Study Notes

It took me about a week in researching OpenLDAP+SSL installtaion. The troubles I met mostly are OpenSSL and Berkeley DB configuration. Here should I write the step used to install them successfully.

Testing Operating System: CentOS 3.5 (On Virtual Machine)
Virtual Machine setting: P3/256M/6G/Bridge Network
Basic Operating System: CentOS 4.3(Final)
Hardeware: P4 1.7GHz/DDR266 512M/80G IDE

1. Install openSSL
Download the latest version “openssl-0.9.8c.tar.gz” from www.openssl.org/source. Check the former openssl which has been installed in the system, by issuing the following commands:
# rpm -qa | grep openssl
As the result, it showed openssl-0.9.7a and openssl-devel-0.9.7a. I tried to remove these two packages by “rpm -e”, but then the two have so many packages depending and I could not done the delete operation. Then I downloaded the rpm packages:0.9.8c.rpm and devel-0.9.8c and tired to update : rpm -Uvh *.rpm, it also failed. Note, the openssl-develop package must be installed, or in OpenLDAP installation would have errors. Finally, I decided to use and complie the source package like “.tar.gz”. This source code has already included the development packages as openssl website indicates.

Unzip the tarball package and go to its directory:
# tar zxvf openssl-0.9.8c.tar.gz
# cd openssl-0.9.8c
Here, I set the “–prefix” paramter as “/usr/local/newssl”, if this parameter is not set, it will use “/usr/local” as default. The most important thing could pay attention, is “shared” parameter must be add with configure command. “shared” means in addition to the usual static libraries create shared libraries. If shared is not set, OpenLDAP installation will failed.
# ./configure –prefix=/usr/local/newssl shared
Guess on system mode by issuing:
# ./config -t
Begin to build:
# make depend
# make
# make test
# make install
Create links as following:
# cd /usr/local/newssl/lib
# ln -s libcrypto.so libcrypto.so.2
# ln -s libssl.so.0.9.8c libssl.so.c
Update the library:
# echo /usr/local/newssl/lib >> /etc/ld.so.conf
# lddconfig -v
Update the PATH:
# vi /root/.bash_profile
PATH=/usr/local/newssl/bin:$PATH:…
Note, here “/usr/local/newssl” could be added in the first position.
Check SSL installation:
# which openssl
If successful, it will show “/usr/loca/newssl/bin/openssl”
# openssl version
If successful, it will show “0.9.8c”.

2.Install Berkeley DB4.3
Download the source code, unzip and compile:
# tar zxvf BerkeleyDB.4.3.tar.gz
# cd BerkeleyDB.4.3/build_unix
# ../dist/configure
As the default, Berkeley DB will be installed at “/usr/local” directory.
# make && make install
The most important in this stage is recovery the former Berkeley DB version 4.1 which has been installed in the OS. If ignore this step, during OpenLDAP installation, it failed with “Berkeley DB version dismatch”.
# cd /usr/lib
Remove all items named “libdb4.1”, and copy all the 4.3 libraries in “/usr/local/BerkeleyDB.4.3/lib” to “/usr/libdb4.1”. Ok, everything about Berkeley DB has been configurated successfully.

3.Install OpenLDAP
Download the source code from www.openldap.org, the version I used is 2.3.29.
Unzip the package:
# tar zxvf openldap-2.3.29.tar.gz
Before “configure”, the env must be set rightly,”CPPFLAGS” is the path of OpenSSL and Berkeley DB’s include directories location, and “LDFLAGS” is the path of OpenSSL and Berkeley DB’s library directories location.
# env CPPFLAGS=”-I/usr/local/newssl/include -I/usr/local/BerkeleyDB.4.3/include” LDFLAGS=”-L/usr/local/newssl/lib -L/usr/local/BerkeleyDB.4.3/lib” ./configure –with-tls
If all the above steps are set rightly, the configure process will create make file without errors.
# make
# make install

Finally, run “/usr/local/libexec/sladp” in the command line to check whether the installation has been done or not. if the sladp runs well, it means the successful installation.