OpenLDAP-2.1.30

Introduction to OpenLDAP

The OpenLDAP package provides an open source implementation of the Lightweight Directory Access Protocol.

Package information

Installation of OpenLDAP

Install OpenLDAP by running the following commands:

./configure --prefix=/usr --libexecdir=/usr/sbin \
    --sysconfdir=/etc --localstatedir=/var/lib \
    --disable-debug --enable-ldbm &&
make depend &&
make &&
make test &&
make install

Command explanations

--sysconfdir=/etc: Sets the configuration file directory to avoid the default of /usr/etc.

--libexecdir=/usr/sbin: Puts the server executables in /usr/sbin instead of /usr/libexec.

--enable-ldbm: Build slapd with primary database back end using either Berkeley DB or GNU Database Manager.

--disable-debug: Disable debugging code.

make test: Validate correct build of the package.

Configuring OpenLDAP

Config files

/etc/openldap/*

Configuration Information

The only configuration needed for OpenLDAP is to run ldconfig. The LDAP server can be started by /usr/sbin/slapd as described in the man page slapd(8). You can verify that LDAP is running with ps aux and you can verify access to the LDAP server with the following command:

ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

The correct result is:

# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: namingContexts 
#

#
dn:
namingContexts: dc=my-domain,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Kill the server with this command:

kill -INT `cat /var/lib/slapd.pid`

You are now ready to modify the /etc/openldap/slapd.conf to be specific to your installation.

Utilizing GDBM

To utilize GDBM as the database backend, the "database" entry in /etc/openldap/slapd.conf must be changed from "bdb" to "ldbm". You can use both by creating an additional database section in /etc/openldap/slapd.conf.

Securing your LDAP server

Significant configuration is needed for OpenLDAP to utilize security features. The OpenLDAP 2.1 Administrator's Guide is a good place to start for access control settings, running as a user other than root and setting a chroot environment.

User Tools

Data can be added to the LDAP database via ldapadd. There are other programs that can use the database. For more information see the appropriate man page.

Mozilla Address Directory

By default, LDAPv2 support is disabled in the slapd.conf file. Once the database is properly setup and Mozilla is configured to use the directory, you must add allow bind_v2 to the slapd.conf file.

Contents

The OpenLDAP package contains ldapadd, ldapcompare, ldapdelete, ldapmodify, ldapmodrdn, ldappasswd, ldapsearch, ldapwhoami, slapadd, slapcat, slapd, slapindex, slappasswd, slurpd, liblber and libldap.

Description

ldapadd

ldapadd opens a connection to an LDAP server, binds and adds entries.

ldapcompare

ldapcompare opens a connection to an LDAP server, binds and performs a compare using specified parameters.

ldapdelete

ldapdelete opens a connection to an LDAP server, binds and deletes one or more entries.

ldapmodify

ldapmodify opens a connection to an LDAP server, binds and modifies entries.

ldapmodrdn

ldapmodrdn opens a connection to an LDAP server, binds and modifies the RDN of entries.

ldappasswd

ldappasswd is a tool to set the password of an LDAP user.

ldapsearch

ldapsearch opens a connection to an LDAP server, binds and performs a search using specified parameters.

ldapwhoami

ldapwhoami open a connection to an LDAP server, binds and performs a whoami operation.

slapadd

slapadd is used to add entries specified in LDAP Directory Interchange Format (LDIF) to a slapd database.

slapcat

slapcat is used to generate an LDAP LDIF output based upon the contents of a slapd database.

slapd

slapd is the stand-alone LDAP server.

slapindex

slapindex is used to regenerate slapd indices based upon the current contents of a database.

slappasswd

slappasswd is an OpenLDAP password utility.

slurpd

slurpd is the stand-alone LDAP replication server.

liblber and libldap

These libraries support the LDAP programs and provide functionality for other programs interacting with LDAP.