Date: Wed, 16 Apr 2008 10:37:07 -0400 From: "David Robillard" <david.robillard@gmail.com> To: "Da Rock" <rock_on_the_web@comcen.com.au> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Openldap server install failure - openldap client conflict Message-ID: <226ae0c60804160737o33856517y6c1bd5f0e2ed5668@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
> I'm trying to install OpenLDAP as a server to "attempt" to try it out > for our network. The problem is the openldap client is already installed > for other apps as php, apache, asterisk, etc. So my question is: is it > possible to uninstall the client? Will the server include the client > required for these other apps? You can always remove the old client and install the new version. You simply need to shutdown the services which depend on the client before you remove the old one and install the new one. Then start the services again. Of course you should do this on a test machine and make sure all your applications work as expected with the new client (i.e. don't do this on your production machine AND backup before you do!). For what it's worth, I've removed and installed the OpenLDAP client from a few machines and never had any problems with Apache nor with PHP. But I did have a problem with sudo(8). If you use sudo (you probably should IMHO) and it was compiled with LDAP support, then the minute you remove the old OpenLDAP client, sudo will be broken. It's easy to work around this by using su(1) and switch to root. Of course, make sure you know the root password and that you're part of the wheel group before you do this. Here's how I proceed to update the OpenLDAP client. I use SASL also, but it's not mandatory. Notice that I run a first make(1) without options. This will help reduce the time required between the `make deinstall` and `make install clean`. cd /usr/ports/net/openldap24-sasl-client sudo make sudo /all/your/ldap/dependent/applications/rc.d/scripts stop sudo make deinstall sudo make install clean sudo /all/your/ldap/dependent/applications/rc.d/scripts start Also, on a side note, I would suggest adding a few lines to make.conf(5) so that all your applications will require the same OpenLDAP versions (and the same Berkeley DB too). That change did help me quite a lot. The downside of this is that if you have many hosts, you may have to edit quite a few make.conf(5) files when either OpenLDAP or BDB changes versions. Using rsync, rdist WANT_OPENLDAP_VER= 24 WITH_BDB_VER= 46 Good luck with OpenLDAP. Should you need help with it, SASL and Kerberos integration, feel free to contact me. Cheers, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?226ae0c60804160737o33856517y6c1bd5f0e2ed5668>