -, -GNU Pth, and - or - - + Package Information + + + Download (HTTP): + + + Download (FTP): + + + Download MD5 sum: &openldap-md5sum; + + + Download size: &openldap-size; + + + Estimated disk space required: &openldap-buildsize; + + + Estimated build time: &openldap-time; + + - + OpenLDAP Dependencies - + Required + - -Installation of -<application>Open<acronym>LDAP</acronym></application> + Recommended + and -Install OpenLDAP by -running the following commands: + Optional + , + , + GNU Pth, and + or + -./configure --prefix=/usr --libexecdir=/usr/sbin \ + + + + Installation of OpenLDAP + + Install OpenLDAP by + running the following commands: + +./configure --prefix=/usr --libexecdir=/usr/sbin \ --sysconfdir=/etc --localstatedir=/srv/ldap \ --enable-ldbm --disable-debug && make depend && make && -make test +make test -Now, as the root user: + Now, as the root user: -make install && -chmod 755 /usr/lib/libl*-2.2.so.7.0.17 +make install && +chmod 755 /usr/lib/libl*-2.2.so.7.0.17 - + - -Command explanations + + Command Explanations ---libexecdir=/usr/sbin: Installs the server -executables in /usr/sbin instead of -/usr/libexec. + --libexecdir=/usr/sbin: Installs the server + executables in /usr/sbin instead of + /usr/libexec. ---sysconfdir=/etc: Sets the configuration file -directory to avoid the default of -/usr/etc. + --sysconfdir=/etc: Sets the configuration file + directory to avoid the default of + /usr/etc. ---localstatedir=/srv/ldap: Sets the directory -to use for the LDAP directory database, replication logs and -run-time variable data. + --localstatedir=/srv/ldap: Sets the directory + to use for the LDAP directory database, replication logs and + run-time variable data. ---enable-ldbm: Build slapd -with the primary database back end using either -Berkeley DB or -GNU Database Manager. + --enable-ldbm: Build slapd + with the primary database back end using either + Berkeley DB or + GNU Database Manager. ---disable-debug: Disable debugging code. + --disable-debug: Disable debugging code. -make test: Validates the correct build of the -package. If you've enabled tcp_wrappers, ensure you -add 127.0.0.1 to the slapd line in the -/etc/hosts.allow file if you have a -restrictive /etc/hosts.deny file. If you logged the -output of the make test, an easy test to see if all the -tests succeeded is to issue grep ">>>>> Test succeeded" -[logfilename] | wc -l. You should have -39 returned. + make test: Validates the correct build of the + package. If you've enabled tcp_wrappers, ensure you + add 127.0.0.1 to the slapd line in the + /etc/hosts.allow file if you have a + restrictive /etc/hosts.deny file. If you logged the + output of the make test, an easy test to see if all the + tests succeeded is to issue grep ">>>>> Test succeeded" + [logfilename] | wc -l. You should have + 39 returned. -chmod 755 /usr/lib/libl*-2.2.so.7.0.17: This command -adds the executable bit to the shared libraries. + chmod 755 /usr/lib/libl*-2.2.so.7.0.17: This command + adds the executable bit to the shared libraries. - + - -Configuring -<application>Open<acronym>LDAP</acronym></application> + + Configuring OpenLDAP -Config files -/etc/openldap/* - -/etc/openldap/* - + + Config Files -Configuration Information -Configuring the slapd and slurpd -servers can be complex. Securing the LDAP directory, -especially if you are storing non-public data such as password databases, -can also be a challenging task. You'll need to modify the -/etc/openldap/slapd.conf and -/etc/openldap/ldap.conf files to set up -OpenLDAP for your particular -needs. - -/etc/openldap/slapd.conf - - -/etc/openldap/ldap.conf - + /etc/openldap/* -Resources to assist you with topics such as choosing a directory -configuration, backend and database definitions, access control settings, -running as a user other than root and setting a chroot -environment include: - + + /etc/openldap/* + - -The slapd man page -The slapd.conf man page -The OpenLDAP 2.2 Administrator's -Guide -Documents located at - - + -Utilizing <application>GDBM</application> -To utilize GDBM as the database -backend, the database entry in -/etc/openldap/slapd.conf must be changed from -bdb to ldbm. You can use both by creating an -additional database section in /etc/openldap/slapd.conf. - + + Configuration Information -<application>Mozilla</application> Address Directory -By default, LDAPv2 support is disabled in the -slapd.conf file. Once the database is properly -set up and Mozilla is configured to use the -directory, you must add to the -slapd.conf file. + Configuring the slapd and + slurpd servers can be complex. Securing the LDAP + directory, especially if you are storing non-public data such as + password databases, can also be a challenging task. You'll need to + modify the /etc/openldap/slapd.conf and + /etc/openldap/ldap.conf files to set up + OpenLDAP for your particular needs. -Init Script -To automate the startup of the LDAP server at system -bootup, install the /etc/rc.d/init.d/openldap init script -included in the package using the -following command: - -openldap + + /etc/openldap/slapd.conf + -make install-openldap1 + + /etc/openldap/ldap.conf + -Note: The init script you just installed only starts -the slapd daemon. If you wish to also start the -slurpd daemon at system startup, install a modified version -of the script using this command: + Resources to assist you with topics such as choosing a directory + configuration, backend and database definitions, access control settings, + running as a user other than root + and setting a chroot environment include: -make install-openldap2 + + + The slapd man page + + + The slapd.conf man page + + + The OpenLDAP 2.2 Administrator's + Guide + + + Documents located at + + + -The init script starts the daemons without any parameters. You'll -need to modify the script to include the parameters needed for your specific -configuration. See the slapd and slurpd -man pages for parameter information. - + -Testing the Configuration -Start the LDAP server using the init script: + + Utilizing GDBM -/etc/rc.d/init.d/openldap start + To utilize GDBM as the database + backend, the database entry in + /etc/openldap/slapd.conf must be changed from + bdb to ldbm. You can use both by + creating an additional database section in + /etc/openldap/slapd.conf. -Verify access to the LDAP server with the following -command: + -ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts + + Mozilla Address Directory + + By default, LDAPv2 support is disabled in the + slapd.conf file. Once the database is properly + set up and Mozilla is configured to use the + directory, you must add to the + slapd.conf file. + + + + + Boot Script + + To automate the startup of the LDAP server at system bootup, + install the /etc/rc.d/init.d/openldap init script + included in the package + using the following command: + + + openldap + + +make install-openldap1 + + Note: The init script you just installed only + starts the slapd daemon. If you wish to also start the + slurpd daemon at system startup, install a modified + version of the script using this command: + +make install-openldap2 + + + The init script starts the daemons without any parameters. + You'll need to modify the script to include the parameters needed for + your specific configuration. See the slapd and + slurpd man pages for parameter information. + + + + + + Testing the Configuration + + Start the LDAP server using the init script: + +/etc/rc.d/init.d/openldap start + + Verify access to the LDAP server with the following + command: + +ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts + + The expected result is: -The expected result is: # extended LDIF # # LDAPv3 # base <> with scope base # filter: (objectclass=*) -# requesting: namingContexts +# requesting: namingContexts # # @@ -235,208 +274,244 @@ result: 0 Success # numResponses: 2 # numEntries: 1 - - + - -Contents + - -Installed Programs -Installed Libraries -Installed Directories + + Contents - -ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn, ldappasswd, -ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn, slapindex, -slappasswd, slaptest and slurpd -liblber.[so,a], libldap.[so,a] and libldap_r.[so,a] -/etc/openldap, /srv/ldap and /usr/share/openldap - - + + Installed Programs + Installed Libraries + Installed Directories - -Short Descriptions - + + ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn, + ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapdn, + slapindex, slappasswd, slaptest, and slurpd + liblber.[so,a], libldap.[so,a], and libldap_r.[so,a] + /etc/openldap, /srv/ldap, and /usr/share/openldap + + - -ldapadd -opens a connection to an LDAP server, -binds and adds entries. - -ldapadd - - + + Short Descriptions + + - -ldapcompare -opens a connection to an LDAP server, -binds and performs a compare using specified parameters. - -ldapcompare - - + + ldapadd + + opens a connection to an LDAP server, binds and adds + entries. + + ldapadd + + + - -ldapdelete - opens a connection to an LDAP server, -binds and deletes one or more entries. - -ldapdelete - - + + ldapcompare + + opens a connection to an LDAP server, binds and performs + a compare using specified parameters. + + ldapcompare + + + - -ldapmodify -opens a connection to an LDAP server, -binds and modifies entries. - -ldapmodify - - + + ldapdelete + + opens a connection to an LDAP server, binds and deletes + one or more entries. + + ldapdelete + + + - -ldapmodrdn -opens a connection to an LDAP server, -binds and modifies the RDN of entries. - -ldapmodrdn - - + + ldapmodify + + opens a connection to an LDAP server, binds and modifies + entries. + + ldapmodify + + + - -ldappasswd -is a tool to set the password of an LDAP -user. - -ldappasswd - - + + ldapmodrdn + + opens a connection to an LDAP server, binds and modifies + the RDN of entries. + + ldapmodrdn + + + - -ldapsearch -opens a connection to an LDAP server, -binds and performs a search using specified parameters. - -ldapsearch - - + + ldappasswd + + is a tool to set the password of an LDAP user. + + ldappasswd + + + - -ldapwhoami -opens a connection to an LDAP server, -binds and displays whoami information. - -ldapwhoami - - + + ldapsearch + + opens a connection to an LDAP server, binds and performs + a search using specified parameters. + + ldapsearch + + + - -slapadd -is used to add entries specified in LDAP -Directory Interchange Format (LDIF) to an -LDAP database. - -slapadd - - + + ldapwhoami + + opens a connection to an LDAP server, binds and displays + whoami information. + + ldapwhoami + + + - -slapcat -is used to generate an LDAP -LDIF output based upon the contents of a slapd -database. - -slapcat - - + + slapadd + + is used to add entries specified in LDAP Directory Interchange + Format (LDIF) to an LDAP database. + + slapadd + + + - -slapd -is the stand-alone LDAP server. - -slapd - - + + slapcat + + is used to generate an LDAP LDIF output based upon the + contents of a slapd database. + + slapcat + + + - -slapdn -checks a list of string-represented DNs -based on schema syntax. - -slapdn - - + + slapd + + is the stand-alone LDAP server. + + slapd + + + - -slapindex -is used to regenerate slapd indices based upon the current -contents of a database. - -slapindex - - + + slapdn + + checks a list of string-represented DNs based on schema + syntax. + + slapdn + + + - -slappasswd -is an OpenLDAP -password utility. - -slappasswd - - + + slapindex + + is used to regenerate slapd indices based upon the current + contents of a database. + + slapindex + + + - -slaptest -checks the sanity of the slapd.conf -file. - -slaptest - - + + slappasswd + + is an OpenLDAP password + utility. + + slappasswd + + + - -slurpd -is the stand-alone LDAP replication -server. - -slurpd - - + + slaptest + + checks the sanity of the slapd.conf + file. + + slaptest + + + - -liblber.[so,a] -is a set of lightweight Basic Encoding Rules routines. These -routines are used by the LDAP library routines to encode -and decode LDAP protocol elements using the (slightly -simplified) Basic Encoding Rules defined by LDAP. They are -not normally used directly by an LDAP application program -except in the handling of controls and extended operations. - -liblber.[so,a] - - + + slurpd + + is the stand-alone LDAP replication server. + + slurpd + + + - -libldap.[so,a] -supports the LDAP programs and provide -functionality for other programs interacting with -LDAP. - -libldap.[so,a] - - + + liblber.[so,a] + + is a set of lightweight Basic Encoding Rules routines. These + routines are used by the LDAP library routines to encode and decode + LDAP protocol elements using the (slightly simplified) Basic + Encoding Rules defined by LDAP. They are not normally used directly + by an LDAP application program except in the handling of controls + and extended operations. + + liblber.[so,a] + + + - -libldap_r.[so,a] -contains the functions required by the LDAP -programs to produce the results from LDAP requests. - -libldap_r.[so,a] - - - + + libldap.[so,a] + + supports the LDAP programs and provide functionality for + other programs interacting with LDAP. + + libldap.[so,a] + + + - + + libldap_r.[so,a] + + contains the functions required by the LDAP programs to + produce the results from LDAP requests. + + libldap_r.[so,a] + + + + + + +