A couple of people have posted a question asking whether anyone has successfully ported Open LDAP, but we've had no response.

Has anyone done this??? I'm not knowledgeable enough to do it myself! but I really like using it...

Tim

[Angus_D]

found this on the macosx-admin@omnigroup.com mailing list:
-------
On Monday, December 11, 2000, at 02:41 AM, Martin Ott wrote:

> Has anybody successfully compiled and set up OpenLDAP on Darwin or Mac OS X?

I managed to get OpenLDAP to compile, but I wasn't able to get populate the database. I'm sure it's only a matter of more fiddling, but my supply of free time dried up. Below is a Makefile that makes the build process painless. It was given to me by Luke Howard.

To use it, unpack the OpenLDAP distribution into a directory called 'ldap' and put the make file in the same directory as the 'ldap' directory. (ie, not with the ldap sources, but one level up). If your cc doesn't support fat binaries, (as is the case with the OSXPB Developer Tools) you'll need to modify /Developer/Makefiles/CoreOS/ReleaseControl/Common.make: change the line that reads

RC_ARCHS = ppc i386

to

RC_ARCHS = ppc


Otherwise you try to build for intel as well, and it don't work.

Have fun! If you figure out how to get data into the directory, please let me know.

Colin

##
# Makefile for OpenLDAP
##
# Luke Howard, lukeh@darwin.apple.com
##

RC_JASPER = YES
DEBUG = YES

# Project info
Project = ldap
ProjectName = OpenLDAP
UserType = Administrator
ToolType = Services
GnuNoBuild = YES

Extra_LD_Flags =
Extra_CC_Flags = -fno-common
Extra_Configure_Flags = --enable-shared

Extra_Install_Flags = sysconfdir="$(DSTROOT)$(ETCDIR)/openldap" \
localstatedir="$(DSTROOT)$(VARDIR)" \
includedir="$(DSTROOT)/$(USRINCLUDEDIR)"

Extra_Configure_Flags += --localstatedir=$(VARDIR) --sysconfdir=$(ETCDIR)

#Extra_Configure_Flags += --with-tls
#Extra_LD_Libraries += -framework openssl

# comment out if you're not building back-netinfo;
# make sure you've installed Services/netinfo/common
# headers and library into /AppleInternal/Developer
NetInfoBackend = NO

ifeq ($(NetInfoBackend),YES)
Extra_LD_Flags += -all_load
Extra_CC_Flags += -I/AppleInternal/Developer/Headers
Extra_LD_Libraries += -L/AppleInternal/Developer/Libraries -lcommon
Extra_Configure_Flags += --enable-netinfo --program-transform-name="s/^sl/ni-sl/"
endif

#GnuAfterInstall = install-startup-item

# It's a GNU Source project
include $(MAKEFILEPATH)/CoreOS/ReleaseControl/GNUSource.make

Install_Target = install

build:: configure
@echo "Building $(Project)..."
$(_v) $(MAKE) -C $(BuildDirectory)

#StartupItemDir = $(NSLIBRARYDIR)/StartupItems/LDAP
#
#install-startup-item:
# $(_v) $(INSTALL_DIRECTORY) $(DSTROOT)$(StartupItemDir)
# $(_v) $(INSTALL_SCRIPT) -c startup.script $(DSTROOT)$(StartupItemDir)/LDAP
# $(_v) $(INSTALL_FILE) -c startup.plist $(DSTROOT)$(StartupItemDir)/StartupParameters.plist
_______________________________________________
MacOSX-admin mailing list
MacOSX-admin@omnigroup.com http://www.omnigroup.com/mailman/listinfo/macosx-admin

Wow! It works...

Some funny things happened though...

Ok on the makefile at this point --
build:: configure
@echo "Building $(Project)..."
$(_v) $(MAKE) -C $(BuildDirectory)

the lines below as indicated above with spaces, must be *tabbed* for make to work.

And for me, when it installed it actually put the Build dir into the /tmp dir. I had to change into there and do the make test, and the make install.

The daemons listening properly... lets see how to play with it now.

Ok my spaces didn't work hence I guess why the tabs did not post in the original,
on the two lines (49,50) after:
build:: configure

they must be tabbed. ie:
\t@echo "Building $(Project)..."
\t$(_v) $(MAKE) -C $(BuildDirectory)

I'm going to play around with the java interface with jndi to see if that works. I have code that works well with the Netscape Directory Service. I understand that the Mozilla implementation (ie the same used by the Netscape Dir Service) of jndi works with OpenLDAP... let's see.

Ok I've worked out how to create the database, add the Directory Manager, add people.

Basically what you need to do is to read Chapter 7 of the OpenLDAP Administrator's Manual. I just worked through that chapter.

Two of the configuration files need to be edited:
/etc/openldap/slapd.conf
/etc/openldap/lapd.conf

Change the former to have the suffix that u desire, eg:
suffix o=mydomain.com
(that is the way you do it in the Netscape version, don't use the C (country) flag also. I've never actually used dc (I think directory context) as my suffix so I'm goign to stick to organisational name which I assume is the real convention?

Then u have to change the DN of the Manager to the same suffix, put the o=mydomain.com or whatever, u can leave the dc=mydomain, dc=com if u want but o=mydomain.com feels cleaner.

Ok that is it for that file, perhaps u might want to change the password as well, from secret to someone no one else knows. This info is used to create the DB basically.

Now configure the client config file, ldap.conf, but the base in as the suffix u just entered in the server config file. Also do the uri so that it knows how to find the server, ie your ip and port.

START the SLAPD daemon now. /etc/libexec/slapd

Read 7.1 and it will tell u the rest, u basically copy the text (LDIF):

# Organization for Example Corporation
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: Example Corporation
description: The Example Corporation

# Organizational Role for Directory Manager
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

and then use a command like this to actually create the entry:

ldapadd -f entries.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret


Now you've created the DB and also added the Manager. This did not work automatically for me I had to split those entries into two files... then I got it to work.

But it should work... u should now have a DB, u can test this by typing: slapcat which gives u the info about the DB, and the entries, or perhaps just try ldapsearch which will give u all the users (only manager at this stage).

Now add some people (save to entries.ldif -- and match your password on -w flag):
# Barbara's Entry
dn: cn=Barbara J Jensen,dc=example,dc=com
cn: Barbara J Jensen
cn: Babs Jensen
objectClass: person
sn: Jensen

ldapadd -f entries.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret

And bang you should have added that person. Again test with slapcat and ldapsearch....

All the client and server files have man pages. Just running ldapadd will show you the operators that are common to the client programs. I think the ldapadd is an alias to ldapmodify setting the -a flag by default.

LDAP is the greatest... Now I've just got to know what all the possible attributes are for OpenLDAP (I'm used to the Netscape one which has different ones). Can anyone help me with that???

Tim

I must add another milestone -- I got OpenLDAP on Darwin running with java -- using the JNDI, and Netscape's implementation of the JNDI for their LDAP server (download the java sdk for ldap on iplanet.com -- have to register though, it is free).

Put in your classpath:
jndi.jar
ldapsp.jar (netscape's jndi implementation)
ldapjdk.jar (netscape's native java classes called by the jndi implementation).

then use code that implements the service provide, and set authentication as simple, pass your DN and password as part of the environment hashtable and pass that to the initial context interface and you'll have a context object that you can play around with, add entires and stuff...

I'll paste in my java code when I have it with me...

I can't get this to work on OS/X 10.0. Worked fine on PB.

Crashes during configure looking for pthreads... The implementation of pthreads or Darwin threads as MySQL calls them, hasn't changed, has it??

[Angus_D]

Define "crash". kernel panic? freeze?
if you're crashing then there's something seriously wrong :/

Sorry I'll be more careful with my use of the term crash, I just mean the configure bounces out looking for pthreads, where as it didn't do this on the PB... I'm desperately needing OpenLDAP, use it with sendmail, EJBs, everything... and I'm wanting to make Netinfo use LDAP as its back end (ironically, it seems that that additional makefile also allowed LDAP to have a NetInfo back end, so it is somewhat circular).

Any help would be much appreciated...