3.1 Obtaining the OpenLDAP Distribution
project does not make binary distributions of its software available.
The reason for this has a lot to do with the number of dependencies
it has on other packages. Many Linux vendors include precompiled
versions of OpenLDAP with their distributions. Still,
we'll discuss how to compile the OpenLDAP source
code distribution; you'll need to build OpenLDAP to
stay up to date, and studying the build process gives you a chance to
learn more about the LDAP protocol.
Corporation also provides some precompiled OpenLDAP packages
(including requisite software components) for Solaris and HP-UX at
The latest version of OpenLDAP can be obtained from http://www.OpenLDAP.org/software/download/.
There are two major incarnations of OpenLDAP. The older 1.2 releases
are essentially enhancements or small bug fixes to the original
University of Michigan code base and implement only LDAPv2. The
OpenLDAP 2 branch is an LDAPv3-compliant implementation.
There are several advantages of
LDAPv3 over the previous
version, such as:
The ability to refer clients to other LDAP servers for information.
The LDAPv2 RFCs contained no provision for returning a referral to a
client. While the University of Michigan server supported an
experimental implementation of referrals, the concept was not
standardized until the LDAPv3 specifications. Standardization made
interoperability between servers and clients from different vendors
possible, something that was missing under LDAPv2.
The ability to publish the server's schema via LDAP
operations, which makes it easier for clients to learn the
server's schema before performing searches. The only
way to determine the schema supported by an LDAPv2 server was to
examine the server's configuration files. Publishing
the server's schema as entries within the directory
allows for such things as real-time updates via standard LDAP
operations. (Note that LDAPv3 does not require dynamic updates.)
through the use of UTF-8 characters in strings
(RFC 2253) and
language tags for attribute descriptions (RFC 2596).
Improved security and flexibility for authentication credentials and
data via SASL and SSL/TLS. LDAPv2 supported only simple binds or
Kerberos 4 authentication.
Support for protocol extensions as a mechanism to enhance existing
operations or add new commands without requiring that a new revision
of the LDAP protocol be defined.
The OpenLDAP 2 release is an LDAPv3 server. However, LDAPv2 clients
are not going away anytime soon. Therefore, OpenLDAP 2 and the
majority of other LDAP servers can support both LDAPv2 and v3