OpenLDAP is maintained by the OpenLDAP Foundation. The foundation maintains a suite of tools that we will call as OpenLDAP suite. As we saw in Chapter 1, the OpenLDAP suite includes the following classes of tools:
Client applications (
ldapmodify, and others)
Supporting utilities (
slapauth, and others)
The official OpenLDAP source distribution includes all of these in one download. Various binary versions however, may break these out into sub-packages. Commonly the suite is split into three packages: libraries, clients, and servers.
OpenLDAP compiles and runs on a wide variety of operating systems. However, the OpenLDAP project itself does not provide binary versions of their software. As a result, different vendors and operating system maintainers compile and provide their own binary versions. There are versions of OpenLDAP compiled for most UNIX variants (including Mac OS X), as well as versions for the Windows operating system. Some binary distributions even come with commercial support.
OpenLDAP Binaries for Operating Systems
In this tutorial, we will be using Ubuntu Linux as the operating system of choice. Ubuntu is a GNU/Linux distribution based on the venerable Debian Project. Like Debian (and the multitude of other Debian-based distributions) Ubuntu uses the Debian package format. Thus, if you are using another Debian-based distribution, the installation process should be largely familiar.
Almost every major Linux and BSD distribution includes official support for OpenLDAP. You may want to consult the documentation for your chosen distribution to find out more information on getting and installing OpenLDAP. In some cases, OpenLDAP is installed with the base operating system.
For Windows, Mac, and other variants of UNIX, the best way to find a list of available binary packages is by perusing the list of distributions maintained in the OpenLDAP Faq-O-Matic (http://www.openldap.org/faq/data/cache/108.html).
Commercial OpenLDAP Distribution
If you need a commercially supported OpenLDAP distribution, you may want to consider the offerings from Symas. Symas (http://www.symas.com/) is owned and operated by many of the same folks who contribute to the OpenLDAP suite. They provide a commercial binary version of the OpenLDAP suite, distributed as Connexitor Directory Services (CDS).
Several different CDS editions are available, with each edition tuned and optimized for specific organizational needs. Their Platinum Edition, for instance, is optimized for directories with more than 150 million records! Symas also provides LDAP training, maintenance and support services, and consulting.
Source Code Compilation
Instead of installing a binary file, you may wish to simply compile the OpenLDAP source code yourself.
The primary advantage of building from source code is that you will benefit from many improvements long before these revisions are made available in mainstream packages. The focus of development on the stable branch of OpenLDAP is bug fixes. Thus, building from source generally improves OpenLDAP stability.
In this article, we will walk through the process of installing on a system running Ubuntu Linux 7.04. Later, Ubuntu distributions will likely follow the same installation pattern.
The basic OpenLDAP configuration in Ubuntu requires a few extra libraries and packages. These are as follows:
The Berkeley Database (
bdb4) version 4.2 (but not 4.3, which has stability issues): In the Ubuntu default configuration, OpenLDAP stores the directory inside a BDB database. The Berkeley Database is often simply called BDB.
The OpenSSL libraries: These provide SSL and TLS security. SSL and TLS provide encryption for network connections to the directory.
The Cyrus SASL library: This provides support for secure SASL authentication.
The Perl programming language: This can provide custom back-end scripting.
The iODBC database connectivity layer: OpenLDAP can store the directory in a relational database (RDBMS). The iODBC library is used to connect to the RDBMS.
OpenLDAP also relies on some standard system library packages (such as
libc6) that are installed on all UNIX/Linux distributions. In its default installation, Ubuntu includes BDB, OpenSSL, and Perl. Installation of other dependencies is handled automatically by the package manager, so don’t worry about manually installing any of these.
Like many other distributions, Ubuntu breaks OpenLDAP up into small packages. The daemons (
slurpd) are packaged in the
slapd package. The clients are packaged in
ldap-utils, and the libraries are packaged in
libldap-2.3-0. When Ubuntu 7.04 was released, OpenLDAP version 2.3.30 was provided. As security fixes are made, Ubuntu may release newer versions via online updates. While legacy 2.2.26 packages are still available, they should be avoided.
To install Ubuntu we can use the Synaptic graphical installer or any of the command-line package management utilities. For the sake of simplicity, we will use apt-get. This will download all of the necessary packages (including dependencies) from the official Ubuntu repository and install them for us. Note that installing this way will require access to the Internet (or, alternatively, to some other form of Ubuntu distribution media, such as a CD-ROM). We need to run the following command.
$ sudo apt-get install libldap-2.3-0 slapd ldap-utils
It may take a little while for the packages to download and install.
apt-get is done, the LDAP server and all of its clients should be installed. Next, we will begin the process of configuring the SLAPD server.