For a long time CentOS 5 users have been banging their head against their desks because CentOS 5 has only supported OpenLDAP 2.3. While this release has been stable, it is quite long in the tooth and is missing many features that system administrator consider a 'requirement.' Since so many packages link the ldap libraries that OpenLDAP 2.3 provides, upgrading OpenLDAP has been no easy task... until now. With the release of RedHat Enterprise Linux 6, there is now a source RPM package for OpenLDAP 2.4. Here is a short guide to backport OpenLDAP 2.4 for CentOS 6 to CentOS 5.First download the RedHat Enterprise Linux 6 source RPM. You HAVE to use the 2.4.19 version. You cannot use the 2.4.23 version because it will not build the OpenLDAP 2.3 compat package. You can download the source RPM here: http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ (Slow Link)Install the source RPM in the normal RPM manner:
#> rpm --install --nomd5 openldap-2.4.19-15.el6_0.2.src.rpm
You will need a RPM building / packaging environment. There are plenty of sites that describe how to create an RPM build environment and that is outside the scope of this document. If you need help, use Google. Now you need make sure you have the proper development packages installed. The easiest way to get the ones you need is to use the develment install group.
#> yum installgroup "Development Libraries" "Development Tools"
Due to a slight difference between CentOS 5 and CentOS 6, the libtool config.h header files have move. This is easily fixed with a symlink.
#> cd /usr/share/libtool #> ln -s . config
Our example RPM build environment is going to be used by the 'rpm' user and the build directory is called 'rpmbuild'. You now need to copy all of the redhat SOURCE directory and the SPEC directory to your local build environment.
#> cd ~rpm/rpmbuild #> cp /usr/src/redhat/SOURCE/* SOURCE #> cp /usr/src/redhat/SPECS/* SPECS
There is minor package naming difference in the tcp_wrapper package that is the need to be corrected in the openldap.spec file. On line 69 change the BuildRequires entry for tcp_wrappers from tcp_wrappers-devel to tcp_wrapper. In CentoOS 5, the tcp_wrappers package contains both the libraries and the development headers.
BuildRequires: openssl-devel, pam-devel, perl, pkgconfig, tcp_wrappers,
Save the openldap.spec file and you can begin you rpmbuild command.
#> rpmbuild -ba openldap.spec
Now your packages should compile nicely. Before you upgrade with your new OpenLDAP packages, create LDIF dumps of your existing LDAP data. Don't rely on the Berkley DB files because there is big BDB version jump in this upgrade. Now remove the OpenLDAP 2.3 packages. When you remove them, rpm will complain about breaking dependancies. This is ok. We have a compat package to support the OpenLDAP 2.3 bindings in the new OpenLDAP 2.4 rpm build.
#> rpm --erase --nodeps openldap \ openldap-servers \ openldap-clients \ openldap-devel \ openldap-servers-overlays
Install the new OpenLDAP 2.4 packages and the compat-openldap package. There is no need for a separate overlays package. They are now considered part of the openldap-servers package.
#> rpm -U compat-openldap-2.4.19_2.3.43-15.2.x86_64.rpm \ openldap-2.4.19-15.2.x86_64.rpm \ openldap-clients-2.4.19-15.2.x86_64.rpm \ openldap-servers-2.4.19-15.2.x86_64.rpm \ openldap-servers-sql-2.4.19-15.2.x86_64.rpm
The service name has changed from 'ldap' to 'slapd' so add it to init scripts properly.
chkconfig --add slapd chkconfig --level 345 slapd on
Now import your backed up data and you are already to go.