Openldap server install failure - openldap client conflict
Matthew Seaman
m.seaman at infracaninophile.co.uk
Wed Apr 16 06:04:15 UTC 2008
Da Rock wrote:
> I'm trying to install OpenLDAP as a server to "attempt" to try it out
> for our network. The problem is the openldap client is already installed
> for other apps as php, apache, asterisk, etc. So my question is: is it
> possible to uninstall the client? Will the server include the client
> required for these other apps?
The client installs libldap.so and liblber.so (plus variants based on
OpenLDAP version and ABI version) -- like so for OpenLDAP 2.3:
/usr/local/lib/liblber-2.3.so
/usr/local/lib/liblber-2.3.so.2
/usr/local/lib/liblber.a
/usr/local/lib/liblber.la
/usr/local/lib/liblber.so
/usr/local/lib/libldap-2.3.so
/usr/local/lib/libldap-2.3.so.2
/usr/local/lib/libldap.a
/usr/local/lib/libldap.la
/usr/local/lib/libldap.so
/usr/local/lib/libldap_r-2.3.so
/usr/local/lib/libldap_r-2.3.so.2
/usr/local/lib/libldap_r.a
/usr/local/lib/libldap_r.la
/usr/local/lib/libldap_r.so
(OpenLDAP 2.4 does similarly except replace '2.3' with '2.4') If you
force uninstall openldap-client, then everything depending on it will
refuse to run because of the unfulfilled shlib dynamic linkage.
One of the programs that depends on the client is OpenLDAP-server -- so
just by typing
portinstall net/openldap23-server
you'll cause openldap23-client (or openldap23-sasl-client) to be installed
as a normal consequence of ports dependency resolution. The problem comes
if you've already got, say, openldap23-client installed and you want
openldap24-client -- other applications: Apache, PHP etc. will work with
just about any LDAP version but openldap-server needs the matching client
version. The solution is something like this:
# portupgrade -o net/openldap24-client -f openldap-client-2.3.41
# portupgrade -fr openldap-client-2.4.8
to switch from the 23 series to the 24 series. Also -- handy tip --
adding flags like the following to /etc/make.conf will generally enable
LDAP and SASL capabilities for any ports that can support them. (SASL highly
recommended for securing access to LDAP, and also LDAP highly recommended
as a back-end for SASL...)
WITH_SASL= yes
WITH_LDAP= yes
WANT_OPENLDAP_VER= 23
WANT_OPENLDAP_SASL= yes
However, don't insert the 'WANT_OPENLDAP_VER' line into /etc/make.conf
until /after/ you've got the right openldap-client port installed, as it
screws up switching between versions.
23 is the default stable release, 24 is also available but still in beta.
> And while I'm here... I tried installing the odbc backend, but it
> conflicts with other apps as well. How can I have both the libiodbc and
> unixodbc at the same time for openldap server (requires libiodbc), php5,
> etc?
Do you really need the odbc *backend* for LDAP? That allows LDAP to store
its data in a MSSQL database somewhere -- which implies the data store is on
a different server to the OpenLDAP instance. That's not ideal for good
performance. Unless you know you have a specific need for one of the particular
back-ends and certainly if you are a beginner with openldap, I'd strongly
recommend sticking with the default local storage based on Berkeley DB.
If your aim is to interoperate with ActiveDirectory then I believe that is
possible at the LDAP level via the usual delegation and referral mechanisms.
It may even be possible to replicate either to or from AD or to use OpenLDAP
(+ Kerberos + Samba v4 I think) as a drop in replacement for AD. I have no
direct knowledge of that, but I'm sure a little Google action will turn up
any number of HowTos on the subject.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20080416/3a0f099e/signature.pgp
More information about the freebsd-ports
mailing list