Openldap server install failure - openldap client conflict

David Robillard david.robillard at gmail.com
Wed Apr 16 14:37:13 UTC 2008 

> I'm trying to install OpenLDAP as a server to "attempt" to try it out
> for our network. The problem is the openldap client is already installed
> for other apps as php, apache, asterisk, etc. So my question is: is it
> possible to uninstall the client? Will the server include the client
> required for these other apps?

You can always remove the old client and install the new version. You
simply need to shutdown the services which depend on the client before
you remove the old one and install the new one. Then start the
services again. Of course you should do this on a test machine and
make sure all your applications work as expected with the new client
(i.e. don't do this on your production machine AND backup before you
do!).

For what it's worth, I've removed and installed the OpenLDAP client
from a few machines and never had any problems with Apache nor with
PHP. But I did have a problem with sudo(8). If you use sudo (you
probably should IMHO) and it was compiled with LDAP support, then the
minute you remove the old OpenLDAP client, sudo will be broken. It's
easy to work around this by using su(1) and switch to root. Of course,
make sure you know the root password and that you're part of the wheel
group before you do this.

Here's how I proceed to update the OpenLDAP client. I use SASL also,
but it's not mandatory. Notice that I run a first make(1) without
options. This will help reduce the time required between the `make
deinstall` and `make install clean`.

cd /usr/ports/net/openldap24-sasl-client
sudo make
sudo /all/your/ldap/dependent/applications/rc.d/scripts stop
sudo make deinstall
sudo make install clean
sudo /all/your/ldap/dependent/applications/rc.d/scripts start

Also, on a side note, I would suggest adding a few lines to
make.conf(5) so that all your applications will require the same
OpenLDAP versions (and the same Berkeley DB too). That change did help
me quite a lot. The downside of this is that if you have many hosts,
you may have to edit quite a few make.conf(5) files when either
OpenLDAP or BDB changes versions. Using rsync, rdist

WANT_OPENLDAP_VER= 24
WITH_BDB_VER= 46

Good luck with OpenLDAP. Should you need help with it, SASL and
Kerberos integration, feel free to contact me.

Cheers,

David
-- 
David Robillard
UNIX systems administrator & Oracle DBA
CISSP, RHCE & Sun Certified Security Administrator
Montreal: +1 514 966 0122

More information about the freebsd-questions mailing list