4. Building and Installing OpenLDAP Software
This chapter details how to build and install the OpenLDAP Software package including slapd(8), the Standalone
The project makes available two series of packages for general use. The project makes releases as new features and bug fixes come available. Though the project takes steps to improve stability of these releases, it is common for problems to arise only after release. The stable release is the latest release which has demonstrated stability through general use.
Users of OpenLDAP Software can choose, depending on their desire for the latest features versus demonstrated stability, the most appropriate series to install.
After downloading OpenLDAP Software, you need to extract the distribution from the compressed archive file and change your working directory to the top directory of the distribution:
gunzip -c openldap-VERSION.tgz | tar xf -
You'll have to replace VERSION with the version name of the release.
You should now review the COPYRIGHT, LICENSE, README and INSTALL documents provided with the distribution. The COPYRIGHT and LICENSE provide information on acceptable use, copying, and limitation of warranty of OpenLDAP Software. The README and INSTALL documents provide detailed information on prerequisite software and installation procedures.
OpenLDAP Software relies upon a number of software packages distributed by third parties. Depending on the features you intend to use, you may have to download and install a number of additional software packages. This section details commonly needed third party software packages you might have to install. However, for an up-to-date prerequisite information, the README document should be consulted. Note that some of these third party packages may depend on additional software packages. Install each package per the installation instructions provided with it.
OpenLDAP clients and servers require installation of OpenSSL, GnuTLS, or MozNSS
OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's configure detects a usable TLS library.
OpenLDAP clients and servers require installation of Cyrus SASL libraries to provide
Cyrus SASL is available from http://asg.web.cmu.edu/sasl/sasl-library.html. Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries if preinstalled.
OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's configure detects a usable Cyrus SASL installation.
OpenLDAP clients and servers support
Use of strong authentication services, such as those provided by Kerberos, is highly recommended.
Your operating system may provide a supported version of Berkeley DB in the base system or as an optional software component. If not, you'll have to obtain and install it yourself.
Berkeley DB is available from Oracle Corporation's Berkeley DB download page http://www.oracle.com/technology/software/products/berkeley-db/index.html.
There are several versions available. Generally, the most recent release (with published patches) is recommended. This package is required if you wish to use the deprecated
Note: Berkeley DB version 6.0.20 and later uses a software license that is incompatible with LDAP technology and should not be used with OpenLDAP.
Note: Please see Recommended OpenLDAP Software Dependency Versions for more information.
OpenLDAP is designed to take advantage of threads. OpenLDAP supports POSIX pthreads, Mach CThreads, and a number of other varieties. configure will complain if it cannot find a suitable thread subsystem. If this occurs, please consult the Software|Installation|Platform Hints section of the OpenLDAP FAQ http://www.openldap.org/faq/.
slapd(8) supports TCP Wrappers (IP level access control filters) if preinstalled. Use of TCP Wrappers or other IP-level access filters (such as those provided by an IP-level firewall) is recommended for servers containing non-public information.
Now you should probably run the configure script with the --help option. This will give you a list of options that you can change when building OpenLDAP. Many of the features of OpenLDAP can be enabled or disabled using this method.
The configure script also looks for certain variables on the command line and in the environment. These include:
|CC||Specify alternative C Compiler|
|CFLAGS||Specify additional compiler flags|
|CPPFLAGS||Specify C Preprocessor flags|
|LDFLAGS||Specify linker flags|
|LIBS||Specify additional libraries|
Now run the configure script with any desired configuration options or variables.
./configure [options] [variable=value ...]
As an example, let's assume that we want to install OpenLDAP with BDB backend and TCP Wrappers support. By default, BDB is enabled and TCP Wrappers is not. So, we just need to specify --enable-wrappers to include TCP Wrappers support:
However, this will fail to locate dependent software not installed in system directories. For example, if TCP Wrappers headers and libraries are installed in /usr/local/include and /usr/local/lib respectively, the configure script should typically be called as follows:
./configure --enable-wrappers \ CPPFLAGS="-I/usr/local/include" \ LDFLAGS="-L/usr/local/lib -Wl,-rpath,/usr/local/lib"
The configure script will normally auto-detect appropriate settings. If you have problems at this stage, consult any platform specific hints and check your configure options, if any.
Once you have run the configure script the last line of output should be:
Please "make depend" to build dependencies
If the last line of output does not match, configure has failed, and you will need to review its output to determine what went wrong. You should not proceed until configure completes successfully.
To build dependencies, run:
Now build the software, this step will actually compile OpenLDAP.
You should examine the output of this command carefully to make sure everything is built correctly. Note that this command builds the LDAP libraries and associated clients as well as slapd(8).
Once the software has been properly configured and successfully made, you should run the test suite to verify the build.
Tests which apply to your configuration will run and they should pass. Some tests, such as the replication test, may be skipped if not supported by your configuration.
Once you have successfully tested the software, you are ready to install it. You will need to have write permission to the installation directories you specified when you ran configure. By default OpenLDAP Software is installed in /usr/local. If you changed this setting with the --prefix configure option, it will be installed in the location you provided.
Typically, the installation requires super-user privileges. From the top level OpenLDAP source directory, type:
su root -c 'make install'
and enter the appropriate password when requested.
You should examine the output of this command carefully to make sure everything is installed correctly. You will find the configuration files for slapd(8) in /usr/local/etc/openldap by default. See the chapter Configuring slapd for additional information.