LDAP Redhat Enterprise Linux安装

• LDAP
• Redhat

Share

We all respect Redhat's goal of providing a stable operating system to its customers, the stability often comes at price. Often in the form of missing features that are available in the more recent releases of many packages. One such product has always been OpenLDAP. There are many LDAP implementations available today, including 389 Directory Server, which is a good enterprise directory server, but often includes too much extra stuff that is not needed. I have always preferred OpenLDAP for its simplicity, no frills, get the job done directory server. The latest version of OpenLDAP adds some very nice enterprise features such as multi-master replication and a new LDAP based configuration, which, I admit, I am still getting used too in comparison to good old fashioned slapd.conf file. In this article I am going to go through how I installed OpdenLDAP 2.4.x on Redhat Enterprise Linux. These same instructions are applicable to CentOS users as well.

1. In order to install openldap, you need to install some prerequisites.
   
   yum install cyrus-sasl-devel openssl-devel krb5-devel zlib-devel
2. Next we need to install Berkely-DB. This software package can be obtained via the following link: http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html .
3. Download the software package and extract the contents to your system where you will be installing OpenLDAP. In this case I have download the following file: db-5.1.25.tar.gz.
   
   tar -zxvf db-5.1.25.tar.gz
4. Next change into the newly created directory.
   
   cd db-5.1.25
   cd build_unix
5. Configure the package. You will note that I am installing everything into /opt/local. That is where I put random things like this. You could also consider putting everyting in /usr/local, which makes your life easier in some ways.
   
   ../dist/configure --prefix=/opt/local
6. Run make
   
   make
7. Now install the software
   
   sudo make install
8. Now that berkely-db is built, we can begin the OpenLDAP installation. First download the installation files
   
   wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.24.tgz
9. Extract the tarball
   
   tar -zxvf openldap-2.4.24.tgz
10. Change into the installation directory
    
    cd openldap-2.4.24

11. Configure the software. You can specify the options you want for your installation. These are the ones I am using. Also make note of how I am passing the build flags via the command. This is very important otherwise the configure script will complain about your version of berkely-db header.

    env CPPFLAGS="-I/opt/local/include" LDFLAGS="-L/opt/local/lib" ./configure --enable-hdb --enable-bdb --enable-overlays=mod --prefix=/opt/local
12. Compile the software
    
    make
13. Install the software
    
    make install
14. Now you have installed OpenLDAP, there are a couple of problems though. First of all /opt/local/lib is not in your library path. This can of course be remediated in a couple of ways. Install everything into /usr/local which is recognized as a valid library path or we can make a few tweaks to the ld.so.conf.d directory.
    
    vim /etc/ld.so.conf.d/ldap.conf
    
    add the following line
    
    /opt/local/lib
15. Run ldconfig, the dynamic linker run time bindings.
    
    ldconfig
16. We need to add a user to the system for ldap to run as. You can run it as root, but I do not recommend it.
    
    groupadd -g 55 ldap
    useradd -s /bin/false -d /opt/local/var -g ldap -u 55 ldap
17. Set the appropriate permissions on all the files.
    
    chown -R ldap:ldap /opt/local/var/run
    chown -R ldap:ldap /opt/local/var/ldap-data
    chown ldap:ldap /opt/local/etc/openldap/slapd.conf
    chmod 700 /opt/local/etc/openldap/slapd.conf
18. Create the following startup script:
    
    sudo vim /etc/init.d/ldap
    
    #!/bin/bash
    #
    # slapd This shell script takes care of starting and stopping OpenLDAP.
    # ldap servers (slapd).
    .........................
    # chkconfig: - 27 73
    # description: LDAP stands for Lightweight Directory Access Protocol, used \
    # for implementing the industry standard directory services.
    # processname: slapd
    # config: /etc/openldap/slapd.conf
    # pidfile: /var/run/slapd.pid
     
    ### BEGIN INIT INFO
    # Provides: slapd
    # Required-Start: $network $local_fs
    # Required-Stop: $network $local_fs
    # Should-Start:
    # Should-Stop:
    # Default-Start:
    # Default-Stop:
    # Short-Description: starts and stopd OpenLDAP server daemon
    # Description: LDAP stands for Lightweight Directory Access Protocol, used
    # for implementing the industry standard directory services.
    ### END INIT INFO
     
    # Source function library.
    . /etc/init.d/functions
     
    # Define default values of options allowed in /etc/sysconfig/ldap
    #SLAPD_LDAP="yes"
    #SLAPD_LDAPI="no"
    #SLAPD_LDAPS="no"
    #SLAPD_URLS=""
    #SLAPD_SHUTDOWN_TIMEOUT=3
    # OPTIONS, SLAPD_OPTIONS and KTB5_KTNAME are not defined
     
    export LD_LIBRARY_CONFIG=/opt/local/lib
     
    slapd=/opt/local/libexec/slapd
    slaptest=/opt/local/sbin/slaptest
    lockfile=/opt/local/var/lock/subsys/slapd
    configdir=/opt/local/etc/openldap/slapd.d
    configfile=/opt/local/etc/openldap/slapd.conf
    pidfile=/opt/local/var/run/slapd.pid
    slapd_pidfile=/opt/local/var/run/openldap/slapd.pid
     
    RETVAL=0
    start() {

    [ -x $slapd ] || exit 5

    [ `id -u` -eq 0 ] || exit 4

    # Define a couple of local variables which we'll need. Maybe.

    user=ldap

    group=ldap

    prog=`basename ${slapd}`

    #harg="$SLAPD_URLS"

    #if test x$SLAPD_LDAP = xyes ; then

    harg="$harg ldap:///"

    #fi

    #if test x$SLAPD_LDAPS = xyes ; then

    # harg="$harg ldaps:///"

    #fi

    #if test x$SLAPD_LDAPI = xyes ; then

    # harg="$harg ldapi:///"

    #fi

    # Start daemons.

    echo -n $"Starting $prog: "

    daemon --pidfile=$pidfile --check=$prog ${slapd} -h "\"$harg\"" -u ${user} -g ${group} -f ${configfile}

    RETVAL=$?

    if [ $RETVAL -eq 0 ]; then

    touch $lockfile

    #ln $slapd_pidfile $pidfile

    fi

    echo

    return $RETVAL

    }

     

    function stop() {

    # Stop daemons.

    prog=`basename ${slapd}`

    [ `id -u` -eq 0 ] || exit 4

    echo -n $"Stopping $prog: "

     

    # This will remove pid and args files from /var/run/openldap

    killproc -p $pidfile -d $SLAPD_SHUTDOWN_TIMEOUT ${slapd}

    RETVAL=$?

     

    # Now we want to remove lock file and hardlink of pid file

    [ $RETVAL -eq 0 ] && rm -f $pidfile $lockfile

    echo

    return $RETVAL

    }

    # See how we were called.

    case "$1" in

    start)

    start

    RETVAL=$?

    ;;

    stop)

    stop

    RETVAL=$?

    ;;

    status)

    status -p $pidfile ${slapd}

    RETVAL=$?

    ;;

    restart|force-reload)

    stop

    start

    RETVAL=$?

    ;;

    condrestart|try-restart)

    status -p $pidfile ${slapd} > /dev/null 2>&1 || exit 0

    stop

    start

    ;;

    usage)

    echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart|try-restart|usage}"

    RETVAL=0

    ;;

    *)

    echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart|try-restart|usage}"

    RETVAL=2

    esac

    exit $RETVAL

     
19. This concludes the installation of OpenLDAP on Redhat Enterprise Linux.