LDAP

We will be using the OpenLDAP version of ldap. OpenLDAP lives at http://www.openldap.org/.

• Download the latest version.
• Unpack the directory
• Change into the directory, and run configure. Our OS is:

  erwin.deaddrop.org{root}143% uname -a
  Linux erwin.deaddrop.org 2.2.16woof #11 Fri Oct 13 11:35:27 PDT 2000 i586 unknown
  	

• You are not ready yet to run a make, so no need to do a make depend here. We now need to verify that certain things exist.
• OpenLDAP runs best with OpenSSL. Our environment has had openssl built, and we verify by checking /usr/local.

  erwin.deaddrop.org{root}146% ls /usr/local/ssl/
  bin/  certs/  include/  lib/  misc/  openssl.cnf  private/
  	

• You need to verify next whether you have Cyrus. LDAP and the Berkeley DB both work without it, but the implementation will not be ldap 3.0 compliant unless you use it. It is also necessary if you are going to use this with kerberos (which we did not).

  OpenLDAP clients and servers require installation of Cyrus's SASL libraries to provide Simple Authentication and Security Layer services. Though some operating systems may provide this library as part of the base system or as an optional software component, Cyrus SASL often requires separate installation.

• Our environment requires separate installation.

  WARNING: Plugins are being installed into /usr/local/lib/sasl, but the library will look for them in /usr/lib/sasl. You need to make sure that the plugins will eventually be in /usr/lib/sasl -- the easiest way is to make a symbolic link from /usr/lib/sasl to /usr/local/lib/sasl, but this may not be appropriate for your site, so this installation procedure won't do it for you.

  So we do.

  erwin.deaddrop.org{root}164% ln -s /usr/local/lib/sasl
  	

• Now we should verify that we have the Berkeley DB. I recommend getting a new version, unless you are QUITE sure that yours is recent. OpenLDAP works best if you are using version 3.1, and yours may be much older.
• This is where you need to be careful. The documentation may tell you to configure in a certain way (for db), but I suggest just using the configure that is in the dist directory. If you are building on other than Unix, then you should follow the directions for that environment that are in the distribution for it.
• You've built (or verified the existence of) OpenSSL, Berkeley DB, and Cyrus SASL. You are now ready to build OpenLDAP. Clean out the configure file logs, and status, and run configure again.
• After running configure, when it asks about make depend, please cooperate, and run 'make depend'. It will make your life much easier.
• Next, do make, then make install. These should be successful, which leads us to Part II.
• If you are concerned about your system, or prefer a greater comfort level, you can use the tests directory to make sure that your installation works. There is a tests directory where you installed the softare. Go into that directory and type make. All the tests are activated by make, and you should seem them run one at a time. We didn't build slurpd, so it will fail when it gets to there.

Since it appears that someone has made a link to this page (unfortunately), I am removing the local link to the LDAP guide from IBM. You can still get it directly from the IBM site.. There is an excellent guide for most of your in depth questions on ldap and its component pieces, although it is just slightly out of date (it was written in 1998). You can also get that file directly from the IBM site.

You might also consider just browsing the booklist of redbooks provided by the IBM team ... or writing one of your own

Philip Brown has some helpful suggestions, especially if you are trying to build this on a cranky solaris machine.

For those of you who were at the meeting about LDAP, where I couldn't answer the question about what the file "struct" was for... If your window is wide enough, it looks just like this.