25 May 2007 - 06:47OpenLDAP on Windows
Lots of questions come up on various mailing lists about building OpenLDAP on Microsoft Windows™ and about packaged versions of OpenLDAP for Windows. We at Symas do our best to answer them, but I got tired of seeing the questions and the varying answers from other sources. I decided to do a little survey to see what's available in the form of packaged distributions. The results of that survey are below, but first I want to comment on building OpenLDAP on Windows.Lets face it. Building OpenLDAP is not like building other Open Source projects. OpenLDAP is a high-perfomance enterprise-grade LDAP directory server that relies on a narrow range of versions of other Open Source projects, including Berkeley DB, Cyrus SASL, OpenSSL, and libtool. Furthermore, building under Windows requires a POSIX-compliant regular expression (regex) library. Getting the correct versions of these components properly built under Windows is a challenge, to say the least. Properly building and packaging everything is downright difficult. At Symas it took us about three months to get everything tied up right so we could produce a repeatable, stable build that passed our tests. And we're experts. Even then the development tools (msys and mingw) gave us fits. It wasn't until recently that we managed to assemble a toolchain and development environment that was completely trouble-free (thanks VMWare!). This is not an indictment of OpenLDAP or any of the other Open Source projects- it's simply a statement of what is.
Ok... so I decided to spend some time with Google to see what I could find in the way of packaged OpenLDAP builds for Windows. I found three alternatives:
- Lucas Bergman's site offers this "port" of OpenLDAP- In 2000 then-Symas Engineer and co-founder Jon Leichter did the actual work to port OpenLDAP to Windows, checked it into OpenLDAP's source tree, and then wrote this FAQ-o-Matic entry. Shortly after, Lucas picked up the work and started producing his packages, which can be found here. Sadly, Lucas took credit for the porting work we did. His most recent effort features OpenLDAP 2.2.29 (released in 2003), Berkeley DB 4.3.29, and OpenSSL 0.9.8. While we applaud Lucas's use of "modern" OpenSSL, there are problems with the versions of OpenLDAP and Berkely DB that he selected. According to the OpenLDAP foundation, OpenLDAP 2.2.29 is not actively being maintained. The OpenLDAP Foundation warns that Berkeley DB 4.3 is too unstable for use with OpenLDAP. Lucas seems to be relying on the community for testing, and support for these packages is only available by volunteers who read his mailing list, because the OpenLDAP Project can only help with current versions of OpenLDAP.
- ILEX offers this packaged version of OpenLDAP- This one is based on OpenLDAP 2.0.29, which was originally released in 2000, and features, SASL 1.5.28, BDB 4.1.25, and an unknown version of OpenSSL (probably 0.9.6). Well, OpenLDAP 2.0 was not much more than a toy back then - at the time the OpenLDAP site called it a "reference implementation", and Berkeley DB 4.1 had acknowledged problems with paging - but this package features a "wizard" that helps create a configuration file for OpenLDAP. Kudos to the ILEX folks for trying to do something different. To my knowledge this package is totally unsupported, as stated in the web page.
- Symas offers professionally supported, tested, and packaged versions of OpenLDAP under it's Connexitor trademark. The packages are called Connexitor Directory Services. CDS 3.7 features OpenLDAP 2.3.35, Cyrus SASL 2.1.22, OpenSSL 0.9.7l, and Berkeley DB 4.2.52. The Windows package is like all other CDS packages in that it includes everything needed to bring up a fully functional LDAP directory server in about five minutes, and it adds a sample 10,000-entry LDAP database so that novices can use it immediately after installation. The package also includes a detailed ReadMe file that lays out all of the little details one must know about running OpenLDAP under Windows. Finally, the libraries and header files for OpenLDAP, Cyrus SASL, and OpenSSL can be installed so that users can build software that uses the OpenLDAP libraries or can develop new slapd overlays without the need to have the entire OpenLDAP build tree present. CDS is supported by a staff of experienced software professionals, including Symas co-founder and OpenLDAP chief architect, Howard Chu. Organizations around the world are using CDS in mission-critical applications and rely on Symas's engineering team for support.
Maybe this post is somewhat self-serving... It stands to reason that I'd write a piece in which Symas is the winner. But the fact is that no one else produces more OpenLDAP distributions for more operating systems and architectures than we do, and no one provides better support for OpenLDAP than we do. Just ask our customers.
one comment:
I just installed Symas CDS Silver 3.10 on Windows XP. There was trouble starting the service. It failed with error code 19. Finally, on a hunch, I looked in the CDSSilver folder and found the slaptest.exe. On running this from command prompt, it showed message:
“could not stat config file ”.slapd.conf”: No such file or directory (2)
slaptest: bad configuration file!”
There was no slapd.conf file in the folder, and on renaming the ldap.conf.default and slapd.conf.default files to ldap.conf and slapd.conf, the service started without any problem.
Now I am looking for a way to test the service. Can you help, or is this the wrong location to ask?
No trackbacks: