[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Installing openldap 2.2.19 on RHEL 3

To: Tony Earnshaw <tonye@billy.demon.nl>
Subject: Re: Installing openldap 2.2.19 on RHEL 3
From: Craig White <craigwhite@azapple.com>
Date: Sat, 01 Jan 2005 11:06:24 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <40199.192.168.1.10.1104590772.squirrel@sqm.intern>
References: <1104527321.15653.41.camel@lin-workstation.azapple.com> <40199.192.168.1.10.1104590772.squirrel@sqm.intern>

On Sat, 2005-01-01 at 15:46 +0100, Tony Earnshaw wrote:
> Craig White:
> > These are the steps that I used for installing openldap 2.2.19 on RHEL
> > ES-3 system. It was easy enough for unlearned and unwashed such as me
> > though it would have been nice to have these steps written down for me ;-)
> >
> > objectives were to leave openldap/db4/sasl stuff alone from RHEL install
> > and completely build in /usr/local
> 
> [...]
> 
> This is good doco and should help many. Good, too, if it could be posted
> on a web site somewhere that's permanent and easily accessible to all (the
> OL FAQ?).
----
I'm still cleaning it up - another installation on my whitebox server at
home allowed me to trace steps again
----
> [...]
> 
> > I added
> > allow   bind_v2        #postfix needed this I think
> 
> Unless you have a really ancient Postfix version (Postfix is up to 2.1.5
> stable) LDAP v3 is standard, but v2 can be specified as an exception.
----
# rpm -q postfix
postfix-2.0.16-14.RHEL3

without the allow bind_v2
#tail /var/log/maillog
Dec 31 13:22:12 srv1 postfix/cleanup[7446]: warning: dict_ldap_connect:
Unable to bind to server srv1.tobyhouse.com as : 2 (Protocol error)
Dec 31 13:22:12 srv1 postfix/cleanup[7446]: fatal: opening
ldap:virtualAliases Success
Dec 31 13:22:13 srv1 postfix/master[7476]: warning:
process /usr/libexec/postfix/cleanup pid 7446 exit status 1
Dec 31 13:22:13 srv1 postfix/master[7476]:
warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling

hence, I added it - problem went away
----
> 
> Only a couple of things - I'm running RHAS3 with what you have - OL
> 2.2.17, but the procedure is the same:
> 
> - RHEL/RHAS3 already comes with Cyrus SASL2 2.1.15. The old /usr/lib/sasl2
> should be moved to something else and a symlink created from
> /usr/local/sasl2 to /usr/lib/sasl2;
> 
> - Red Hat's client libraries are needed for dependencies, but the server
> rpms can safely be 'rpm -e'd - in which case the startup script will also
> be rmpsaved;
> 
> - Old clients (ldapsearch and siblings) should be renamed, since they'll
> often barf and anyway mostly have less functionality than the new versions
> - and will always be called first, if the PATH variable chooses /usr
> before /usr/local. Similarly, the man pages are "Old Hat" and should be
> renamed or deleted;
----
I seem to be ok here...
[root@srv1 openldap]# which ldapsearch
/usr/local/bin/ldapsearch
----
> 
> - I don't see any mention of editing ld.so.conf or running ldconfig -
> they're really necessary for the environment to find the new libraries;
> 
> - BDB 4.1 utilities (db_recover etc) should be renamed, or they'll barf
> unless a full path name is given to the new utilities (a PITA). Moreover,
> the new BDB utilities are now in a directory outside the PATH env
> variable, so a symlink should be given to /usr/local/bin or sbin;
----
# which db_recover
/usr/local/bin/db_recover

This one worries me though...I will be using netatalk for the Mac
clients which uses bdb for storing Macintosh metafile/resource fork
data. It is a subject of future testing.
----
> - Necessary exclusions should be made to /etc/sysconfig/rhn/up2date (use
> the GUI, or all hell will break loose), including Openldap servers, devel,
> BDB 4.1 and Cyrus SASL2, otherwise up2date will simply overwrite
> everything - and it's *extremely important to use up2date to patch
> production servers.
----
I understand what you are cautioning me about and I guess I am trying to
make this as painless as possible.

It appears that on RHEL 3 - bash shell searches /usr/local/bin
before /usr/bin etc. but man pages search /usr/share/man
before /usr/local/share/man etc. A simple adjustment of /etc/man.config
seems to handle the search order.

I haven't removed or relinked anything and I'm not convinced that I need
to. At present, I am going to try it this way until I see a problem just
to minimize interference. I do know that by leaving openldap-server.rpm
in place, I was able to switch back and forth between 2.0.27 and 2.2.19
simply by commands...
service ldap-new stop
service ldap start
and vice versa

And I am fearful of doing anything with /etc/ld.so.conf or ldconfig
since I clearly don't know what I am doing there.

I am also not knowledgable about sasl/kerberos which will the next major
efforts and so I am not certain whether they are going to work with the
secondary tree in /usr/local but all indications are that they will.

Craig

References:
- Re: Installing openldap 2.2.19 on RHEL 3
  - From: "Tony Earnshaw" <tonye@billy.demon.nl>

Prev by Date: Re: Installing openldap 2.2.19 on RHEL 3
Next by Date: Re: err=32 No Such Object
Index(es):
- Chronological
- Thread