openldap/doc/guide/admin/install.sdf

260 lines
9.7 KiB
Plaintext
Raw Normal View History

1999-10-01 00:57:45 +08:00
# $OpenLDAP$
2000-07-23 02:59:40 +08:00
# Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
1999-04-24 07:41:45 +08:00
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
2000-08-30 14:49:08 +08:00
2000-08-09 13:20:00 +08:00
H1: Building and Installing OpenLDAP Software
1999-04-24 07:00:44 +08:00
This chapter details how to build and install the {{ORG:OpenLDAP}}
Software package including {{slapd}}(8), the stand-alone LDAP
daemon and {{slurpd}}(8), the stand-alone update replication daemon.
2000-08-09 12:28:44 +08:00
Building and installing OpenLDAP requires several steps: installing
prerequisite software, configuring OpenLDAP itself, making, and finally
installing. The following sections describe this process in detail.
1999-04-24 07:00:44 +08:00
2000-08-30 14:49:08 +08:00
H2: Obtaining and Extracting the Software
You can obtain OpenLDAP Software from the project's download
page at {{URL: http://www.openldap.org/software/download/}} or
directly from the project's {{TERM:FTP}} service at
{{URL: ftp://ftp.openldap.org/pub/OpenLDAP/}}.
The project makes available two series of packages for {{general
use}}. The project makes {{releases}} as new features and bug
fixes come available. Though the project takes steps to improve
stablity of these releases, it is common for problems to arise
2002-06-15 09:00:50 +08:00
only after {{release}}. The {{Stable}} release is the latest
{{release}} which has demonstrated stability through general use.
2000-08-30 14:49:08 +08:00
Users of OpenLDAP Software can choose, depending on their desire
for the {{latest features}} versus {{demonstrated stability}},
the most appropriate series to install.
After downloading OpenLDAP Software, you need to extract the
distribution from the compressed archive file and change your
working directory to the top directory of the distribution:
.{{EX:gunzip -c openldap-VERSION.tgz | tar xf -}}
.{{EX:cd openldap-VERSION}}
You'll have to replace {{EX:VERSION}} with the version name of
the release.
You should now review the {{F:COPYRIGHT}}, {{F:LICENSE}},
{{F:README}} and {{F:INSTALL}} documents provided with the
distribution. The {{F:COPYRIGHT}} and {{F:LICENSE}} provide
information on acceptable use, copying, and limitation of warranty
of OpenLDAP software. The {{F:README}} and {{F:INSTALL}} documents
provide detailed information on prerequisite software and
installation procedures.
2000-08-09 12:28:44 +08:00
H2: Prerequisite software
1999-04-24 07:00:44 +08:00
2000-08-24 07:23:16 +08:00
OpenLDAP Software relies upon a number of software packages distributed
by third parties. Depending on the features you intend to use,
you may have to download and install a number of additional
software packages. This section details commonly needed third party
software packages you might have to install. Note that some of
these third party packages may depend on additional software
2002-06-15 09:00:50 +08:00
packages. Install each package per the installation instructions
2000-08-24 07:23:16 +08:00
provided with it.
1999-04-24 07:00:44 +08:00
2000-08-30 14:49:08 +08:00
2000-08-10 06:57:48 +08:00
H3: {{TERM[expand]TLS}}
1999-04-24 07:00:44 +08:00
OpenLDAP clients and servers require installation of {{PRD:OpenSSL}}
{{TERM:TLS}} libraries to provide {{TERM[expand]TLS}} services. Though
2000-08-09 13:20:00 +08:00
some operating systems may provide these libraries as part of the
base system or as an optional software component, OpenSSL often
requires separate installation.
OpenSSL is available from {{URL: http://www.openssl.org/}}.
OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's
2000-08-10 06:57:48 +08:00
{{EX:configure}} detects a usable OpenSSL installation.
2000-08-09 13:20:00 +08:00
2000-08-14 03:48:56 +08:00
2000-08-10 06:57:48 +08:00
H3: Kerberos Authentication Services
1999-04-24 07:00:44 +08:00
2000-08-14 03:48:56 +08:00
OpenLDAP clients and servers support Kerberos-based authentication
2000-08-10 06:57:48 +08:00
services.
2000-08-14 03:48:56 +08:00
In particular, OpenLDAP supports {{TERM:SASL}}/{{TERM:GSSAPI}}
authentication mechanism using either {{PRD:Heimdal}} or
{{PRD:MIT Kerberos}} V packages.
If you desire to use Kerberos-based SASL/GSSAPI authentication,
you should install either Heimdal or MIT Kerberos V.
1999-04-24 07:00:44 +08:00
2000-08-10 06:57:48 +08:00
Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
1999-04-24 07:00:44 +08:00
2000-08-10 06:57:48 +08:00
Use of strong authentication services, such as those provided by
Kerberos, is highly recommended.
2000-08-14 03:48:56 +08:00
2000-08-10 06:57:48 +08:00
H3: {{TERM[expand]SASL}}
1999-04-24 07:00:44 +08:00
2000-08-21 00:19:52 +08:00
OpenLDAP clients and servers require installation of {{PRD:Cyrus}}'s
{{PRD:SASL}} libraries to provide {{TERM[expand]SASL}} services. Though
2000-08-11 01:49:29 +08:00
some operating systems may provide this library as part of the
2000-08-09 13:20:00 +08:00
base system or as an optional software component, Cyrus SASL
often requires separate installation.
1999-04-24 07:00:44 +08:00
2000-08-21 00:19:52 +08:00
Cyrus SASL is available from
{{URL:http://asg.web.cmu.edu/sasl/sasl-library.html}}.
2000-08-10 06:57:48 +08:00
Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries
if preinstalled.
2000-08-09 13:20:00 +08:00
OpenLDAP will not be fully LDAPv3 compliant unless OpenLDAP's
configure detects a usable Cyrus SASL installation.
2000-08-14 03:48:56 +08:00
2000-08-30 14:49:08 +08:00
H3: Database Software
2000-08-09 13:20:00 +08:00
2002-06-15 05:19:42 +08:00
OpenLDAP's {{slapd}}(8) primary database backend, {{TERM:BDB}},
requires {{ORG[expand]Sleepycat}} {{PRD:Berkeley DB}}, version 4.
If not available at configure time, you will not be able build
2002-06-15 09:00:50 +08:00
{{slapd}}(8) with this primary database backend.
2002-06-15 05:19:42 +08:00
Your operating system may provide {{PRD:Berkeley DB}}, version 4,
in the base system or as an optional software component. If not,
you'll have to obtain and install it yourself.
{{PRD:Berkeley DB}} is available from {{ORG[expand]Sleepycat}}'s
download page {{URL: http://www.sleepycat.com/download.html}}.
There are several versions available. At the time of this writing,
2002-06-14 20:38:32 +08:00
the latest release, version 4.0, is recommended. This package
is required if you wish to use the {{TERM:BDB}} database backend.
2000-08-09 13:20:00 +08:00
2002-06-15 05:19:42 +08:00
OpenLDAP's {{slapd}}(8) LDBM backend supports a variety of data
2002-06-15 09:00:50 +08:00
base managers including {{PRD:Berkeley DB}} and {{PRD:GDBM}}. {{PRD:GDBM}}
2002-06-15 05:19:42 +08:00
is available from {{ORG:FSF}}'s download site
{{URL: ftp://ftp.gnu.org/pub/gnu/gdbm/}}.
1999-04-24 07:00:44 +08:00
2000-08-14 03:48:56 +08:00
2000-08-10 06:57:48 +08:00
H3: Threads
OpenLDAP is designed to take advantage of threads. OpenLDAP
supports POSIX {{pthreads}}, Mach {{CThreads}}, and a number of
other varieties. {{EX:configure}} will complain if it cannot
find a suitable thread subsystem. If this occurs, please
consult the {{F:Software|Installation|Platform Hints}} section
of the OpenLDAP FAQ {{URL: http://www.openldap.org/faq/}}.
2000-08-14 03:48:56 +08:00
2000-08-10 06:57:48 +08:00
H3: TCP Wrappers
2002-06-15 09:00:50 +08:00
{{slapd}}(8) supports TCP Wrappers (IP level access control filters)
if preinstalled. Use of TCP Wrappers or other IP-level access
filters (such as those provided by an IP-level firewall) is recommended
2000-08-10 06:57:48 +08:00
for servers containing non-public information.
H2: Running configure
1999-04-24 07:00:44 +08:00
2000-08-09 13:20:00 +08:00
Now you should probably run the {{EX:configure}} script with the
{{EX:--help}} option.
2000-08-09 12:28:44 +08:00
This will give you a list of options that you can change when building
OpenLDAP. Many of the features of OpenLDAP can be enabled or disabled
2000-08-30 14:49:08 +08:00
using this method.
!if 0
Please see the appendix for a more detailed list of configure options,
and their usage.
!endif
> ./configure --help
1999-04-24 07:00:44 +08:00
The {{EX:configure}} script will also look at various environment variables
for certain settings. These environment variables include:
2000-08-10 06:57:48 +08:00
!block table; align=Center; coltags="EX,N"; title="Table 4.1: Environment Variables"
Variable Description
2000-08-10 06:57:48 +08:00
CC Specify alternative C Compiler
CFLAGS Specify additional compiler flags
CPPFLAGS Specify C Preprocessor flags
LDFLAGS Specify linker flags
LIBS Specify additional libraries
2000-08-09 12:28:44 +08:00
!endblock
1999-04-24 07:00:44 +08:00
Now run the configure script with any desired configuration options or
2000-08-09 12:28:44 +08:00
environment variables.
> [[env] settings] ./configure [options]
1999-04-24 07:00:44 +08:00
2002-04-20 14:18:55 +08:00
As an example, let's assume that we want to install OpenLDAP with
2002-06-15 09:00:50 +08:00
BDB backend and TCP Wrappers support. By default, BDB
is enabled and TCP Wrappers is not. So, we just need to specify
{{EX:--with-wrappers}} to include TCP Wrappers support:
1999-04-24 07:00:44 +08:00
2000-08-30 14:49:08 +08:00
> ./configure --with-wrappers
2000-08-30 14:49:08 +08:00
However, this will fail to locate dependent software not
installed in system directories. For example, if TCP Wrappers
headers and libraries are installed in {{F:/usr/local/include}}
and {{F:/usr/local/lib}} respectively, the {{EX:configure}}
script should be called as follows:
1999-04-24 07:00:44 +08:00
2000-08-30 14:49:08 +08:00
> env CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" \
> ./configure --with-wrappers
1999-04-24 07:00:44 +08:00
2000-08-10 06:57:48 +08:00
Note: Some shells, such as those derived from the Bourne {{sh}}(1),
do not require use of the {{env}}(1) command. In some cases, environmental
variables have to be specified using alternative syntaxes.
2000-08-30 14:49:08 +08:00
The {{EX:configure}} script will normally auto-detect appropriate
settings. If you have problems at this stage, consult any platform
specific hints and check your {{EX:configure}} options, if any.
2000-08-14 03:48:56 +08:00
2000-08-09 12:28:44 +08:00
H2: Building the Software
1999-04-24 07:00:44 +08:00
Once you have run the {{EX:configure}} script the last line of output
should be:
> Please "make depend" to build dependencies
If the last line of output does not match, {{EX:configure}} has failed,
and you will need to review its output to determine what went wrong.
2000-08-11 01:49:29 +08:00
You should not proceed until {{EX:configure}} completes successfully.
1999-04-24 07:00:44 +08:00
2000-08-10 06:57:48 +08:00
To build dependencies, run:
> make depend
2000-08-10 06:57:48 +08:00
Now build the software, this step will actually compile OpenLDAP.
> make
1999-04-24 07:00:44 +08:00
You should examine the output of this command carefully to make sure
everything is built correctly. Note that this command builds the LDAP
libraries and associated clients as well as {{slapd}}(8) and {{slurpd}}(8).
1999-04-24 07:00:44 +08:00
2000-08-14 03:48:56 +08:00
H2: Testing the Software
1999-04-24 07:00:44 +08:00
Once the software has been properly configured and successfully
made, you should run the test suite to verify the build.
> make test
2000-08-30 14:49:08 +08:00
Tests which apply to your configuration will run and they should pass.
Some tests, such as the replication test, may be skipped if not supported
by your configuration.
2000-08-14 03:48:56 +08:00
H2: Installing the Software
2002-04-20 14:18:55 +08:00
Once you have successfully tested the software, you are ready to install it.
You will need to have write permission
2000-08-09 12:28:44 +08:00
to the installation directories you specified when you ran configure.
2000-08-09 13:20:00 +08:00
By default OpenLDAP is installed in {{F:/usr/local}}. If you changed this
2000-08-30 14:49:08 +08:00
setting with the {{EX:--prefix}} configure option, it will be installed
2000-08-09 12:28:44 +08:00
in the location you provided.
2002-06-15 09:00:50 +08:00
Typically, the installation requires {{super-user}} privileges.
2000-08-30 14:49:08 +08:00
From the top level OpenLDAP source directory, type:
1999-04-24 07:00:44 +08:00
2000-08-30 14:49:08 +08:00
> su root -c 'make install'
1999-04-24 07:00:44 +08:00
You should examine the output of this command carefully to make sure
2000-08-09 12:28:44 +08:00
everything is installed correctly. You will find the configuration files
2000-08-30 14:49:08 +08:00
for {{slapd}}(8) in {{F:/usr/local/etc/openldap}} by default. See the
2002-06-15 09:00:50 +08:00
chapter {{SECT:The slapd Configuration File}} for additional information.
1999-04-24 07:00:44 +08:00