Date: Thu, 17 Apr 2008 07:04:44 +1000 From: Da Rock <rock_on_the_web@comcen.com.au> To: freebsd-questions@freebsd.org Subject: Re: Openldap server install failure - openldap client conflict Message-ID: <1208379884.16346.381.camel@laptop2.herveybayaustralia.com.au> In-Reply-To: <226ae0c60804160737o33856517y6c1bd5f0e2ed5668@mail.gmail.com> References: <226ae0c60804160737o33856517y6c1bd5f0e2ed5668@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2008-04-16 at 10:37 -0400, David Robillard wrote: > > I'm trying to install OpenLDAP as a server to "attempt" to try it out > > for our network. The problem is the openldap client is already installed > > for other apps as php, apache, asterisk, etc. So my question is: is it > > possible to uninstall the client? Will the server include the client > > required for these other apps? > > You can always remove the old client and install the new version. You > simply need to shutdown the services which depend on the client before > you remove the old one and install the new one. Then start the > services again. Of course you should do this on a test machine and > make sure all your applications work as expected with the new client > (i.e. don't do this on your production machine AND backup before you > do!). > > For what it's worth, I've removed and installed the OpenLDAP client > from a few machines and never had any problems with Apache nor with > PHP. But I did have a problem with sudo(8). If you use sudo (you > probably should IMHO) and it was compiled with LDAP support, then the > minute you remove the old OpenLDAP client, sudo will be broken. It's > easy to work around this by using su(1) and switch to root. Of course, > make sure you know the root password and that you're part of the wheel > group before you do this. > > Here's how I proceed to update the OpenLDAP client. I use SASL also, > but it's not mandatory. Notice that I run a first make(1) without > options. This will help reduce the time required between the `make > deinstall` and `make install clean`. > > cd /usr/ports/net/openldap24-sasl-client > sudo make > sudo /all/your/ldap/dependent/applications/rc.d/scripts stop > sudo make deinstall > sudo make install clean > sudo /all/your/ldap/dependent/applications/rc.d/scripts start > > Also, on a side note, I would suggest adding a few lines to > make.conf(5) so that all your applications will require the same > OpenLDAP versions (and the same Berkeley DB too). That change did help > me quite a lot. The downside of this is that if you have many hosts, > you may have to edit quite a few make.conf(5) files when either > OpenLDAP or BDB changes versions. Using rsync, rdist > > WANT_OPENLDAP_VER= 24 > WITH_BDB_VER= 46 > > Good luck with OpenLDAP. Should you need help with it, SASL and > Kerberos integration, feel free to contact me. I did just get it worked out, but those other apps were worrying me (see last post). At least I know where to look now... I am very interested in kerberos integration if you could provide some hints. I looked into before for another reason and set it aside in the too hard basket for a while... I posted back to the list to help others if they're interested too. One thing, I installed the lam webapp for administration (and I did also try this manually too) but when I'm asked for a password I have no idea what password its looking for (I do feel rather stupid!). This was something I was going to try to solve next time I get back to this project- it was late at night and I had only just got it installed and running. It says in the install guide that it will ask for the secret once you add a ldif file, so I assumed it would set it then- I was wrong... Thanks for the help.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1208379884.16346.381.camel>