Building an LDAP Server on Linux, Part 2
LDAP provides central management of access, authentication, and authorization -- in other words, it makes your life as an admin much easier. Learn the ins and outs of LDAP as well as how to build your own LDAP server in this three-part series.
Welcome back! In Part 1 we learned basic concepts of LDAP and the uses for an LDAP server. Today we'll install and configure an OpenLDAP directory.
A quick note before we get started: this is LDAP 101. We are not installing any kind of encryption or strong authentication; we'll get to that in part 3. In my experience, learning LDAP in small chunks works best. (Then again, perhaps I'm just a bit dim.) So sit back, strap in, and keep your fingers away from the training wheels.
The Easy Way
The wise sysadmin will consult the documentation for their distro; it's quite possible that OpenLDAP will be packaged and ready to go in a pleasing manner (or ready to go in an odd manner — you never know). I'm all for easy — if your particular distribution provides an easy way, use it. RPMs can also be obtained from rpmfind.net, which thoughtfully lists all the required additional packages.
Debian of course goes its own merry way. apt-get does the job just fine; the tricky bit is finding out the package names. Debian users want ldap-utils; slapd, which is OpenLDAP; and libdb4.1, to get the Sleepycat DB. These three components are enough to get you up and running. apt-get will walk you through a minimal configuration and will automatically start up slapd, the LDAP server daemon.
Installing from Source
At the barest minimum, two tarballs are needed:
- Berkeley Sleepycat DB
- OpenLDAP tarball
The OpenLDAP tarball is under 2 megabytes, which means even us dial-up lusers can download it without pain. As of this writing, the stable edition is openldap-stable-20030709.tgz. I like to park the tarball and unpack it in /usr/src/:
root@windbag:/usr/src# tar xfz openldap-stable-20030709.tgz
This creates the openldap-2.1.22 directory:
root@windbag:/usr/src# cd openldap-2.1.22