OpenLDAP packages

LTB project provides 5 packages for Debian/Ubuntu and Red-Hat/CentOS:

openldap-ltb:

main OpenLDAP package, including slapd-cli, systemd service, and many openldap core modules (see below)

openldap-ltb-contrib-overlays:

additional openldap modules (see the list below)

openldap-ltb-dbg:

debug symbols for openldap

openldap-ltb-explockout:

additional overlay exponential lockout

openldap-ltb-mdb-utils:

additional utilities for the mdb database backend (mdb_*)

Note

LTB team tries to keep packages up to date with the latest OpenLDAP version.

Tip

Every backend and overlay is compiled as a module.

The main OpenLDAP package includes:

  • backends:

    • mdb: main database storage

    • ldap: LDAP proxy

    • meta: agregation of multiple LDAP proxies

    • sock

  • SSL/TLS with OpenSSL

  • SASL (including SASL passwords)

  • SLAPI support

  • CRYPT password

  • support of tcp-wrappers

  • support of reverse lookups of client hostnames

  • argon2 hash scheme

  • schema expose (SLAP_SCHEMA_EXPOSE flag for hidden schema elements)

  • load-balancer (compiled as a module)

  • slapd-cli project, including slapd-cli tool, and systemd services for OpenLDAP and load-balancer

  • logrotate script

  • all standard overlays:

    • accesslog: In-Directory Access Logging

    • auditlog: Audit Logging

    • autoca: Automatic Certificate Authority

    • collect: Collect

    • constraint: Attribute Constraint

    • dds: Dynamic Directory Services

    • deref: Dereference

    • dyngroup: Dynamic Group

    • dynlist: Dynamic List

    • homedir: Home Directory Management

    • memberof: Reverse Group Membership

    • otp: OTP 2-factor authentication

    • ppolicy: Password Policy

    • proxycache: Proxy Cache

    • refint: Referential Integrity

    • remoteauth: Deferred Authentication

    • retcode: Return Code testing

    • rwm: Rewrite/Remap

    • seqmod: Sequential Modify

    • sssvlv: ServerSideSort/VLV

    • syncprov: Syncrepl Provider

    • translucent: Translucent Proxy

    • unique: Attribute Uniqueness

    • valsort: Value Sorting

    • ppm (Password Policy Module): extension to the password policy overlay

The contrib-overlay package includes these additional overlays:

  • autogroup: automatic updates of group memberships which meet the requirements of any filter contained in the group definition.

  • lastbind: logs the last user authentication

  • noopsrch: “no operation search”: do a search in dry-run

  • nssov: handles NSS lookup requests through a local Unix Domain socket

  • pw-pbkdf2: allows PBKDF2 hash scheme

  • pw-sha2: allow SHA2 hash scheme

  • smbk5pwd: update Kerberos keys and Samba password hashes (without Heimdal Kerberos support)

  • variant: share values between entries

  • vc: implements the LDAP “Verify Credentials” extended operation

The installation lies under /usr/local/openldap, in order to avoid conflicts with existing OpenLDAP installation. In particular, we do not interfere with the ldap system libraries, which are linked in by many other programs.