OpenLDAP 'deref' overlay

Sassy Natan sassyn at
Sat Jan 3 11:39:30 GMT 2009

Cool Thanks!!!!!

I manage to compile it and run the new version.

thanks again

On Fri, Jan 2, 2009 at 11:16 PM, Scott Lovenberg
<scott.lovenberg at>wrote:

> Sassy Natan wrote:
>> On 16 Dec 2008 08:18:21 Andrew Bartlett wrote:
>> """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
>> s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference
>> depending on ...<
>> This just changes the existing stratagy of loading different modules
>> for the OpenLDAP backend to also include extended_dn_out_*
>> When we provision the OpenLDAP backend, we make sure to include the
>> 'deref' overlay (which must be made available by the OpenLDAP build)
>> """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
>> I'm using Debian OpenLDAP 2.4.11 via the debain repository, but it seems
>> that the 'deref' overlay doesn't exits in this verion, so I ahd to compile
>> my own OpenLDAP server version 2.4.13.
>> I was wonder if anyone can tell me which options should be on when
>> compiling
>> the new version.
>> Bassilcy I add them all like this :
>> ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
>> --sysconfdir=/etc/ --localstatedir=/var --libdir=/usr/lib/ldap
>> --includedir=/usr/include/ --mandir=/usr/share/man --enable-debug=yes
>> --enable-dynamic=yes --enable-syslog=yes --enable-proctitle=yes
>> --enable-ipv6=yes --enable-local=yes -enable-slapd=yes
>> --enable-cleartext=yes --enable-crypt=yes --enable-lmpasswd=yes
>> --enable-spasswd=yes --enable-modules=yes --enable-rewrite=yes
>> --enable-rlookups=yes --enable-slapi=yes --enable-slp=yes
>> --enable-wrappers=yes --enable-backends=yes --enable-bdb=yes
>> --enable-dnssrv=yes --enable-hdb=yes --enable-ldap=yes --enable-meta=yes
>> --enable-monitor=yes --enable-ndb=yes --enable-null=yes
>> --enable-passwd=yes
>> --enable-perl=yes --enable-relay=yes --enable-shell=yes --enable-sock=yes
>> --enable-sql=yes --enable-overlays=yes --enable-accesslog=yes
>> --enable-auditlog=yes --enable-collect=yes --enable-constraint=yes
>> --enable-dds=yes --enable-deref=yes --enable-dyngroup=yes
>> --enable-dynlist=yes --enable-memberof=yes --enable-ppolicy=yes
>> --enable-proxycache=yes --enable-refint=yes --enable-retcode=yes
>> --enable-rwm=yes --enable-seqmod=yes --enable-syncprov=yes
>> --enable-translucent=yes --enable-unique=yes --enable-valsort=yes
>> --enable-shared --enable-fast-install --with-cyrus-sasl --with-fetch
>> --with-gssapi --with-threads --with-tls --with-odbc
>> But I'm I don't need all of this
>> Can some provide some feedback?
>> Thanks
>> Sassy
> FWIW, last time I compiled LDAP on Slackware I did the '...and the kitchen
> sink' thing with libraries to give me more flexibility, but I also ended up
> chasing dependencies for quite a few packages.
> As for capabilities, it all depends on how you have your site setup.  You
> should only need to enable your backend storage and protocols for it (I
> remember that enabling sql had a ton of dependencies).  You may want to skip
> over the ipv6 stack, too.  The 'includedir' probably isn't needed, but won't
> hurt anything.  So, the question is, what interfaces do you need for your
> setup?  BDB, passwd, tls, gssapi, and/or sasl, slapd, sock and threads is
> fairly common.  Accesslog and syslog are probably recommended, and auditlog
> might not be a bad idea.
> All that being said, doing the 'kitchen sink' thing is also a way to go if
> you don't know exactly how you are going to interface a backend.  But it
> will increase your attack-surface and leave you chasing nested dependencies,
> and should be avoided if either of those ideas bother you.  I'd stay away
> from compiling in sql unless you really want to use a sql backend, though -
> you'll need about 5 other packages to satisfy its requirements.

More information about the samba-technical mailing list