安装openldap出现问题， 请高手帮忙

gary_tay88

Run slapd with max. debug level:

/usr/local/openldap/libexec/slapd -d -1

gary_tay88

Assuming you have compiled/install SASL using default options, i.e. it installed at /usr/loca/lib/sasl2.

You then have two choices:

1) Tell openldap configure to look for it at /usr/local/lib/sasl2

env CPPFLAGS="-I/usr/local/BerkeleyDB.4.2/include -I/usr/local/lib/sasl2" LDFLAGS="-L/usr/local/BerkeleyDB.4.2/lib -L/usr/local/lib/sasl2" ./configure --prefix=/usr/local/openldap --enable-ldbm --with-cyrus-sasl

2) Use SASL_PATH, before you run "make"

export SASL_PATH=/usr/local/lib/sasl2
make
make depend
make test

Gary

gary_tay88

Look into openldap-x.x.x/tests/testrun/slapd.1.log file, the first test for test001-rootdse failed with error message something like "SASL Version Mismatch, look for version X.X.X found version Y.Y.Y"

HOW TO FIX "SASL Version Mismatch" error?

IF

You have BOTH the original SASL from RedHat distro (/usr/lib/sasl2/* and /usr/lib/libsasl2.so) and also compiled/installed a latest version at the default --prefix=/usr/local (/usr/local/lib/sasl2/* and /usr/local/lib/libsasl2.so)

THEN

Please also include LD_LIBRARY_PATH and include path for SASL, use the following ./configure options:

env LD_LIBRARY_PATH="/usr/local/lib:/usr/local/lib/sasl2:/usr/local/BerkeleyDB.4.2/lib" LDFLAGS="-L/usr/local/lib -L/usr/local/lib/sasl2 -L/usr/local/BerkeleyDB.4.2/lib -R/usr/local/lib -R/usr/local/lib/sasl2 -R/usr/local/BerkeleyDB.4.2/lib" CPPFLAGS="-I/usr/local/include -I/usr/local/include/sasl -I/usr/local/BerkeleyDB.4.2/include" ./configure --enable-bdb --enable-ldbm --enable-ldap --enable-meta --enable-crypt --with-tls --with-cyrus-sasl

ENDIF

Gary

gary_tay88

Assume you have compiled/installed SASL from source onto default prefix /usr/local.
Could you please add "-I/usr/local/include/sasl"  to CPPFLAGS? Sorry I missed this out.

I have noticed that many of you KEEP using very old versions of OpenlDAP (2.1.XX), and backend like "lddm", if you choose to use it for testing/development that is fine, for production running purpose please download OpenLDAP stable release 2.2.26 and use "bdb" backend, and download/compile latest SASL 2.1.21, my examples are all based on relatively latest versions of these opensource products.

When using the old versions, run "./configure --help" to look at the available options, some options may not be supported in old versions, do note, so please don't just simply copy.

Gary

gary_tay88

Your "make test" failure has got something to do with the "login" id you use, i.e. under openldap-x.x.x/tests directory, all the files/directories were previously created and owned by "root" and after that they are not able to be overwritten by "st" user.

Previosuly you use "root" account:
[root@SSL openldap-2.1.29]# make test

After that you use "st" account:
[st@SSL openldap-2.1.29]$ make test >;debug

Can you use "root" account, run "make clean", then re-run "./configure ..." and "make depend; make; make test" again.

If you prefer to use "st", THEN untar openldap-x.x.x to a BRAND NEW working area and start from scratch again.

Gary

gary_tay88

You couldn't find testrun directory and slapd.1.log, this is because you are using OLD version of OpenLDAP, 2.1.29.

If you use OpenLDAP release 2.2.XX or 2.3.X, the test scripts will create these files/directories:

# pwd
/var/tmp/openldap-2.3.7/tests/testrun
[root@sglnx01 /var/tmp/openldap-2.3.7/tests/testrun]# ls -alrt
total 15656
drwxrwxr-x  6 2000 root     4096 Sep  6 15:39 ..
-rw-r--r--  1 root root         1537 Sep  6 15:39 slapd.1.conf
drwxr-xr-x  2 root root         4096 Sep  6 15:39 db.1.a
-rw-r--r--  1 root root       132317 Sep  6 15:39 slapadd.1.log
-rw-r--r--  1 root root            5 Sep  6 15:39 slapd.1.pid
-rw-r--r--  1 root root           87 Sep  6 15:39 slapd.1.args
drwxr-xr-x  3 root root         4096 Sep  6 15:39 .
-rw-r--r--  1 root root     15843625 Sep  6 15:39 slapd.1.log
#

Gary

gary_tay88

As I said before, please do not simply copy and use the suggested ./configure options, make sure you understand their meanings.

IF

You do not intend to use SSL/TLS, i.e. you need "--without-tls", and you need to remove all SSL references.

THEN

[st@SSL openldap-2.2.26]$ env LD_LIBRARY_PATH="/usr/local/lib:/usr/local/lib/sasl2:/usr/local/BerkeleyDB.4.3/lib" LDFLAGS="-L/usr/local/lib -L/usr/local/lib/sasl2 -L/usr/local/BerkeleyDB.4.3/lib -R/usr/local/lib -R/usr/local/lib/sasl2 -R/usr/local/BerkeleyDB.4.3/lib" CPPFLAGS="-I/usr/local/include -I/usr/local/BerkeleyDB.4.3/include -I/usr/local/include/sasl" ./configure --enable-bdb --enable-ldbm --enable-ldap --enable-crypt --without-tls --with-cyrus-sasl

ELSE

Download/compile/install latest version of OpenSSL at default prefix /usr/local/ssl, and do this:

[st@SSL openldap-2.2.26]$ env LD_LIBRARY_PATH="/usr/local/lib:/usr/local/lib/sasl2:/usr/local/BerkeleyDB.4.3/lib:/usr/local/ssl/lib" LDFLAGS="-L/usr/local/lib -L/usr/local/lib/sasl2 -L/usr/local/BerkeleyDB.4.3/lib -L/usr/local/ssl/lib -R/usr/local/lib -R/usr/local/lib/sasl2 -R/usr/local/BerkeleyDB.4.3/lib -R/usr/local/ssl/lib" CPPFLAGS="-I/usr/local/include -I/usr/local/BerkeleyDB.4.3/include -I/usr/local/ssl/include -I/usr/local/include/sasl" ./configure --enable-bdb --enable-ldbm --enable-ldap --enable-crypt --with-tls --with-cyrus-sasl

ENDIF

Gary

gary_tay88

OR

IF

You have OpenSSL RPM installed on RH9 (old version does not matter, for testing it is fine, for production please update it to latest patch using latest OpenSSL RPM from RHFC3/FC4 "updates" sites, I think they are fine for RH9, I may be wrong), and you DO  NOT INTEND to compile/build OpenSSL from latest source code.

THEN

[st@SSL openldap-2.2.26]$ env LD_LIBRARY_PATH="/usr/local/lib:/usr/local/lib/sasl2:/usr/local/BerkeleyDB.4.3/lib" LDFLAGS="-L/usr/local/lib -L/usr/local/lib/sasl2 -L/usr/local/BerkeleyDB.4.3/lib -R/usr/local/lib -R/usr/local/lib/sasl2 -R/usr/local/BerkeleyDB.4.3/lib" CPPFLAGS="-I/usr/local/include -I/usr/local/BerkeleyDB.4.3/include -I/usr/local/include/sasl" ./configure --enable-bdb --enable-ldbm --enable-ldap --enable-crypt --with-tls --with-cyrus-sasl

The ./configure should be able to find OpenSSL library files from /usr/lib or /lib.

ENDIF

Gary

gary_tay88

How did you compile and build OpenSSL?

I used:

# cd openssl-0.9.XX
# ./config shared                 # Build shared library
# make clean
# make
# make test
# make install

Could you please, after "./configure ..." of OpenLDAP, do not straight away run "make", try a "make clean" to establish a clean starting state first, then "make".

Gary

gary_tay88

Sorry, for OpenLDAP, after "./configure ...", you need to "make depend" first, then "make clean" and then "make"

# ./configure ...
# make depend
# make clean
# make
# make test
# make install

Gary