From owner-freebsd-questions@FreeBSD.ORG Wed Apr 16 21:06:07 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 04F9A106564A for ; Wed, 16 Apr 2008 21:06:07 +0000 (UTC) (envelope-from rock_on_the_web@comcen.com.au) Received: from angel.comcen.com.au (angel.comcen.com.au [203.23.236.69]) by mx1.freebsd.org (Postfix) with ESMTP id A86018FC2A for ; Wed, 16 Apr 2008 21:06:06 +0000 (UTC) (envelope-from rock_on_the_web@comcen.com.au) Received: from [192.168.0.198] (202-172-126-254.cpe.qld-1.comcen.com.au [202.172.126.254]) by angel.comcen.com.au (8.13.4/8.12.9) with ESMTP id m3GL4wpa070043 for ; Thu, 17 Apr 2008 07:05:00 +1000 (EST) From: Da Rock To: freebsd-questions@freebsd.org In-Reply-To: <226ae0c60804160737o33856517y6c1bd5f0e2ed5668@mail.gmail.com> References: <226ae0c60804160737o33856517y6c1bd5f0e2ed5668@mail.gmail.com> Content-Type: text/plain Date: Thu, 17 Apr 2008 07:04:44 +1000 Message-Id: <1208379884.16346.381.camel@laptop2.herveybayaustralia.com.au> Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 (2.12.3-3.fc8) Content-Transfer-Encoding: 7bit X-comcen-MailScanner-Information: Please contact the ISP for more information X-comcen-MailScanner: Found to be clean X-comcen-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-16.393, required 4, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.41, BAYES_00 -15.00) X-comcen-MailScanner-From: rock_on_the_web@comcen.com.au Subject: Re: Openldap server install failure - openldap client conflict X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2008 21:06:07 -0000 On Wed, 2008-04-16 at 10:37 -0400, David Robillard wrote: > > I'm trying to install OpenLDAP as a server to "attempt" to try it out > > for our network. The problem is the openldap client is already installed > > for other apps as php, apache, asterisk, etc. So my question is: is it > > possible to uninstall the client? Will the server include the client > > required for these other apps? > > You can always remove the old client and install the new version. You > simply need to shutdown the services which depend on the client before > you remove the old one and install the new one. Then start the > services again. Of course you should do this on a test machine and > make sure all your applications work as expected with the new client > (i.e. don't do this on your production machine AND backup before you > do!). > > For what it's worth, I've removed and installed the OpenLDAP client > from a few machines and never had any problems with Apache nor with > PHP. But I did have a problem with sudo(8). If you use sudo (you > probably should IMHO) and it was compiled with LDAP support, then the > minute you remove the old OpenLDAP client, sudo will be broken. It's > easy to work around this by using su(1) and switch to root. Of course, > make sure you know the root password and that you're part of the wheel > group before you do this. > > Here's how I proceed to update the OpenLDAP client. I use SASL also, > but it's not mandatory. Notice that I run a first make(1) without > options. This will help reduce the time required between the `make > deinstall` and `make install clean`. > > cd /usr/ports/net/openldap24-sasl-client > sudo make > sudo /all/your/ldap/dependent/applications/rc.d/scripts stop > sudo make deinstall > sudo make install clean > sudo /all/your/ldap/dependent/applications/rc.d/scripts start > > Also, on a side note, I would suggest adding a few lines to > make.conf(5) so that all your applications will require the same > OpenLDAP versions (and the same Berkeley DB too). That change did help > me quite a lot. The downside of this is that if you have many hosts, > you may have to edit quite a few make.conf(5) files when either > OpenLDAP or BDB changes versions. Using rsync, rdist > > WANT_OPENLDAP_VER= 24 > WITH_BDB_VER= 46 > > Good luck with OpenLDAP. Should you need help with it, SASL and > Kerberos integration, feel free to contact me. I did just get it worked out, but those other apps were worrying me (see last post). At least I know where to look now... I am very interested in kerberos integration if you could provide some hints. I looked into before for another reason and set it aside in the too hard basket for a while... I posted back to the list to help others if they're interested too. One thing, I installed the lam webapp for administration (and I did also try this manually too) but when I'm asked for a password I have no idea what password its looking for (I do feel rather stupid!). This was something I was going to try to solve next time I get back to this project- it was late at night and I had only just got it installed and running. It says in the install guide that it will ask for the secret once you add a ldif file, so I assumed it would set it then- I was wrong... Thanks for the help.