In this chapter we will walk through the process of installing and configuring the OpenLDAP suite of tools. Here we will only cover basic configuration of the SLAPD server. This will serve as a base for subsequent chapters (particularly Chapters 4 to 7), where we will explore advanced configuration options. The specific topics that we will cover include:
slapd.conf fileslapd.conf configuration with slaptestldap.conf fileldapsearchOpenLDAP is maintained by the OpenLDAP Foundation. The foundation maintains a suite of tools that we will call as OpenLDAP suite. As we saw in Chapter 1, the OpenLDAP suite includes the following classes of tools:
slapd and slurpd)libldap)ldapsearch, ldapadd, ldapmodify, and others)slapcat, slapauth, and others) The official OpenLDAP source distribution includes all of these in one download. Various binary versions however, may break these out into sub-packages. Commonly the suite is split into three packages: libraries, clients, and servers.
OpenLDAP compiles and runs on a wide variety of operating systems. However, the OpenLDAP project itself does not provide binary versions of their software. As a result, different vendors and operating system maintainers compile and provide their own binary versions. There are versions of OpenLDAP compiled for most UNIX variants (including Mac OS X), as well as versions for the Windows operating system. Some binary distributions even come with commercial support.
In this book, we will be using Ubuntu Linux as the operating system of choice. Ubuntu is a GNU/Linux distribution based on the venerable Debian Project. Like Debian (and the multitude of other Debian-based distributions) Ubuntu uses the Debian package format. Thus, if you are using another Debian-based distribution, the installation process should be largely familiar.
Ubuntu is a user-friendly Linux distribution. You can learn more about Ubuntu at http://www.ubuntu.com/. To learn more about the Debian Project, on which Ubuntu is based, visit http://debian.org/.
Almost every major Linux and BSD distribution includes official support for OpenLDAP. You may want to consult the documentation for your chosen distribution to find out more information on getting and installing OpenLDAP. In some cases, OpenLDAP is installed with the base operating system.
For Windows, Mac, and other variants of UNIX, the best way to find a list of available binary packages is by perusing the list of distributions maintained in the OpenLDAP Faq-O-Matic (http://www.openldap.org/faq/data/cache/108.html).
If you need a commercially supported OpenLDAP distribution, you may want to consider the offerings from Symas. Symas (http://www.symas.com/) is owned and operated by many of the same folks who contribute to the OpenLDAP suite. They provide a commercial binary version of the OpenLDAP suite, distributed as Connexitor Directory Services (CDS).
Several different CDS editions are available, with each edition tuned and optimized for specific organizational needs. Their Platinum Edition, for instance, is optimized for directories with more than 150 million records! Symas also provides LDAP training, maintenance and support services, and consulting.
Instead of installing a binary file, you may wish to simply compile the OpenLDAP source code yourself. This process is outlined in simple steps in Appendix A of this book.
The primary advantage of building from source code is that you will benefit from many improvements long before these revisions are made available in mainstream packages. The focus of development on the stable branch of OpenLDAP is bug fixes. Thus, building from source generally improves OpenLDAP stability.
Currently, the stable branch for OpenLDAP is 2.3 branch (2.4 is in early beta). However, some Linux distributions still use the aging 2.2 version, originally released in 2003. If the latest package for your chosen operating system is still in the 2.2 branch, you may want to consider looking for unofficial versions of 2.3 for your platform, or even compiling a custom binary (see Appendix A).