From owner-freebsd-ports@FreeBSD.ORG  Wed Apr 16 06:04:15 2008
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0DBCC1065674
	for <freebsd-ports@freebsd.org>; Wed, 16 Apr 2008 06:04:15 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 7781E8FC1F
	for <freebsd-ports@freebsd.org>; Wed, 16 Apr 2008 06:04:14 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1])
	(authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.2/8.14.2) with ESMTP id
	m3G63f5o005841; Wed, 16 Apr 2008 07:03:43 +0100 (BST)
	(envelope-from m.seaman@infracaninophile.co.uk)
X-DKIM: Sendmail DKIM Filter v2.5.2 smtp.infracaninophile.co.uk m3G63f5o005841
Message-ID: <480596B8.1070305@infracaninophile.co.uk>
Date: Wed, 16 Apr 2008 07:03:36 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Organization: Infracaninophile
User-Agent: Thunderbird 2.0.0.12 (X11/20080310)
MIME-Version: 1.0
To: Da Rock <rock_on_the_web@comcen.com.au>
References: <1208307277.16346.305.camel@laptop2.herveybayaustralia.com.au>
In-Reply-To: <1208307277.16346.305.camel@laptop2.herveybayaustralia.com.au>
X-Enigmail-Version: 0.95.6
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="------------enigA4C449336D2E0799C927301D"
X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by
	milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]);
	Wed, 16 Apr 2008 07:03:43 +0100 (BST)
X-Virus-Scanned: ClamAV 0.92.1/6793/Wed Apr 16 04:57:30 2008 on
	happy-idiot-talk.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.9 required=5.0 tests=AWL,BAYES_00,NO_RELAYS
	autolearn=ham version=3.2.4
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
	happy-idiot-talk.infracaninophile.co.uk
Cc: freebsd-ports@freebsd.org
Subject: Re: Openldap server install failure - openldap client conflict
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2008 06:04:15 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA4C449336D2E0799C927301D
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Da Rock wrote:
> I'm trying to install OpenLDAP as a server to "attempt" to try it out
> for our network. The problem is the openldap client is already installe=
d
> for other apps as php, apache, asterisk, etc. So my question is: is it
> possible to uninstall the client? Will the server include the client
> required for these other apps?

The client installs libldap.so and liblber.so (plus variants based on
OpenLDAP version and ABI version) -- like so for OpenLDAP 2.3:

/usr/local/lib/liblber-2.3.so
/usr/local/lib/liblber-2.3.so.2
/usr/local/lib/liblber.a
/usr/local/lib/liblber.la
/usr/local/lib/liblber.so
/usr/local/lib/libldap-2.3.so
/usr/local/lib/libldap-2.3.so.2
/usr/local/lib/libldap.a
/usr/local/lib/libldap.la
/usr/local/lib/libldap.so
/usr/local/lib/libldap_r-2.3.so
/usr/local/lib/libldap_r-2.3.so.2
/usr/local/lib/libldap_r.a
/usr/local/lib/libldap_r.la
/usr/local/lib/libldap_r.so

(OpenLDAP 2.4 does similarly except replace '2.3' with '2.4')  If you
force uninstall openldap-client, then everything depending on it will
refuse to run because of the unfulfilled shlib dynamic linkage.

One of the programs that depends on the client is OpenLDAP-server -- so
just by typing

    portinstall net/openldap23-server

you'll cause openldap23-client (or openldap23-sasl-client) to be installe=
d
as a normal consequence of ports dependency resolution.  The problem come=
s
if you've already got, say, openldap23-client installed and you want
openldap24-client -- other applications: Apache, PHP etc. will work with
just about any LDAP version but openldap-server needs the matching client=

version.  The solution is something like this:

   # portupgrade -o net/openldap24-client -f openldap-client-2.3.41
   # portupgrade -fr openldap-client-2.4.8

to switch from the 23 series to the 24 series.  Also -- handy tip --=20
adding flags like the following to /etc/make.conf will generally enable
LDAP and SASL capabilities for any ports that can support them.  (SASL hi=
ghly
recommended for securing access to LDAP, and also LDAP highly recommended=

as a back-end for SASL...)

WITH_SASL=3D      yes
WITH_LDAP=3D	yes
WANT_OPENLDAP_VER=3D      23
WANT_OPENLDAP_SASL=3D     yes

However, don't insert the 'WANT_OPENLDAP_VER' line into /etc/make.conf
until /after/ you've got the right openldap-client port installed, as it
screws up switching between versions.

23 is the default stable release, 24 is also available but still in beta.=


> And while I'm here... I tried installing the odbc backend, but it
> conflicts with other apps as well. How can I have both the libiodbc and=

> unixodbc at the same time for openldap server (requires libiodbc), php5=
,
> etc?

Do you really need the odbc *backend* for LDAP?  That allows LDAP to stor=
e
its data in a MSSQL database somewhere -- which implies the data store is=
 on
a different server to the OpenLDAP instance.  That's not ideal for good
performance.  Unless you know you have a specific need for one of the par=
ticular
back-ends and certainly if you are a beginner with openldap, I'd strongly=

recommend sticking with the default local storage based on Berkeley DB.

If your aim is to interoperate with ActiveDirectory then I believe that i=
s
possible at the LDAP level via the usual delegation and referral mechanis=
ms.
It may even be possible to replicate either to or from AD or to use OpenL=
DAP
(+ Kerberos + Samba v4 I think) as a drop in replacement for AD.  I have =
no
direct knowledge of that, but I'm sure a little Google action will turn u=
p
any number of HowTos on the subject.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW


--------------enigA4C449336D2E0799C927301D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkgFlr0ACgkQ8Mjk52CukIxjigCgkJSAPw0U8pgRpfce7FQaffp3
7r8An1KTrIJycJBGudThd+OSe+/oYxTR
=sX/Y
-----END PGP SIGNATURE-----

--------------enigA4C449336D2E0799C927301D--