Site Navigation

Date:      Wed, 16 Apr 2008 07:03:36 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Da Rock <rock_on_the_web@comcen.com.au>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: Openldap server install failure - openldap client conflict
Message-ID:  <480596B8.1070305@infracaninophile.co.uk>
In-Reply-To: <1208307277.16346.305.camel@laptop2.herveybayaustralia.com.au>
References:  <1208307277.16346.305.camel@laptop2.herveybayaustralia.com.au>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA4C449336D2E0799C927301D
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Da Rock wrote:
> I'm trying to install OpenLDAP as a server to "attempt" to try it out
> for our network. The problem is the openldap client is already installe=
d
> for other apps as php, apache, asterisk, etc. So my question is: is it
> possible to uninstall the client? Will the server include the client
> required for these other apps?

The client installs libldap.so and liblber.so (plus variants based on
OpenLDAP version and ABI version) -- like so for OpenLDAP 2.3:

/usr/local/lib/liblber-2.3.so
/usr/local/lib/liblber-2.3.so.2
/usr/local/lib/liblber.a
/usr/local/lib/liblber.la
/usr/local/lib/liblber.so
/usr/local/lib/libldap-2.3.so
/usr/local/lib/libldap-2.3.so.2
/usr/local/lib/libldap.a
/usr/local/lib/libldap.la
/usr/local/lib/libldap.so
/usr/local/lib/libldap_r-2.3.so
/usr/local/lib/libldap_r-2.3.so.2
/usr/local/lib/libldap_r.a
/usr/local/lib/libldap_r.la
/usr/local/lib/libldap_r.so

(OpenLDAP 2.4 does similarly except replace '2.3' with '2.4')  If you
force uninstall openldap-client, then everything depending on it will
refuse to run because of the unfulfilled shlib dynamic linkage.

One of the programs that depends on the client is OpenLDAP-server -- so
just by typing

    portinstall net/openldap23-server

you'll cause openldap23-client (or openldap23-sasl-client) to be installe=
d
as a normal consequence of ports dependency resolution.  The problem come=
s
if you've already got, say, openldap23-client installed and you want
openldap24-client -- other applications: Apache, PHP etc. will work with
just about any LDAP version but openldap-server needs the matching client=

version.  The solution is something like this:

   # portupgrade -o net/openldap24-client -f openldap-client-2.3.41
   # portupgrade -fr openldap-client-2.4.8

to switch from the 23 series to the 24 series.  Also -- handy tip --=20
adding flags like the following to /etc/make.conf will generally enable
LDAP and SASL capabilities for any ports that can support them.  (SASL hi=
ghly
recommended for securing access to LDAP, and also LDAP highly recommended=

as a back-end for SASL...)

WITH_SASL=3D      yes
WITH_LDAP=3D	yes
WANT_OPENLDAP_VER=3D      23
WANT_OPENLDAP_SASL=3D     yes

However, don't insert the 'WANT_OPENLDAP_VER' line into /etc/make.conf
until /after/ you've got the right openldap-client port installed, as it
screws up switching between versions.

23 is the default stable release, 24 is also available but still in beta.=


> And while I'm here... I tried installing the odbc backend, but it
> conflicts with other apps as well. How can I have both the libiodbc and=

> unixodbc at the same time for openldap server (requires libiodbc), php5=
,
> etc?

Do you really need the odbc *backend* for LDAP?  That allows LDAP to stor=
e
its data in a MSSQL database somewhere -- which implies the data store is=
 on
a different server to the OpenLDAP instance.  That's not ideal for good
performance.  Unless you know you have a specific need for one of the par=
ticular
back-ends and certainly if you are a beginner with openldap, I'd strongly=

recommend sticking with the default local storage based on Berkeley DB.

If your aim is to interoperate with ActiveDirectory then I believe that i=
s
possible at the LDAP level via the usual delegation and referral mechanis=
ms.
It may even be possible to replicate either to or from AD or to use OpenL=
DAP
(+ Kerberos + Samba v4 I think) as a drop in replacement for AD.  I have =
no
direct knowledge of that, but I'm sure a little Google action will turn u=
p
any number of HowTos on the subject.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW


--------------enigA4C449336D2E0799C927301D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkgFlr0ACgkQ8Mjk52CukIxjigCgkJSAPw0U8pgRpfce7FQaffp3
7r8An1KTrIJycJBGudThd+OSe+/oYxTR
=sX/Y
-----END PGP SIGNATURE-----

--------------enigA4C449336D2E0799C927301D--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?480596B8.1070305>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact