We all respect Redhat's goal of providing a stable operating system to its customers, the stability often comes at price. Often in the form of missing features that are available in the more recent releases of many packages. One such product has always been OpenLDAP. There are many LDAP implementations available today, including 389 Directory Server, which is a good enterprise directory server, but often includes too much extra stuff that is not needed. I have always preferred OpenLDAP for its simplicity, no frills, get the job done directory server. The latest version of OpenLDAP adds some very nice enterprise features such as multi-master replication and a new LDAP based configuration, which, I admit, I am still getting used too in comparison to good old fashioned slapd.conf file. In this article I am going to go through how I installed OpdenLDAP 2.4.x on Redhat Enterprise Linux. These same instructions are applicable to CentOS users as well.
- In order to install openldap, you need to install some prerequisites.
yum install cyrus-sasl-devel openssl-devel krb5-devel zlib-devel - Next we need to install Berkely-DB. This software package can be obtained via the following link: http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html .
- Download the software package and extract the contents to your system where you will be installing OpenLDAP. In this case I have download the following file: db-5.1.25.tar.gz.
tar -zxvf db-5.1.25.tar.gz - Next change into the newly created directory.
cd db-5.1.25
cd build_unix - Configure the package. You will note that I am installing everything into /opt/local. That is where I put random things like this. You could also consider putting everyting in /usr/local, which makes your life easier in some ways.
../dist/configure --prefix=/opt/local - Run make
make - Now install the software
sudo make install - Now that berkely-db is built, we can begin the OpenLDAP installation. First download the installation files
wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.24.tgz - Extract the tarball
tar -zxvf openldap-2.4.24.tgz - Change into the installation directory
cd openldap-2.4.24 -
Configure the software. You can specify the options you want for your installation. These are the ones I am using. Also make note of how I am passing the build flags via the command. This is very important otherwise the configure script will complain about your version of berkely-db header.
env CPPFLAGS="-I/opt/local/include" LDFLAGS="-L/opt/local/lib" ./configure --enable-hdb --enable-bdb --enable-overlays=mod --prefix=/opt/local - Compile the software
make - Install the software
make install - Now you have installed OpenLDAP, there are a couple of problems though. First of all /opt/local/lib is not in your library path. This can of course be remediated in a couple of ways. Install everything into /usr/local which is recognized as a valid library path or we can make a few tweaks to the ld.so.conf.d directory.
vim /etc/ld.so.conf.d/ldap.conf
add the following line
/opt/local/lib - Run ldconfig, the dynamic linker run time bindings.
ldconfig - We need to add a user to the system for ldap to run as. You can run it as root, but I do not recommend it.
groupadd -g 55 ldap
useradd -s /bin/false -d /opt/local/var -g ldap -u 55 ldap - Set the appropriate permissions on all the files.
chown -R ldap:ldap /opt/local/var/run
chown -R ldap:ldap /opt/local/var/ldap-data
chown ldap:ldap /opt/local/etc/openldap/slapd.conf
chmod 700 /opt/local/etc/openldap/slapd.conf - Create the following startup script:
sudo vim /etc/init.d/ldap
#!/bin/bash
#
# slapd This shell script takes care of starting and stopping OpenLDAP.
# ldap servers (slapd)..........................# chkconfig: - 27 73# description: LDAP stands for Lightweight Directory Access Protocol, used \# for implementing the industry standard directory services.# processname: slapd# config: /etc/openldap/slapd.conf# pidfile: /var/run/slapd.pid### BEGIN INIT INFO# Provides: slapd# Required-Start: $network $local_fs# Required-Stop: $network $local_fs# Should-Start:# Should-Stop:# Default-Start:# Default-Stop:# Short-Description: starts and stopd OpenLDAP server daemon# Description: LDAP stands for Lightweight Directory Access Protocol, used# for implementing the industry standard directory services.### END INIT INFO# Source function library.. /etc/init.d/functions# Define default values of options allowed in /etc/sysconfig/ldap#SLAPD_LDAP="yes"#SLAPD_LDAPI="no"#SLAPD_LDAPS="no"#SLAPD_URLS=""#SLAPD_SHUTDOWN_TIMEOUT=3# OPTIONS, SLAPD_OPTIONS and KTB5_KTNAME are not definedexport LD_LIBRARY_CONFIG=/opt/local/libslapd=/opt/local/libexec/slapdslaptest=/opt/local/sbin/slaptestlockfile=/opt/local/var/lock/subsys/slapdconfigdir=/opt/local/etc/openldap/slapd.dconfigfile=/opt/local/etc/openldap/slapd.confpidfile=/opt/local/var/run/slapd.pidslapd_pidfile=/opt/local/var/run/openldap/slapd.pidRETVAL=0start() {[ -x $slapd ] || exit 5[ `id -u` -eq 0 ] || exit 4# Define a couple of local variables which we'll need. Maybe.user=ldapgroup=ldapprog=`basename ${slapd}`#harg="$SLAPD_URLS"#if test x$SLAPD_LDAP = xyes ; thenharg="$harg ldap:///"#fi#if test x$SLAPD_LDAPS = xyes ; then# harg="$harg ldaps:///"#fi#if test x$SLAPD_LDAPI = xyes ; then# harg="$harg ldapi:///"#fi# Start daemons.echo -n $"Starting $prog: "daemon --pidfile=$pidfile --check=$prog ${slapd} -h "\"$harg\"" -u ${user} -g ${group} -f ${configfile}RETVAL=$?if [ $RETVAL -eq 0 ]; thentouch $lockfile#ln $slapd_pidfile $pidfilefiechoreturn $RETVAL}function stop() {# Stop daemons.prog=`basename ${slapd}`[ `id -u` -eq 0 ] || exit 4echo -n $"Stopping $prog: "# This will remove pid and args files from /var/run/openldapkillproc -p $pidfile -d $SLAPD_SHUTDOWN_TIMEOUT ${slapd}RETVAL=$?# Now we want to remove lock file and hardlink of pid file[ $RETVAL -eq 0 ] && rm -f $pidfile $lockfileechoreturn $RETVAL}# See how we were called.case "$1" instart)startRETVAL=$?;;stop)stopRETVAL=$?;;status)status -p $pidfile ${slapd}RETVAL=$?;;restart|force-reload)stopstartRETVAL=$?;;condrestart|try-restart)status -p $pidfile ${slapd} > /dev/null 2>&1 || exit 0stopstart;;usage)echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart|try-restart|usage}"RETVAL=0;;*)echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart|try-restart|usage}"RETVAL=2esacexit $RETVAL - This concludes the installation of OpenLDAP on Redhat Enterprise Linux.
相关推荐
Redhat Linux是企业级Linux操作系统的一个重要版本,RHEL7(Red Hat Enterprise Linux 7)在业界广泛应用,提供了稳定和安全的服务器环境。本官方文档集合包含33个详细指导,覆盖了RHEL7的各个关键领域,为系统管理...
安装Redhat Enterprise Linux5操作系统 熟练掌握常用命令的使用 熟练使用文本编辑器 熟练掌握Linux下硬件管理与磁盘操作 掌握Linux用户和组的管理 掌握Linux下软件的安装与卸载 配置和管理文件...
本篇将详细介绍如何在 Redhat Enterprise Linux 6 (RHEL 6) 上搭建 LDAP 服务器,并结合自动挂载服务(Automounter, Autofs)为客户端提供自动挂载功能。 #### 二、实验环境 - **域名**: fengtao.org - **LDAP ...
这个视频教程旨在教授如何有效地管理Red Hat Enterprise Linux(RHCE)系统,这是企业级IT环境中广泛使用的操作系统。通过学习这个教程,你将能够掌握一系列关键的系统管理技能。 【描述】描述中提到,该系列视频...
在Red Hat Enterprise Linux 6.5 (RHEL6.5)上安装Oracle 11g Release 2 (11gR2)是一项技术性较强的任务,因为Oracle数据库软件对操作系统环境有特定的要求。在这个过程中,可能会遇到一些必备的包没有预装在系统中,...
在CenotOS 5.2操作系统环境下搭建Ldap+postfix邮件服务器是一个涉及多个步骤和技术集成的过程。首先,Ldap(轻量级目录访问协议)用于存储和管理用户信息,而postfix是一款流行的SMTP服务器,负责邮件的发送和接收。...
配置Samba加入AD域需要在Red Hat Enterprise Linux系统上进行一系列的设置步骤,包括安装必要的软件包、配置Samba与AD域通信所需的参数,并确保Kerberos认证工作的正常。 随着技术的发展,未来对于Red Hat与Windows...
在Red Hat Enterprise ...总的来说,RHEL 5下安装Oracle数据库是一个复杂的过程,但通过预先收集和准备所有必需的RPM包,可以大大简化这个过程。记住,安全性和稳定性是关键,所以在安装前务必做好充分的规划和测试。
CentOS和Linueox、组装Linux (White box Linux)、Tao Linux 、X/OS Linux,及科学Linux (Scientific Linux)等都以红帽所发布的源代码原件重建Red Hat Enterprise Linux的翻版,并修正了已经发现了的redhat的...
在IT行业中,Linux系统的Red Hat Enterprise Linux(RHEL)6.0版本是一个广泛使用的操作系统,尤其在企业级服务器环境中。本篇文章将详细讲解如何在Red Hat 6.0上配置FTP(File Transfer Protocol)服务器,以便用户...
**Red Hat Enterprise Linux (RHEL) 6.3 工作站版本详解** Red Hat Enterprise Linux,简称RHEL,是全球领先的开源操作系统之一,由Red Hat公司开发并维护。RHEL 6.3是该系列的一个重要版本,特别针对工作站环境...
在Linux环境下安装Oracle 11g R2,通常需要以下关键依赖包: 1. **Development Libraries**:如GCC、binutils、make等,用于编译和构建Oracle软件。 2. **Kernel Headers**:如kernel-headers,提供内核头文件以...
《Red Hat Enterprise 7》是Red Hat公司发布的一款企业级操作系统,主要面向商业环境,提供稳定、高效且安全的Linux平台。本系统基于Fedora项目,经过严格的测试和优化,确保了在生产环境中的可靠性和性能。以下是...
模块说明SSSD模块在基于RedHat Enterprise Linux 5或6的发行版上管理sssd服务。该模块旨在与Active Directory配合使用,但可以轻松自定义以与其他LDAP服务器配合使用。 它还有助于自动创建主目录。快速开始我只想...
4. **身份管理(IdM)在Red Hat Enterprise Linux (RHEL)**: IdM是RHEL6中用于身份和访问管理的服务,它集成了LDAP、Kerberos等技术,提供用户认证、授权和审计功能。IdM使得Linux系统能够轻松与AD环境集成。 5. **...
这个压缩包"**httpd-2.4.54-el8.zip**"包含了针对Red Hat Enterprise Linux 8(RHEL 8)及其兼容系统如CentOS 8的Apache 2.4.54版本。Apache HTTPD是一个开源项目,提供了丰富的功能和高度可定制性,使得它成为许多...
4. 下载和安装指南:文档中应提供有关如何下载和安装HPE3PARCLI的详细步骤,包括如何从Windows或UNIX/Linux环境下卸载HPE3PARCLI。 5. 脚本编写注意事项:为管理员提供在编写CLI脚本时应考虑的全局选项和环境变量...
此“httpd-2.4.54.el7.zip”文件包含了用于Red Hat Enterprise Linux 7.x(RHEL 7.x)和CentOS Enterprise Linux 7.x(CentOS 7.x)系统的Apache HTTPD 2.4.54版本。这是一个重要的更新,因为HTTPD服务器是互联网上...
它支持各种主流操作系统,如Windows、Linux(包括Redhat、SuSe、红旗、Turbo等)、Unix以及AIX等。不仅如此,WebSphere还内置并支持主流的Web服务器,例如Apache HTTP Server或IBM HTTP Server,并且能与多种关系...