OpenLDAP Software relies upon a number of software packages distributed by third parties. Depending on the features you intend to use, you may have to download and install a number of additional software packages. This section details commonly needed third party software packages you might have to install. However, for an up-to-date prerequisite information, the README document should be consulted. Note that some of these third party packages may depend on additional software packages. Install each package per the installation instructions provided with it.
OpenLDAP clients and servers require installation of either OpenSSL or GnuTLS TLS libraries to provide Transport Layer Security services. Though some operating systems may provide these libraries as part of the base system or as an optional software component, OpenSSL and GnuTLS often require separate installation.
OpenSSL is available from https://www.openssl.org/. GnuTLS is available from https://www.gnu.org/software/gnutls/.
OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's configure detects a usable TLS library.
OpenLDAP clients and servers require installation of Cyrus SASL libraries to provide Simple Authentication and Security Layer services. Though some operating systems may provide this library as part of the base system or as an optional software component, Cyrus SASL often requires separate installation.
Cyrus SASL is available from https://asg.web.cmu.edu/sasl/sasl-library.html. Cyrus SASL will make use of OpenSSL and Kerberos/GSSAPI libraries if preinstalled.
OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's configure detects a usable Cyrus SASL installation.
OpenLDAP clients and servers support Kerberos authentication services. In particular, OpenLDAP supports the Kerberos V GSS-API SASL authentication mechanism known as the GSSAPI mechanism. This feature requires, in addition to Cyrus SASL libraries, either Heimdal or MIT Kerberos V libraries.
Heimdal Kerberos is available from https://www.pdc.kth.se/heimdal/. MIT Kerberos is available from https://web.mit.edu/kerberos/www/.
Use of strong authentication services, such as those provided by Kerberos, is highly recommended.
OpenLDAP's slapd(8) BDB and HDB primary database backends require Oracle Corporation Berkeley DB. If not available at configure time, you will not be able build slapd(8) with these primary database backends.
Your operating system may provide a supported version of Berkeley DB in the base system or as an optional software component. If not, you'll have to obtain and install it yourself.
Berkeley DB is available from Oracle Corporation's Berkeley DB download page https://www.oracle.com/technology/software/products/berkeley-db/index.html.
There are several versions available. Generally, the most recent release (with published patches) is recommended. This package is required if you wish to use the BDB or HDB database backends.
Please see Recommended OpenLDAP Software Dependency Versions
for more information.
OpenLDAP is designed to take advantage of threads. OpenLDAP supports POSIX pthreads, Mach CThreads, and a number of other varieties. configure will complain if it cannot find a suitable thread subsystem. If this occurs, please consult the Software|Installation|Platform Hints section of the OpenLDAP FAQ https://www.openldap.org/faq/.
slapd(8) supports TCP Wrappers (IP level access control filters) if preinstalled. Use of TCP Wrappers or other IP-level access filters (such as those provided by an IP-level firewall) is recommended for servers containing non-public information.