Euler openEular system compiles Openldap

0 background

This article compiles Openldap based on Huawei's openEular system

cat /etc/os-release 

View the current openEular system version information:

1 Condition preparation

1.1 Install the rpm package that openldap depends on

Here you need to configure the yum source, such as Ali/NetEase, etc., or you can configure the use of offline yum source, see this article for details

yum install ibtool-ltdl -y
yum install libtool-ltdl-devel -y

Note:
① It involves libtool-ltdl and libtool-ltdl-devel. If it is not installed, an error will be reported when compiling: configure: error: could not locate libtool ltdl.h
② Do not use commands to install when installing yum install *ltdl* -y, the yum of the Euler system will not recognize out libtool-ltdl-devel

1.2 Unzip the openldap source package

tar -zxvf openldap-2.4.44.tgz
cd openldap-2.4.44

2 compile openldap

2.1 Execute compilation command

./configure --prefix=/usr/local/openLDAP-2.4.44 --enable-modules=yes --enable-rewrite --enable-memberof=yes  --enable-refint=yes --enable-hdb=no --enable-bdb=no --enable-overlays

Note:
You don’t need to add BDB or HDB database when compiling here, you need to add the following parameters

--enable-bdb=no --enable-hdb=no

2.2 Execute dependency detection command

Next, follow the prompts to execute the command and perform dependency detection

make depend

Execute the make command

make

2.3 Execute the test command

This step will be time-consuming, wait patiently for the execution to complete

make test 

2.4 execute install

make install

After this step is successfully executed, the directory will be generated in the directory set by –prefix=/usr/local/openldap-2.4.44 of 2.1, and the result of openldap compilation will be generated in this directory.

2.5 Setting Shortcuts

Add a soft link to the relevant execution files of the openldap client (bin) and server (sbin), or set it by adding environment variables

cd /usr/local/openldap-2.4.44
ln -s /usr/local/openldap-2.4.44/bin/* /usr/local/bin/
ln -s /usr/local/openldap-2.4.44/sbin/* /usr/local/sbin/

3 verification

Verify that openldap can be used normally after compilation

3.1 Generate initial cryptographic keys

Use slappassword to generate an encryption key, assuming that the initial password is set to bywx2020. Execute the following command:

slappasswd -s bywx2020

Here {SSHA}kbY3oJPDv8MfDdu9wAVIgQ2EVB/p3Cop is the key generated after encryption

3.2 Modify the configuration file slapd.conf

 cd /usr/local/openldap-2.4.44/etc/openldap/
 vim slapd.conf

Add the following content:

#schema默认只有core.schema，各级需要添加，这里将同配置文件一个目录的schema目录中有的schema文件都加到配置文件中;
include /usr/local/openldap-2.4.44/etc/openldap/schema/collective.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/corba.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/cosine.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/duaconf.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/dyngroup.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/java.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/misc.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/nis.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/openldap.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/pmi.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/ppolicy.schema

Added log file level and path

loglevel    256
logfile    /usr/local/openldap-2.4.44/var/slapd.log

Modify the domain name and administrator account name;

suffix “dc=chen,dc=com” rootdn “cn=admin,dc=chen,dc=com”

Use the ciphertext password, that is, the ciphertext or plaintext password generated by slappasswd earlier;
rootpw {SSHA}kbY3oJPDv8MfDdu9wAVIgQ2EVB/p3Cop

3.3 start openldap

 /usr/local/openldap-2.4.44/libexec/slapd -d 256

The following error occurs:

Reason: Because the /usr/local/openldap-2.4.44/var/openldap-data directory does not exist, recreate the directory and restart openldap to

verify that the openldap service is started normally

ldapsearch -x -b '' -s base'(objectclass=*)'

If you see the following output, it means that openldap starts successfully and can be used normally: