In this guide, we will attempt to show you how to install and configure OpenLDAP ready for use as an authentication method for both Apache and PAM.
There are some pre-requisites that should be also considered and these are listed in the table below (Items 1 -3).
You should really read through this guide in it's entirety before proceeding to complete any of these steps below.
Install Order |
Product |
|
Version Used |
|
Download URL |
|
Description |
1. |
Libtool |
|
1.5.22 |
|
http://www.gnu.org/software/libtool/libtool.html |
|
Library tool extensions |
2. |
Berkeley DB |
|
4.4.20 |
|
http://www.sleepycat.com/ |
|
Berkeley Database v4 |
3. |
OpenSSL |
|
0.9.8b |
|
http://www.openssl.org |
|
SSL Extensions |
4. |
OpenLDAP |
|
2.3.24 |
|
http://www.openldap.org/software/download/ |
|
LDAP Server |
N.B. First download and extract these packages. In this document we will use /home/downloads/ as our central location (you can use whatever you like)
Each package needs a little configuration before building. We will guide you through each of these as we go on. Remember, when running 'make install', you must be root to run that command.
LibTool :
cd libtool-version (Where version is the version that you downloaded) ./configure (There is no need to specify anything here, unless you want to deviate from the defaults) make make install ('make install' will install all the files in '/usr/local/bin', '/usr/local/lib') |
Berkeley DB :
cd db-version/build_unix (Where db-version is the version that you downloaded) ../dist/configure (We run the build script from this location so that the script knows what platform we are on) make (This can take 5 - 10 mins) make install (This will install the files in the local default directory of /usr/local/BerkeleyDB.4.4) |
OpenSSL :
cd openssl-version (Where OpenSSL-version is the version you downloaded) ./config --prefix=/usr/local/openssl/ (This tells the config script to install in the specified directory) make make test make install (This will install the files in the directory specified in the ./config script) |
OpenLDAP :
cd openldap-version (Where openldap-version is the version you downloaded) ./configure --enable-syslog --enable-slapd --enable-cleartext --enable-crypt --disable-sql --enable-ldap --with-tls make depend make make test (This step can take as long as 1hr, depending on system performance.) make install |
Now you need to edit the slapd.conf file in /usr/local/etc/openldap/ making sure that the following entries are present.
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/inetorgperson.schema schemacheck on pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd.args loglevel 0 modulepath /usr/local/lib moduleload back_bdb backend bdb checkpoint 512 30 database bdb suffix "dc=mydomain,dc=com" directory "/var/lib/ldap" index objectClass eq lastmod on access to attrs=userPassword by dn="cn=admin,dc=mydomain,dc=com" write by anonymous auth by self write by * none access to dn.base="" by * read by dn="cn=admin,dc=mydomain,dc=com" write by * read |
You now have a very basic configuration for LDAP to work from. You obviously should set the paths to whatever you need, remembering to substitute the ones in this guide accordingly.