Installed prerequisite software
I have installed a fresh copy of Solaris 10 (http://www.sun.com/software/solaris) OS (SPARC) on a Sun Ultra Enterprise 450 server on Jan 2008. Before building and installing OpenLDAP, I have downloaded and installed the below prerequisite software from http://sunfreeware.com/:
- gcc-3.3.2 (GNU C compiler and related programs)
- sasl-2.1.21 (Simple Authentication and Security Layer)
Sasl plugins are installed at /usr/local/lib/sasl2, but the library will look for them in /usr/lib/sasl2. We need to make sure that the plugins will eventually be in /usr/lib/sasl2 by creating a symbolic link as shown below after installing the sasl package:
# ln –s /usr/local/lib/sasl2 /usr/lib/sasl2 - db-4.2.52.NC (Berkeley Database software)
- tcp_wrappers-7.6 (tcp_wrappers package)
Kindly edit the /etc/hosts.allow and /etc/hosts.deny files to monitor and filter incoming requests for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services. Below are some examples:
/etc/hosts.allow
sshd:<hostname>,<IP_address>,<xxx.xxx.>, <xxx.xxx.xxx.>
where xxx refers to the IP address numbers
/etc/hosts.deny
ALL: ALL@ALL, PARANOID
I use the original SUNWopensslr v11.10.0 (/usr/sfw/bin/openssl) that comes with Solaris 10 OS to provide the Transport Layer Security services. I did not install the Kerberos Authentication Service as we did not use it.
Building and installing OpenLDAP
1. Get the OpenLDAP software and unpack it
Please download the software from http://www.openldap.org/software/download/. It is recommended that new users start with the latest release:
# gunzip -c openldap-VERSION.tgz tar xvf -
# cd openldap-VERSION
2. Running configure
In Solaris 10, please modify your PATH to use the /usr/local/bin/gcc first instead of the /usr/sfw/bin/gcc. I set my environment (env) settings as shown below before running configure:
# env CFLAGS=”-D_AVL_H” CPPFLAGS=”-I/usr/local/include
–I/usr/local/BerkeleyDB.4.2/include
–I/usr/local/include/sasl –I/usr/sfw/include” LDFLAGS=”-L/usr/local/lib
–L/usr/local/BerkeleyDB.4.2/lib –L/usr/local/lib/sasl2 –L/usr/sfw/lib” CC=”/usr/local/bin/gcc”
The CFLAGS=”-D_AVL_H” is used to solve the
make error:make: Fatal error: Command failed for target ‘all-common’
The setting of env on “–I/usr/local/BerkeleyDB.4.2/include” in CPPFLAGS and “–L/usr/local/BerkeleyDB.4.2/lib” in LDFLAGS are used to solve the error:
configure: error: BDB/HDB: BerkeleyDB not available
The setting of env on “–I/usr/sfw/include” in CPPFLAGS and “–L/usr/sfw/lib” in LDFLAGS are used to solve the SUNWopensslr error:
tls.c: syntax error
The setting of env on CC=”/usr/local/bin/gcc” is used to solve the error:
configure: error: C compiler cannot create executables
Then, I ran the below configure options:
# ./configure –with-wrappers –with-tls –with-cyrus-sasl –prefix=/opt/openldap
This will configure openLDAP with TCP Wrappers, Transport Layer Security, Simple Authentication and Security Layer and BDB backend (default) support. I use the –prefix option because I want the openLDAP software to be installed at the /opt directory instead of the default /usr/local directory.
3. Building the software
After running the configure script, the last line of output should be
Please "make depend" to build dependencies
If the last line of output does not match, configure has failed. You will need to review its output to determine what went wrong. You should not proceed until configure completes successfully.
To build dependencies, please run:
# make depend
Now compile OpenLDAP:
# make
This command builds the LDAP libraries and associated clients as well as slapd(8).
4. Testing the software
After openLDAP is properly configured and compiled, before testing the software in Solaris 10, please ensure that you have added the /usr/sfw/bin in the PATH and /usr/sfw/lib in the LD_LIBRARY_PATH to solve the libssl.so.0.9.7 not found error.
You can run the test suite to verify the build:
# make test
5. Installing the software
After you have successfully tested the software, before installing the software in Solaris 10, please ensure that you have added the /usr/ccs/bin in the PATH for root.
Login as root to install the software:
# cd openldap-VERSION
# make install
By default OpenLDAP Software is installed in the /usr/local directory. If you changed this setting with the --prefix configure option, it will be installed in the location you provided. You will find the configuration files for slapd(8) in /usr/local/etc/openldap by default.
References:
5 comments:
When you use --with-wrappers in ./configure did you note which wraplib it configured with? You installed in /usr/local from sunfreeware, but Solaris 10 already has its own wraplib. The issue at hand is that Sun compiled tcp-wrappers with -DPARANOID. I'm wondering how the sunfreeware version was compiled, and whether that was an issue for you.
A checked on the openLDAP config.log did not mentioned which libwrap file (/usr/sfw/lib/libwrap.so or /usr/local/lib/libwrap.a) is being used. The below codes in configure.in might give you some clues on which TCP wrapper library is used:
if test $ol_enable_wrappers != no ; then
AC_CHECK_HEADERS(tcpd.h,[
AC_MSG_CHECKING([for TCP wrappers library])
save_LIBS="$LIBS"
LIBS="$LIBS -lwrap"
...
You might want to ask the Sunfreeware.com author on how he compiled the tcp_wrappers-7.6 (SPARC) for Solaris 10.
Tcp_wrapper was off by default in Solaris 10:
# inetadm -l network/rpc/spray:default|grep tcp_wrapper
-> default tcp_wrappers=FALSE
Till now, I did not enable the SUN default tcp_wrapper in Solaris 10. When testing the tcp_wrappers-7.6, it works by restricting access for other machines not specified in the /etc/hosts.allow file. Hence, I have no issue wth the use of tcp_wrappers-7.6 in my Sun Ultra Enterprise 450 server.
If I remember correctly, the openLDAP should be using the tcp_wrapper-7.6 because if you did not install it and still using the -with-wrappers options in ./configure (without enabling the SUN default tcp_wrapper), ./configure will complaint that the tcp_wrapper is not available. Please try it. Thank you.
Hi, Jack:
Thanks for your post. I followed your instructions but the configure failed as the following:
...
checking for Berkeley DB major version... 4
checking for Berkeley DB minor version... 2
checking for Berkeley DB link (-ldb-4.2)... yes
checking for Berkeley DB version match... no
configure: error: Berkeley DB version mismatch
I checked the config.log and it does not give any error message other than the last line of "exit 1". I have no clue why it failed at checking the DB version. I downloaded and installed the db-4.2.52.NC-sol10-sparc-local.
Do you have any idea what went to wrong?
Louis
Hi Louis,
Please check your LD_LIBRARY_PATH and delete any old version (if any) of Berkeley DB library path. Kindly add in your new Berkeley DB v4.2.52 in the LD_LIBRARY_PATH.
Below is my LD_LIBRARY_PATH for tcsh in .login file:
setenv LD_LIBRARY_PATH /usr/dt/lib:/usr/lib:/etc/lib:/usr/lib/sparcv9:/usr/openwin/lib:/usr/sfw/lib:/opt/openldap/lib:/usr/local/lib:/usr/local/BerkeleyDB.4.2/lib:/usr/local/lib/sasl2
Hope it helps.
Jack
Post a Comment