H1: Building and Installing OpenLDAP Software
-This chapter details how to build and install the {{ORG:OpenLDAP}}
+This chapter details how to build and install the {{PRD:OpenLDAP}}
Software package including {{slapd}}(8), the stand-alone LDAP daemon
and {{slurpd}}(8), the stand-alone update replication daemon.
Building and installing OpenLDAP Software requires several steps:
{{EX:configure}} detects a usable OpenSSL installation.
-H3: Kerberos Authentication Services
-
-OpenLDAP clients and servers support Kerberos-based authentication
-services.
-In particular, OpenLDAP supports the {{TERM:SASL}}/{{TERM:GSSAPI}}
-authentication mechanism using either {{PRD:Heimdal}} or
-{{PRD:MIT Kerberos}} V packages.
-If you desire to use Kerberos-based SASL/GSSAPI authentication,
-you should install either Heimdal or MIT Kerberos V.
-
-Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
-MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
-
-Use of strong authentication services, such as those provided by
-Kerberos, is highly recommended.
-
-
H3: {{TERM[expand]SASL}}
-OpenLDAP clients and servers require installation of {{PRD:Cyrus}}'s
-{{PRD:SASL}} libraries to provide {{TERM[expand]SASL}} services. Though
+OpenLDAP clients and servers require installation of {{PRD:Cyrus SASL}}
+libraries to provide {{TERM[expand]SASL}} services. Though
some operating systems may provide this library as part of the
base system or as an optional software component, Cyrus SASL
often requires separate installation.
configure detects a usable Cyrus SASL installation.
+H3: {{TERM[expand]Kerberos}}
+
+OpenLDAP clients and servers support {{TERM:Kerberos}} authentication
+services. In particular, OpenLDAP supports the Kerberos V
+{{TERM:GSS-API}} {{TERM:SASL}} authentication mechanism known as
+the {{TERM:GSSAPI}} mechanism. This feature requires, in addition to
+Cyrus SASL libraries, either {{PRD:Heimdal}} or {{PRD:MIT Kerberos}}
+V libraries.
+
+Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
+MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
+
+Use of strong authentication services, such as those provided by
+Kerberos, is highly recommended.
+
+
+
H3: Database Software
OpenLDAP's {{slapd}}(8) {{TERM:BDB}} and {{TERM:HDB}} primary database backends
{{B:{{TERM[expand]SASL}}}}: {{slapd}} supports strong authentication
and data security (integrity and confidentiality) services through
-the use of SASL. {{slapd}}'s SASL implementation utilizes {{PRD:Cyrus}}
-{{PRD:SASL}} software which supports a number of mechanisms including
-DIGEST-MD5, EXTERNAL, and GSSAPI.
+the use of SASL. {{slapd}}'s SASL implementation utilizes {{PRD:Cyrus
+SASL}} software which supports a number of mechanisms including
+{{TERM:DIGEST-MD5}}, {{TERM:EXTERNAL}}, and {{TERM:GSSAPI}}.
{{B:{{TERM[expand]TLS}}}}: {{slapd}} supports certificate-based
authentication and data security (integrity and confidentiality)
customized modules which extend {{slapd}} in numerous ways. Also,
a number of {{programmable database}} modules are provided. These
allow you to expose external data sources to {{slapd}} using popular
-programming languages ({{PRD:Perl}}, {{shell}}, {{PRD:SQL}}, and
+programming languages ({{PRD:Perl}}, {{shell}}, {{SQL}}, and
{{PRD:TCL}}).
{{B:Threads}}: {{slapd}} is threaded for high performance. A single
P2[notoc] Amendments
Suggested enhancements and corrections to this document should
-be submitted using the {{ORG:OpenLDAP}}
+be submitted using the {{PRD:OpenLDAP}}
{{{{TERM[expand]ITS}}}} ({{URL: http://www.openldap.org/its/}}).
their identity to that of another user or service.
This chapter assumes you have read {{Cyrus SASL for System
-Administrators}}, provided with the {{PRD:Cyrus}} {{PRD:SASL}}
+Administrators}}, provided with the {{PRD:Cyrus SASL}}
package (in {{FILE:doc/sysadmin.html}}) and have a working Cyrus
SASL installation. You should use the Cyrus SASL {{EX:sample_client}}
and {{EX:sample_server}} to test your SASL installation before
See the {{SECT:Using TLS}} chapter for more information. StartTLS
is the standard track mechanism.
-A number of {{TERM[expand]SASL}} (SASL) mechanisms, such as DIGEST-MD5
-and {{TERM:GSSAPI}}, also provide data integrity and confidentiality
-protection. See the {{SECT:Using SASL}} chapter for more information.
+A number of {{TERM[expand]SASL}} (SASL) mechanisms, such as
+{{TERM:DIGEST-MD5}} and {{TERM:GSSAPI}}, also provide data integrity
+and confidentiality protection. See the {{SECT:Using SASL}} chapter
+for more information.
H3: Security Strength Factors
Name|Long|Jump
ANSI|American National Standards Institute|http://www.ansi.org/
BSI|British Standards Institute|http://www.bsa-global.com/
-Cyrus|Project Cyrus|http://asg.web.cmu.edu/cyrus/
+Cyrus|Project Cyrus|http://cyrusimap.web.cmu.edu/
FSF|Free Software Foundation|http://www.fsf.org/
GNU|GNU Not Unix Project|http://www.gnu.org/
IAB|Internet Architecture Board|http://www.iab.org/
ITU|International Telephone Union|http://www.itu.int/
OLF|OpenLDAP Foundation|http://www.openldap.org/foundation/
OLP|OpenLDAP Project|http://www.openldap.org/project/
-OpenLDAP|OpenLDAP Project|http://www.openldap.org/
OpenSSL|OpenSSL Project|http://www.openssl.org/
-RFC|RFC Editor|http://www.rfc-editor.org/
-Oracle|Oracle|http://www.oracle.com/
+RFC Editor|RFC Editor|http://www.rfc-editor.org/
+Oracle|Oracle Corporation|http://www.oracle.com/
UM|University of Michigan|http://www.umich.edu/
UMLDAP|University of Michigan LDAP Team|http://www.umich.edu/~dirsvcs/ldap/ldap.html
!endblock
Name|Jump
Berkeley DB|http://www.oracle.com/database/berkeley-db/db/index.html
CVS|http://www.cvshome.org/
-Cyrus|http://asg.web.cmu.edu/cyrus/
+Cyrus:http://cyrusimap.web.cmu.edu/generalinfo.html
+Cyrus SASL|http://asg.web.cmu.edu/sasl/sasl-library.html
GNU|http://www.gnu.org/software/
GDBM|http://www.gnu.org/software/gdbm/
Heimdal|http://www.pdc.kth.se/heimdal/
MIT Kerberos|http://web.mit.edu/kerberos/www/
-OpenLDAP|http://www.openldap.org/software/
+OpenLDAP|http://www.openldap.org/
OpenSSL|http://www.openssl.org/
Perl|http://www.perl.org/
-SASL|http://asg.web.cmu.edu/sasl/sasl-library.html
-SQL|http://www.jcc.com/SQLPages/jccs_sql.htm
TCL|http://www.tcl.tk/
-UMLDAP|University of Michigan LDAP|http://www.umich.edu/~dirsvcs/ldap/ldap.html
+SDF|http://search.cpan.org/src/IANC/sdf-2.001/doc/catalog.html
+UMLDAP|http://www.umich.edu/~dirsvcs/ldap/ldap.html
!endblock
# Internet and X.500 terms
BDB|Berkeley DB
BER|Basic Encoding Rules
BNF|Backus-Naur Form
-C|The C Programming Language
CA|Certificate Authority
CCITT|International Telegraph and Telephone Consultative Committee
CER|Canonical Encoding Rules
CLDAP|Connection-less LDAP
CN|Common Name
-CRL|Certificate Revocation List
COSINE|Co-operation and Open Systems Interconnection in Europe
+CRAM-MD5|SASL MD5 Challedge/Response Authentication Mechanism
+CRL|Certificate Revocation List
+C|The C Programming Language
DACD|Directory Access Control Domain
DAP|Directory Access Protocol
DC|Domain Component
DER|Distinguished Encoding Rules
DES|Data Encryption Standard
DIB|Directory Information Base
+DIGEST-MD5|SASL Digest MD5 Authentication Mechanism
DISP|Directory Information Shadowing Protocol
DIT|Directory Information Tree
DMD|Directory Management Domain
DSP|Directory System Protocol
DS|Draft Standard
DUA|Directory User Agent
+EXTERNAL|SASL External Authentication Mechanism
FAQ|Frequently Asked Questions
FTP|File Transfer Protocol
FYI|For Your Information
GSER|Generic String Encoding Rules
-GSSAPI|Generic Security Service Application Program Interface
+GSS-API|Generic Security Service Application Program Interface
+GSSAPI|SASL Kerberos V GSS-API Authentication Mechanism
HDB|Heirarchial Database
HOB|Hierarchical Operational Binding
I-D|Internet-Draft
PDU|Protocol Data Unit
PEM|Privacy Enhanced eMail
PKCS|Public Key Cryptosystem
-PKI|Public Key Infrastructure
PKIX|Public Key Infrastructure X.509
+PKI|Public Key Infrastructure
+PLAIN|SASL Plaintext Password Authentication Mechanism
PRDMD|Private Directory Management Domain
PS|Proposed Standard
RDN|Relative Distinguished Name
-RFC|Request for Comment
+RFC|Request for Comments
RHOB|Relative Hierarchical Operational Binding
RXER|Robust XML Encoding Rules
SASL|Simple Authentication and Security Layer
+SDF|Simple Document Format
SDSE|Shadowed DSE
SHA1|Secure Hash Algorithm 1
SMTP|Simple Mail Transfer Protocol
projects / thirdparty / openldap.git / commitdiff
