个人工具

OpenLDAPAdminGuide/BuildingAndInstallingOpenldapSoftware

来自Ubuntu中文

跳转至: 导航, 搜索

Building and Installing OpenLDAP Software(编译和安装 OpenLDAP 软件)

This chapter details how to build and install the OpenLDAP Software package including slapd(8), the stand-alone LDAP daemon and slurpd(8), the stand-alone update replication daemon. Building and installing OpenLDAP Software requires several steps: installing prerequisite software, configuring OpenLDAP Software itself, making, and finally installing. The following sections describe this process in detail.
本章详细介绍了如何编译和安装 OpenLDAP 软件包,包括 slapd(8) (独立的 LDAP 守护程序)和 slurpd(8) (独立的更新复制守护程序)。编译和安装 OpenLDAP 需要几个步骤:安装必要的软件、配置 OpenLDAP 本身、编译以及最终安装。下面的部分详细描述了这个过程。

Obtaining and Extracting the Software(获得并解压软件)

You can obtain OpenLDAP Software from the project's download page at http://www.openldap.org/software/download/ or directly from the project's FTP service at ftp://ftp.openldap.org/pub/OpenLDAP/.
您可以从项目下载页项目FTP服务的目录中得到 OpenLDAP 软件。

The project makes available two series of packages for general use. The project makes releases as new features and bug fixes come available. Though the project takes steps to improve stablity of these releases, it is common for problems to arise only after release. The stable release is the latest release which has demonstrated stability through general use.
该项目组为一般使用提供了两套软件包。项目组一般在新增特性和修复错误时发布新的版本。尽管项目组采取措施来提高这些发行版的稳定性,但通常只有在版本发布之后问题才会大量出现。稳定版是经过大家使用后被证明是稳定的最新版本。

Users of OpenLDAP Software can choose, depending on their desire for the latest features versus demonstrated stability, the most appropriate series to install.
相对稳定性而言,OpenLDAP 软件的用户可以根据他们自己的意愿来选择最适合的版本来安装。

After downloading OpenLDAP Software, you need to extract the distribution from the compressed archive file and change your working directory to the top directory of the distribution:
在下载 OpenLDAP 软件之后,您需要从压缩包文件中解压出发行版,并将您的工作目录改成发行版所在的顶级目录。

gunzip -c openldap-VERSION.tgz | tar xf -
cd openldap-VERSION

You'll have to replace VERSION with the version name of the release.
您必须用发行版本号来替换 VERSION。

You should now review the COPYRIGHT, LICENSE, README and INSTALL documents provided with the distribution. The COPYRIGHT and LICENSE provide information on acceptable use, copying, and limitation of warranty of OpenLDAP Software. The README and INSTALL documents provide detailed information on prerequisite software and installation procedures.
您现在应该查看随版本发行的版权、许可证、README以及安装文档。版权和许可证提供了 OpenLDAP 软件使用,拷贝和限制方面的警告信息。READMD 和安装文档将提供所需软件和安装过程的详细信息。

Prerequisite software(所需软件)

OpenLDAP Software relies upon a number of software packages distributed by third parties. Depending on the features you intend to use, you may have to download and install a number of additional software packages. This section details commonly needed third party software packages you might have to install. However, for an up-to-date prerequisite information, the README document should be consulted. Note that some of these third party packages may depend on additional software packages. Install each package per the installation instructions provided with it. 4.2.1.
OpenLDAP 软件依赖许多第三方的软件包。根据您打算使用的特性,您可能必须下载安装许多额外的软件包。本部分详细描述了您通常必须安装的第三方软件包。然而,为了得到更新的必要信息,应查看 README 文档。注意有些第三方的软件包也依赖其它软件包。请按照它们的安装说明来安装每一个软件包。

Transport Layer Security(传输安全层)

OpenLDAP clients and servers require installation of OpenSSL TLS libraries to provide Transport Layer Security services. Though some operating systems may provide these libraries as part of the base system or as an optional software component, OpenSSL often requires separate installation.
OpenLDAP 客户端和服务器需要安装 OpenSSL TLS 库来提供传输层的安全服务。虽然一些操作系统可能将这些库作为基本系统的一部分或作为可选软件组件来提供,但 OpenSSL 通常需要单独安装。

OpenSSL is available from http://www.openssl.org/.
OpenSSL 可以在 http://www.openssl.org/ 获得。

OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's configure detects a usable OpenSSL installation.
除非 OpenLDAP 的 configure 检测到了可用的 OpenSSL 安装,否则,OpenLDAP 不会完全符合 LDAPV3 标准的。

Kerberos Authentication Services(Kerberos 认证服务)

OpenLDAP clients and servers support Kerberos-based authentication services. In particular, OpenLDAP supports the SASL/GSSAPI authentication mechanism using either Heimdal or MIT Kerberos V packages. If you desire to use Kerberos-based SASL/GSSAPI authentication, you should install either Heimdal or MIT Kerberos V.
OpenLDAP 客户端和服务器端支持基于 Kerberos 的认证服务。尤其 OpenLDAP 是通过 Heimdal 或者 MIT Kerberos V 软件包来支持 SASL/GSSAPI 认证机制的。因此应该安装 Heimdal 或 MIT Kerberos V。

Heimdal Kerberos is available from http://www.pdc.kth.se/heimdal/. MIT Kerberos is available from http://web.mit.edu/kerberos/www/.
Heimdal Kerberos 可以在 http://www.pdc.kth.se/heimdal/ 下载,MIT Kerberos 则可以在 http://web.mit.edu/kerberos/www/ 下载。

Use of strong authentication services, such as those provided by Kerberos, is highly recommended.
强烈建议使用高强度的认证服务,如 Kerberos 所提供的认证服务。

Simple Authentication and Security Layer(简单认证和安全层)

OpenLDAP clients and servers require installation of Cyrus's SASL libraries to provide Simple Authentication and Security Layer services. Though some operating systems may provide this library as part of the base system or as an optional software component, Cyrus SASL often requires separate installation.
OpenLDAP 客户端和服务器需要安装 Cyrus’s SASL 库来提供简单认证和安全层服务。虽然一些操作系统可能将这些库作为基本系统的一部分或作为可选软件组件来提供,但 Cyrus SASL 通常需要单独安装。

Cyrus SASL is available from http://asg.web.cmu.edu/sasl/sasl-library.html. Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries if preinstalled.
Cyrus SASL可以在 http://asg.web.cmu.edu/sasl/sasl-library.html 获得。如果预安装了 OpenSSL 和 Kerberos/GSSAPI 库,Cyrus SASL 将使用它们。

OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's configure detects a usable Cyrus SASL installation.
除非 OpenLDAP 的 configure 检测到了可用的 Cyrus SASL 安装,否则,OpenLDAP 不会完全符合 LDAPV3 标准的。

Database Software(数据库软件)

OpenLDAP's slapd(8) primary database backend, BDB, requires Sleepycat Software Berkeley DB. If not available at configure time, you will not be able build slapd(8) with this primary database backend.
OpenLDAP slapd(8) 的主后台数据库(BDB)需要 Sleepycat Software Berkeley DB。如果在配置时该软件不可用,您将不能编译 slapd(8) 使用这个主后台数据库。

Your operating system may provide a supported version of Berkeley DB in the base system or as an optional software component. If not, you'll have to obtain and install it yourself.
您的操作系统可能会将 Berkeley DB 做为基本系统的一部分或作为可选软件组件来提供。如果不是的话,您自己必须下载并安装它。

Berkeley DB is available from Sleepycat Software's download page http://www.sleepycat.com/download/. There are several versions available. Generally, the most recent release (with published patches) is recommended. This package is required if you wish to use the BDB database backend.
Berkeley DB 可以在 //www.sleepycat.com/download.html:Sleepycat Software 的下载页中获得。那儿有几个可用的版本。通常推荐最新的版本(以及发布的补丁)。如果您想使用 BDB 后台数据库,将需要这个软件包。

OpenLDAP's slapd(8) LDBM backend supports a variety of data base managers including Berkeley DB and GDBM. GDBM is available from FSF's download site ftp://ftp.gnu.org/pub/gnu/gdbm/.
OpenLDAP 的 slapd(8) LDBM 后台数据库支持多种数据库管理器,包括 Berkeley DB 和 GDBM。 GDBM 可以在 //ftp.gnu.org/pub/gnu/gdbm/:FSF 的下载站点 获得。

Threads(线程)

OpenLDAP is designed to take advantage of threads. OpenLDAP supports POSIX pthreads, Mach CThreads, and a number of other varieties. configure will complain if it cannot find a suitable thread subsystem. If this occurs, please consult the Software|Installation|Platform Hints section of the OpenLDAP FAQ http://www.openldap.org/faq/.
OpenLDAP 在设计上利用了线程。OpenLDAP 支持 POSIX 的 pthreads、Mach 的 Cthreads 以及其他一些线程库。如果不能发现合适的线程子系统,configure 将会不通过。如果发生了这种情况,请参考 OpenLDAP FAQ 的 Software|Installation|PlatformHints 部分。

TCP Wrappers

slapd(8) supports TCP Wrappers (IP level access control filters) if preinstalled. Use of TCP Wrappers or other IP-level access filters (such as those provided by an IP-level firewall) is recommended for servers containing non-public information.
如果被预安装的话,slapd(8) 将支持 TCP Wrappers(IP层访问控制过滤)。对于一个包含非公共信息的服务器,推荐使用 TCP Wrappers 或其的他IP层访问过滤(如由IP层防火墙来提供这些功能)。

Running configure(运行 configure 脚本)

Now you should probably run the configure script with the --help option. This will give you a list of options that you can change when building OpenLDAP. Many of the features of OpenLDAP can be enabled or disabled using this method.
现在,您或许应该使用 —-help 选项来运行 configure 脚本。它将给您显示您在编译 OpenLDAP 时可改变的选项列表。许多 OpenLDAP 的特性可以通过这种方法来启用或者禁用。

./configure --help

The configure script will also look at various environment variables for certain settings. These environment variables include:
configure 脚本将为某种设置来检查不同的环境变量。这些环境变量包括:

Table 4.1: Environment Variables (环境变量)

Variable(变量) Description(描述)
CC Specify alternative C Compiler(指定替代 C 编译器)
CFLAGS Specify additional compiler flags(指定附加编译器标志)
CPPFLAGS Specify C Preprocessor flags(指定 C 预处理器标志)
LDFLAGS Specify linker flags(指定链接标志)
LIBS Specify additional libraries(指定附加库)

Now run the configure script with any desired configuration options or environment variables.
现在可以使用任何想要的配置选项或环境变量来运行 configure。

[[env] settings] ./configure [options]

As an example, let's assume that we want to install OpenLDAP with BDB backend and TCP Wrappers support. By default, BDB is enabled and TCP Wrappers is not. So, we just need to specify --with-wrappers to include TCP Wrappers support:
例如,让我们假设我们需要安装使用 BDB 后台数据库和 TCP wrapper 支持的 OpenLDAP。默认情况下,BDB是启用的,TCP wrappers是禁用的。因此,我们只需要指定 —with-wrappers 来包含对 TCP Wrapper 的支持即可:

./configure --with-wrappers

However, this will fail to locate dependent software not installed in system directories. For example, if TCP Wrappers headers and libraries are installed in /usr/local/include and /usr/local/lib respectively, the configure script should be called as follows:
然而,如果所依赖的软件没有安装在系统目录下,命令将会失败。举个例子,如果 TCP Wrappers 的头文件和库文件安装在 /usr/local/include 和 /usr/local/lib 目录,configure 脚本应该做如下调用:

env CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" \
./configure --with-wrappers

Note: Some shells, such as those derived from the Bourne sh(1), do not require use of the env(1) command. In some cases, environmental variables have to be specified using alternative syntaxes.
注意:某些 shells,比如从 Bourne sh(1) 派生的,并不需要使用 env(1) 命令。在某些情况下,环境变量必须使用其他的语法指定。


The configure script will normally auto-detect appropriate settings. If you have problems at this stage, consult any platform specific hints and check your configure options, if any.
通常 configure 脚本能够自动监测合适的设置。如果您在这个阶段有问题的话,请参考 Platform Specific Hints 或者检查您的 configure 选项。

Building the Software(编译软件)

Once you have run the configure script the last line of output should be:
一旦您运行了 configure 脚本之后,最后出现的一行输出应该如下所示:

Please "make depend" to build dependencies

If the last line of output does not match, configure has failed, and you will need to review its output to determine what went wrong. You should not proceed until configure completes successfully.
如果最后一行输出同上面不一致,那说明 configure 失败,您将需要查看它的输出以确定哪里出错。您在配置完全成功之前不应该继续。

To build dependencies, run:
要编译依赖选项,执行:

make depend

Now build the software, this step will actually compile OpenLDAP.
现在编译软件,这一步将实际编译 OpenLDAP。


make

You should examine the output of this command carefully to make sure everything is built correctly. Note that this command builds the LDAP libraries and associated clients as well as slapd(8) and slurpd(8).
您应该检查该命令的输出用以确定所有东西都被正确编译。注意,该命令不仅编译了 slapd(8) 和 slurpd(8),还编译了 LDAP 库和 LDAP 客户端。

Testing the Software(测试软件)

Once the software has been properly configured and successfully made, you should run the test suite to verify the build.
一旦软件被适当配置和成功编译之后,您就应该执行测试程序来检测编译了。执行:

make test

Tests which apply to your configuration will run and they should pass. Some tests, such as the replication test, may be skipped if not supported by your configuration.
符合您配置的测试程序将被运行,并且它们也应该通过。如复制测试之类的一些测试,如果您配置并不支持的话应该忽略。

Installing the Software(安装软件)

Once you have successfully tested the software, you are ready to install it. You will need to have write permission to the installation directories you specified when you ran configure. By default OpenLDAP Software is installed in /usr/local. If you changed this setting with the --prefix configure option, it will be installed in the location you provided.
成功测试之后就可以准备安装了。必须具有正确的权限。缺省情况下,OpenLDAP安装在/usr/local目录下。如果在configure中使用了—prefix选项改变了目录,将会安装到你指定的目录下。

Typically, the installation requires super-user privileges. From the top level OpenLDAP source directory, type:
一般来说,安装需要超级用户权限。在 OpenLDAP 的顶层目录中,输入:

su root -c 'make install'

and enter the appropriate password when requested.
当需要时输入正确的密码。

You should examine the output of this command carefully to make sure everything is installed correctly. You will find the configuration files for slapd(8) in /usr/local/etc/openldap by default. See the chapter The slapd Configuration File for additional information.
您应该仔细检查该命令的输出以确认所有东西都安装正确。在缺省情况下,您将在 /usr/local/etc/openldap 目录中找到 slapd(8) 的配置文件。请参阅“slapd 配置文件”一章得到更多的信息。