|OpenLDAP Faq-O-Matic : OpenLDAP Software FAQ : Installation : How do I build and configure dynamic backend modules?|
|As of OpenLDAP 2.0, slapd supports dynamically loadable modules. These are shared objects or DLLs that can be loaded by slapd at runtime to extend its functionality. Currently only backends can be compiled as modules.|
Dynamic module support is not included by default, you have to turn it on by adding '--enable-modules' to the configure parameters. Also backends are compiled statically by default. In order to build a backend as a module you have to add '--with-<backendName>-module=dynamic'. For example: ./configure --enable-modules --enable-passwd --with-passwd-module=dynamic.
The modules will be installed under <prefix>/libexec/openldap.
Dynamic backend modules can be configured and used exactly the same way staticly compiled backends can. However, first the have to be explicitly loaded by slapd. Slapd has two configuration keywords for module loading:
modulepath /path1/to/modules:/path2/to/modules specifies a colon separted list of directories to look for modules specified with a relative path.
moduleload [/path/to/modules/]<moduleName>.la <arg1> <arg2> <arg3> ... loads the module and passes the supplied arguments to the initialization routine of the module. The specified filename is the libtool library archive file for the module, not the actual shared object file itself! If you do specify the shared object file (moduleName.so) itself, slapd will still load the module, but fail to properly initialize the module. This is a consequence of the dynamic module mechanism of libtool (which slapd uses).
modulepath /opt/openldap/libexec/openldap moduleload back_passwd.la
database passwd suffix "o=passwd"
When building backends as modules, one should make sure that the resulting slapd statically links all symbols that the modules will need. For example, when all backends are built as modules, the symbol ldap_pvt_thread_rdwr_init() is not linked in by slapd when the libldap_r library is statically linked. A workaround is suggested here (thanks to Howard Chu): remove |
|[Append to This Answer]|
|Previous:||How to build only a LDAP client installation?|
|Next:||How do I NOT use crypt(3) from OpenSSL?|