For more information please visit our Web Site at: http://tpf.ncsa.uiuc.edu/ This document outlines the steps needed to build OpenLDAP 2.4.6 on the IBM z/TPF Enterprise Edition V1 R1 system. It assumes that you are familiar with the MakeTPF build solution and the z/TPF APAR process. For contact assistance and problem reporting, follow the normal problem reporting process for z/TPF issues and questions or contact a z/TPF Customer Support Representative. The following naming conventions are used in this document: "OpenLDAP" refers to the entire OpenLDAP package 1. Apply the z/TPF OpenLDAP APAR PJ34028 and prerequisite APARs. z/TPF APARs PJ33213 and PJ33779 are prerequisites for OpenLDAP. If you have not already done so, apply both APARs along with PJ34028. 2. Acquire the OpenLDAP source files. Download and extract the OpenLDAP source files from the z/TPF Repository using the highest posted PUT level, regardless of your actual PUT level: a. Download the ztpfldap.tar.gz file from http://tpf.ncsa.uiuc.edu/ to your root source directory. Note: Issues with MS IE and WinZip When downloading the ztpfldap.tar.gz package with Microsoft IE for Windows, the name might be changed to ztpfldap.tar.tar. WinZip will fail when trying to extract the package while it is named ztpfldap.tar.tar. To correct this, rename the file back to ztpfldap.tar.gz and WinZip will correctly extract the tarball. Notes: Make sure you have "Hide Extensions for Known Types" un-checked in your Internet Explorer options so you will actually get access to the file extension. If you are using FTP - please ensure you use Binary transfer mode. b. Unarchive ztpfldap.tar.gz to your source directory. This package contains the tarred source trees for the OpenLDAP package with additional modifications for the z/TPF system. tar zxvfp ztpfldap.tar.gz This will create the directory structure opensource/ldap. 3. Apply any APARs listed in the repository following the downloaded PUT level. 4. The required OpenLDAP MakeTPF control files were included in APAR PJ34028. The base/cntl/tpf_ldap.cntl file is used to build the OpenLDAP code. 5. The required MakeTPF environment files were included in APAR PJ34028. The tpftools/include_ztpf/maketpf.env_ldap and tpftools/include_ztpf/maketpf.env_ldap_client environments are used to build the OpenLDAP code. 6. Check that the makefiles for CLLB, CLAP, CWAI, CSER, CPAS, CMOD, CMDR, CDEL, and CCMP exist in base/openldap/. The makefiles for z/TPF OpenLDAP are part of APAR PJ34028 so you do not have to create them manually. 7. Flip the OpenLDAP switch. Building the OpenLDAP support is optional and is controlled by a MakeTPF switch called TPF_SBLDAP. TPF_SBLDAP was added to tpftools/include_ztpf/maketpf.rules_functionswitch2ksh and tpftools/include_ztpf/maketpf.rules_functionswitch_defaults by APAR PJ34028. The OPENLDAP= option in macro/sip/config.mac was added for the TPF_SBLDAP switch. Change the OPENLDAP= value from NO to YES in xxx/src/sip.asm, where "xxx" is the system you are building (for example: bas, bss, wp). This will set the TPF_SBLDAP switch on. Enter the following to run SIP: bldtpf -f -sip xxx/src/sip.asm 8. Build the OpenLDAP segments by entering the corresponding maketpfs in this order: maketpf -f CLLB maketpf -f CLAP maketpf -f CWAI maketpf -f CSER maketpf -f CPAS maketpf -f CMOD maketpf -f CMDR maketpf -f CDEL maketpf -f CCMP These create opensource/unix/output/load/PPPPvv.so (where "PPPP" is the segment name and "vv" is the USER_VERSION_CODE in your maketpf.cfg configuration file). There should be no warnings nor errors. 9. On your Linux system used for z/TPF builds (assume APAR PJ34028 was downloaded to /ztpf/bld), manually transfer necessary OpenLDAP files (shown below using the mput * command) from the build system to the z/TPF system using FTP. Notes: a) These steps need to be done prior to any other initialization steps done on z/TPF for OpenLDAP. b) Permissions for the created files need to be set up on z/TPF. c) DB_CONFIG is a recommended configuration file that should be put in the openldap-data directory created below. This step needs to be done after a file system is mounted to the openldap-data directory. For more information about these notes, see the installation related tasks for OpenLDAP in the IBM TPF Product Information Center at http://www.ibm.com/software/htp/tpf/pubs/tpfpubs.htm. FTP commands to transfer files: prompt ascii cd /usr/bin lcd /ztpf/bld/base/openldap/ztpf_files/usr/bin mput * cd /usr mkdir local cd local mkdir sbin cd sbin lcd /ztpf/bld/base/openldap/ztpf_files/usr/local/sbin mput * cd /usr/local mkdir etc cd etc mkdir openldap cd openldap lcd /ztpf/bld/opensource/ldap/ztpf_files/usr/local/etc/openldap mput * mkdir schema cd schema lcd schema mput * cd /usr/local mkdir var cd var mkdir openldap-data mkdir run Usage notes: The OpenLDAP package was ported from openldap.org. For basic command descriptions see the man pages at: http://www.openldap.org/software/man.cgi The following are differences from the OpenLDAP man page descriptions. Please see IBM TPF Product Information Center for further information about running OpenLDAP on z/TPF. A) zfile: All OpenLDAP command line tools and OpenLDAP administrative tools are prefaced with zfile. B) To start OpenLDAP, use the zinet interface rather than the /usr/local/libexec/slapd command. For example, ZINET ADD S-ldap PGM-clap MODEL-DAEMON USER-root act-oper XPARM--f /test/slapd.conf C) Any OpenLDAP command line tool option or OpenLDAP administrative tool option where the operator is prompted for a response will not work on z/TPF. For example, the ldapadd command line tool can take a password as a parameter. If -W is specified, the operator is prompted for password. If -w is specified, the password is passed as part of the command. On z/TPF, -w will work but -W will not work. D) Blank spaces inside OpenLDAP commands need to be enclosed in single quotes. For example, the following command will not work: zfile ldapdelete -x -D "cn=Manager,o=stooges" "cn=Curly Howard,o=stooges" The blank space between Curly and Howard causes a problem with ZFILE commands. The following command will work on z/TPF: zfile ldapdelete -x -D "cn=Manager,o=stooges" "cn=Curly' 'Howard,o=stooges" The following are a list of known issues and solutions running OpenLDAP 2.4.6 on z/TPF. These issues appear to be addressed in subsequent OpenLDAP releases. i) After starting the OpenLDAP server, the first ldapadd command may hang. This problem only occurs when the overlay syncprov is specified in the configuration file (slapd.conf). syncprov is used to replicate databases. Example: The problem occurs with the following basic replication declarations in slapd.conf. overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 From any OpenLDAP client (the example here is run from Linux): /home/mydir:>ldapadd -h 9.57.13.111 -x -D "cn=replman,o=replDB" -w secret -f tpf_replDB.ldif adding new entry "o=replDB" At this point the server no longer responds and the client is hung. Workaround: Do the first add operation using the slapadd tool. The ldapadd command works fine once entries are present. ii) N-Way Multi-Master and MirrorMode replication - OpenLDAP version 2.4.6 introduced greater than one master environments. Unfortunately, this version of OpenLDAP has a number of issues with these environments as can be seen in the release changes at the OpenLDAP website at http://www.openldap.org/software/release/changes.html. Workaround: Use the standard OpenLDAP master/slave server replication. If a master server goes down, a slave can be promoted to a master and perform all master functions such as updates to the database. [This document was last updated 2008-10-06]