0 background
This article compiles Openldap based on Huawei's openEular system
cat /etc/os-release
View the current openEular system version information:
1 Condition preparation
1.1 Install the rpm package that openldap depends on
Here you need to configure the yum source, such as Ali/NetEase, etc., or you can configure the use of offline yum source, see this article for details
yum install ibtool-ltdl -y
yum install libtool-ltdl-devel -y
Note:
① It involves libtool-ltdl and libtool-ltdl-devel. If it is not installed, an error will be reported when compiling: configure: error: could not locate libtool ltdl.h
② Do not use commands to install when installing yum install *ltdl* -y
, the yum of the Euler system will not recognize out libtool-ltdl-devel
1.2 Unzip the openldap source package
tar -zxvf openldap-2.4.44.tgz
cd openldap-2.4.44
2 compile openldap
2.1 Execute compilation command
./configure --prefix=/usr/local/openLDAP-2.4.44 --enable-modules=yes --enable-rewrite --enable-memberof=yes --enable-refint=yes --enable-hdb=no --enable-bdb=no --enable-overlays
Note:
You don’t need to add BDB or HDB database when compiling here, you need to add the following parameters
--enable-bdb=no --enable-hdb=no
2.2 Execute dependency detection command
Next, follow the prompts to execute the command and perform dependency detection
make depend
Execute the make command
make
2.3 Execute the test command
This step will be time-consuming, wait patiently for the execution to complete
make test
2.4 execute install
make install
After this step is successfully executed, the directory will be generated in the directory set by –prefix=/usr/local/openldap-2.4.44 of 2.1, and the result of openldap compilation will be generated in this directory.
2.5 Setting Shortcuts
Add a soft link to the relevant execution files of the openldap client (bin) and server (sbin), or set it by adding environment variables
cd /usr/local/openldap-2.4.44
ln -s /usr/local/openldap-2.4.44/bin/* /usr/local/bin/
ln -s /usr/local/openldap-2.4.44/sbin/* /usr/local/sbin/
3 verification
Verify that openldap can be used normally after compilation
3.1 Generate initial cryptographic keys
Use slappassword to generate an encryption key, assuming that the initial password is set to bywx2020. Execute the following command:
slappasswd -s bywx2020
Here {SSHA}kbY3oJPDv8MfDdu9wAVIgQ2EVB/p3Cop is the key generated after encryption
3.2 Modify the configuration file slapd.conf
cd /usr/local/openldap-2.4.44/etc/openldap/
vim slapd.conf
Add the following content:
#schema默认只有core.schema,各级需要添加,这里将同配置文件一个目录的schema目录中有的schema文件都加到配置文件中;
include /usr/local/openldap-2.4.44/etc/openldap/schema/collective.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/corba.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/cosine.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/duaconf.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/dyngroup.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/java.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/misc.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/nis.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/openldap.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/pmi.schema
include /usr/local/openldap-2.4.44/etc/openldap/schema/ppolicy.schema
Added log file level and path
loglevel 256
logfile /usr/local/openldap-2.4.44/var/slapd.log
Modify the domain name and administrator account name;
suffix “dc=chen,dc=com” rootdn “cn=admin,dc=chen,dc=com”
Use the ciphertext password, that is, the ciphertext or plaintext password generated by slappasswd earlier;
rootpw {SSHA}kbY3oJPDv8MfDdu9wAVIgQ2EVB/p3Cop
3.3 start openldap
/usr/local/openldap-2.4.44/libexec/slapd -d 256
The following error occurs:
Reason: Because the /usr/local/openldap-2.4.44/var/openldap-data directory does not exist, recreate the directory and restart openldap to
verify that the openldap service is started normally
ldapsearch -x -b '' -s base'(objectclass=*)'
If you see the following output, it means that openldap starts successfully and can be used normally: