OpenLDAP Installation and Configuration

In this guide, we will attempt to show you how to install and configure OpenLDAP ready for use as an authentication method for both Apache and PAM.

There are some pre-requisites that should be also considered and these are listed in the table below (Items 1 -3).

You should really read through this guide in it's entirety before proceeding to complete any of these steps below.

Required Software :

Install Order

Product

 

Version Used

 

Download URL

 

Description

1.

Libtool

 

1.5.22

 

http://www.gnu.org/software/libtool/libtool.html

 

Library tool extensions

2.

Berkeley DB

 

4.4.20

 

http://www.sleepycat.com/

 

Berkeley Database v4

3.

OpenSSL

 

0.9.8b

 

http://www.openssl.org

 

SSL Extensions

4.

OpenLDAP

 

2.3.24

 

http://www.openldap.org/software/download/

 

LDAP Server

N.B. First download and extract these packages. In this document we will use /home/downloads/ as our central location (you can use whatever you like)

Package Building

Each package needs a little configuration before building. We will guide you through each of these as we go on. Remember, when running 'make install', you must be root to run that command.

LibTool :

cd libtool-version       (Where version is the version that you downloaded)
./configure              (There is no need to specify anything here, unless you want to deviate from the defaults)
make  
make install             ('make install' will install all the files in '/usr/local/bin', '/usr/local/lib')

Berkeley DB :

cd db-version/build_unix      (Where db-version is the version that you downloaded)
../dist/configure             (We run the build script from this location so that the script knows what platform we are on)
make                          (This can take 5 - 10 mins)
make install                  (This will install the files in the local default directory of /usr/local/BerkeleyDB.4.4)

OpenSSL :

cd openssl-version                       (Where OpenSSL-version is the version you downloaded)
./config --prefix=/usr/local/openssl/    (This tells the config script to install in the specified directory)
make
make test
make install                             (This will install the files in the directory specified in the ./config script)

OpenLDAP :

cd openldap-version                      (Where openldap-version is the version you downloaded)
./configure --enable-syslog --enable-slapd --enable-cleartext --enable-crypt --disable-sql --enable-ldap --with-tls
make depend
make
make test                                (This step can take as long as 1hr, depending on system performance.)
make install

Configuring Applications

Now you need to edit the slapd.conf file in /usr/local/etc/openldap/ making sure that the following entries are present.

include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/inetorgperson.schema

schemacheck     on

pidfile         /var/run/slapd/slapd.pid

argsfile        /var/run/slapd.args

loglevel        0

modulepath      /usr/local/lib
moduleload      back_bdb

backend         bdb
checkpoint 512 30

database        bdb

suffix          "dc=mydomain,dc=com"

directory       "/var/lib/ldap"

index           objectClass eq

lastmod         on

access to attrs=userPassword
        by dn="cn=admin,dc=mydomain,dc=com" write
        by anonymous auth
        by self write
        by * none

access to dn.base="" by * read

        by dn="cn=admin,dc=mydomain,dc=com" write
        by * read

You now have a very basic configuration for LDAP to work from. You obviously should set the paths to whatever you need, remembering to substitute the ones in this guide accordingly.