ΠΡΠ½ΠΎΠ²Π½ΠΎΠΉ ΡΠ΅ΠΏΠΎΠ·ΠΈΡΠΎΡΠΈΠΉ ΠΏΠ΅ΡΠ΅ΠΌΠ΅ΡΠ΅Π½ Π½Π° GitFlic
ΠΠ΅ΡΠ½ΠΎΠΉ 2022, Π±Π΅Π· ΠΊΠ°ΠΊΠΈΡ -Π»ΠΈΠ±ΠΎ ΠΏΡΠ΅Π΄ΡΠΏΡΠ΅ΠΆΠ΄Π΅Π½ΠΈΠΉ ΠΈΠ»ΠΈ ΠΏΠΎΡΡΠ½Π΅Π½ΠΈΠΉ, Π°Π΄ΠΌΠΈΠ½ΠΈΡΡΡΠ°ΡΠΈΡ Github ΡΠ΄Π°Π»ΠΈΠ»Π° ΠΌΠΎΠΉ Π°ΠΊΠΊΠ°ΡΠ½Ρ ΠΈ Π²ΡΠ΅ ΠΏΡΠΎΠ΅ΠΊΡΡ. Π§Π΅ΡΠ΅Π· Π½Π΅ΡΠΊΠΎΠ»ΡΠΊΠΎ ΠΌΠ΅ΡΡΡΠ΅Π², Π±Π΅Π· ΠΊΠ°ΠΊΠΎΠ³ΠΎ-Π»ΠΈΠ±ΠΎ ΠΌΠΎΠ΅Π³ΠΎ ΡΡΠ°ΡΡΠΈΡ ΠΈΠ»ΠΈ ΡΠ²Π΅Π΄ΠΎΠΌΠ»Π΅Π½ΠΈΡ, ΠΏΡΠΎΠ΅ΠΊΡΡ Π±ΡΠ»ΠΈ Π²ΠΎΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½Ρ/ΠΎΡΠΊΡΡΡΡ Π² ΡΡΠ°ΡΡΡΠ΅ "public read-only archive" ΠΈΠ· ΠΊΠ°ΠΊΠΎΠΉ-ΡΠΎ Π½Π΅ΠΏΠΎΠ»Π½ΠΎΡΠ΅Π½Π½ΠΎΠΉ ΡΠ΅Π·Π΅ΡΠ²Π½ΠΎΠΉ ΠΊΠΎΠΏΠΈΠΈ. ΠΡΠΈ Π΄Π΅ΠΉΡΡΠ²ΠΈΡ Github Ρ ΡΠ°ΡΡΠ΅Π½ΠΈΠ²Π°Ρ ΠΊΠ°ΠΊ Π·Π»ΠΎΠ½Π°ΠΌΠ΅ΡΠ΅Π½Π½ΡΠΉ ΡΠ°Π±ΠΎΡΠ°ΠΆ, Π° ΡΠ°ΠΌ ΡΠ΅ΡΠ²ΠΈΡ Github ΡΡΠΈΡΠ°Ρ Π½Π°Π²ΡΠ΅Π³Π΄Π° ΡΡΡΠ°ΡΠΈΠ²ΡΠΈΠΌ ΠΊΠ°ΠΊΠΎΠ΅-Π»ΠΈΠ±ΠΎ Π΄ΠΎΠ²Π΅ΡΠΈΠ΅.
ΠΡΠ»Π΅Π΄ΡΡΠ²ΠΈΠ΅ ΠΏΡΠΎΠΈΠ·ΠΎΡΠ΅Π΄ΡΠ΅Π³ΠΎ, Π½ΠΈΠΊΠΎΠ³Π΄Π° ΠΈ Π½ΠΈ ΠΏΡΠΈ ΠΊΠ°ΠΊΠΈΡ ΡΡΠ»ΠΎΠ²ΠΈΡΡ , Ρ Π½Π΅ Π±ΡΠ΄Ρ ΡΠ°Π·ΠΌΠ΅ΡΠ°ΡΡ Π½Π° Github ΠΏΠ΅ΡΠ²ΠΎΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΈ (aka origins) ΠΌΠΎΠΈΡ ΠΏΡΠΎΠ΅ΠΊΡΠΎΠ², Π»ΠΈΠ±ΠΎ ΠΊΠ°ΠΊ-Π»ΠΈΠ±ΠΎ ΠΏΠΎΠ»Π°Π³Π°ΡΡΡΡ Π½Π° ΠΈΠ½ΡΡΠ°ΡΡΡΡΠΊΡΡΡΡ Github.
Π’Π΅ΠΌ Π½Π΅ ΠΌΠ΅Π½Π΅Π΅, ΠΏΠΎΠ½ΠΈΠΌΠ°Ρ ΡΡΠΎ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΡΠΌ ΠΌΠΎΠΈΡ ΠΏΡΠΎΠ΅ΠΊΡΠΎΠ² ΡΠ΄ΠΎΠ±Π½Π΅Π΅ ΠΏΠΎΠ»ΡΡΠ°ΡΡ ΠΊ Π½ΠΈΠΌ Π΄ΠΎΡΡΡΠΏ ΠΈΠΌΠ΅Π½Π½ΠΎ Π½Π° Github, Ρ Π½Π΅ Ρ ΠΎΡΡ ΠΎΠ³ΡΠ°Π½ΠΈΡΠΈΠ²Π°ΡΡ ΠΈΡ ΡΠ²ΠΎΠ±ΠΎΠ΄Ρ ΠΈΠ»ΠΈ ΡΠΎΠ·Π΄Π°Π²Π°ΡΡ Π½Π΅ΡΠ΄ΠΎΠ±ΡΡΠ²ΠΎ, ΠΈ ΠΏΠΎΡΡΠΎΠΌΡ ΡΠ°Π·ΠΌΠ΅ΡΠ°Ρ Π½Π° Github Π·Π΅ΡΠΊΠ°Π»Π° (aka mirrors) ΡΠ΅ΠΏΠΎΠ·ΠΈΡΠΎΡΠΈΠ΅Π² ΠΌΠΎΠΈΡ ΠΏΡΠΎΠ΅ΠΊΡΠΎΠ². ΠΡΠΈ ΡΡΠΎΠΌ Π΅ΡΡ ΡΠ°Π· Π°ΠΊΡΠ΅Π½ΡΠΈΡΡΡ Π²Π½ΠΈΠΌΠ°Π½ΠΈΠ΅, ΡΡΠΎ ΡΡΠΎ ΡΠΎΠ»ΡΠΊΠΎ Π·Π΅ΡΠΊΠ°Π»Π°, ΠΊΠΎΡΠΎΡΡΠ΅ ΠΌΠΎΠ³ΡΡ Π±ΡΡΡ Π·Π°ΠΌΠΎΡΠΎΠΆΠ΅Π½Ρ, Π·Π°Π±Π»ΠΎΠΊΠΈΡΠΎΠ²Π°Π½Ρ ΠΈΠ»ΠΈ ΡΠ΄Π°Π»Π΅Π½Ρ Π² Π»ΡΠ±ΠΎΠΉ ΠΌΠΎΠΌΠ΅Π½Ρ, ΠΊΠ°ΠΊ ΡΡΠΎ ΡΠΆΠ΅ Π±ΡΠ»ΠΎ Π² 2022.
The origin has been migrated to GitFlic
In the spring of 2022, without any warnings or explanations, the Github administration deleted my account and all projects. A few months later, without any involvement or notification from me, the projects were restored/opened in the "public read-only archive" status from some kind of incomplete backup. I regard these actions of Github as malicious sabotage, and I consider the Github service itself to have lost any trust forever.
As a result of what has happened, I will never, under any circumstances, post the primary sources (aka origins) of my projects on Github, or rely in any way on the Github infrastructure.
Nevertheless, realizing that it is more convenient for users of my projects to access them on Github, I do not want to restrict their freedom or create inconvenience, and therefore I place mirrors of my project repositories on Github. At the same time, I would like to emphasize once again that these are only mirrors that can be frozen, blocked or deleted at any time, as was the case in 2022.
Production-ready replacement for OpenLDAP on Linux:
- A lot of bug fixing and code quality improvement.
- A number of new features, most of which deal with highload and multi-master clustering.
- Bundled with all known contributed extensions.
- Clean build without warnings from modern compilers.
- But only Linux supported, e.g no Windows, Mac OS, FreeBSD, Solaris or HP-UX.
- Several clusters in full mesh multi-master replication topology, mostly with four nodes as a two geographically distributed pairs.
- Up to 100 million records and up to 100 GB of data on each node.
- Up to 10K updates and up to 25K searches per second.
No other LDAP server can provide such level of performance nowadays due to replication troubles, inadequate performance or high risk of a crash. Therefore ReopenLDAP also known as "TelcoLDAP" - the telco-oriented fork of OpenLDAP.
ReOpenLDAP Π±ΡΠ» ΡΠΎΠ·Π΄Π°Π½ Π² 2015 Π³ΠΎΠ΄Ρ Π΄Π»Ρ ΡΠ΅ΡΠ΅Π½ΠΈΡ ΠΏΡΠΎΠ±Π»Π΅ΠΌ, Π²ΠΎΠ·Π½ΠΈΠΊΡΠΈΡ ΠΏΡΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠΈ ΠΎΡΠΈΠ³ΠΈΠ½Π°Π»ΡΠ½ΠΎΠ³ΠΎ OpenLDAP Π² ΠΈΠ½ΡΡΠ°ΡΡΡΡΠΊΡΡΡΠ΅ ΠΠΠ Β«ΠΠ΅Π³Π°Π€ΠΎΠ½Β», Π³Π΄Π΅ LDAP-ΡΠ΅ΡΠ²Π΅Ρ Π±ΡΠ» Π·Π°Π΄Π΅ΠΉΡΡΠ²ΠΎΠ²Π°Π½ Π² ΠΎΠ΄Π½ΠΎΠΉ ΠΈΠ· ΠΏΠΎΠ΄ΡΠΈΡΡΠ΅ΠΌ ΠΈΠ½ΡΡΠ°ΡΡΡΡΠΊΡΡΡΡ.
NGDR ΠΏΡΠ΅Π΄ΡΡΠ°Π²Π»ΡΠ΅Ρ ΡΠΎΠ±ΠΎΠΉ UDR (User Data Repository), ΡΠΎΠ³Π»Π°ΡΠ½ΠΎ ΡΡΠ°Π½Π΄Π°ΡΡΡ 3GPP 23.335, ΠΈ ΡΠ²Π»ΡΠ΅ΡΡΡ ΡΠ΅Π½ΡΡΠ°Π»ΠΈΠ·ΠΎΠ²Π°Π½Π½ΡΠΌ ΡΠ·Π»ΠΎΠΌ Π΄Π»Ρ Ρ ΡΠ°Π½Π΅Π½ΠΈΡ Π΄Π°Π½Π½ΡΡ ΠΎΠ±ΠΎ Π²ΡΠ΅Ρ Π²ΠΈΠ΄Π°Ρ ΡΡΠ»ΡΠ³ Π°Π±ΠΎΠ½Π΅Π½ΡΠΎΠ² Π² ΠΠ’-ΠΈΠ½ΡΡΠ°ΡΡΡΡΠΊΡΡΡΠ΅ ΠΎΠΏΠ΅ΡΠ°ΡΠΎΡΠ° ΡΠ²ΡΠ·ΠΈ.
ΠΠΎΠ΄ΠΎΠ±Π½ΠΎΠ΅ ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½ΠΈΠ΅ ΠΏΡΠ΅Π΄ΠΏΠΎΠ»Π°Π³Π°Π»ΠΎ ΠΏΡΠΎΠΌΡΡΠ»Π΅Π½Π½ΡΡ ΡΠΊΡΠΏΠ»ΡΠ°ΡΠ°ΡΠΈΡ Π² ΡΠ΅ΠΆΠΈΠΌΠ΅ 24Γ7 ΡΠΏΠ΅ΡΠΈΡΠΈΡΠ΅ΡΠΊΠΎΠ³ΠΎ LDAP-ΠΊΠ°ΡΠ°Π»ΠΎΠ³Π°, ΡΠ°Π·ΠΌΠ΅ΡΠΎΠΌ 10-100 ΠΌΠΈΠ»Π»ΠΈΠΎΠ½ΠΎΠ² Π·Π°ΠΏΠΈΡΠ΅ΠΉ, Π² Π²ΡΡΠΎΠΊΠΎΠ½Π°Π³ΡΡΠΆΠ΅Π½Π½ΠΎΠΌ ΡΡΠ΅Π½Π°ΡΠΈΠΈ (Π΄ΠΎ 10Π ΠΎΠ±Π½ΠΎΠ²Π»Π΅Π½ΠΈΠΉ ΠΈ Π΄ΠΎ 50Π ΡΡΠ΅Π½ΠΈΠΉ Π² ΡΠ΅ΠΊΡΠ½Π΄Ρ), ΠΈ Π² ΡΠΎΠΏΠΎΠ»ΠΎΠ³ΠΈΠΈ ΠΌΡΠ»ΡΡΠΈ-ΠΌΠ°ΡΡΠ΅Ρ.
ΠΠΎΠΆΠ½ΠΎ ΡΠΊΠ°Π·Π°ΡΡ, ΡΡΠΎ ReOpenLDAP ΠΏΠΎΡΠ²ΠΈΠ»ΡΡ Π²ΡΠ½ΡΠΆΠ΄Π΅Π½Π½ΠΎ, Π² ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΠ΅ ΠΊΠ°ΠΊ Π½Π΅ΠΊΠ°ΡΠ΅ΡΡΠ²Π΅Π½Π½ΠΎΡΡΠΈ ΡΠΎΠ΄ΠΈΡΠ΅Π»ΡΡΠΊΠΎΠ³ΠΎ OpenLDAP, ΡΠ°ΠΊ ΠΈ ΠΎΡΠΊΠ°Π·Π° ΠΏΡΠΈΠ½ΠΈΠΌΠ°ΡΡ ΠΈΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΡ. Symas Corp, ΠΊΠ°ΠΊ ΠΎΡΠ½ΠΎΠ²Π½ΡΠ΅ ΡΠ°Π·ΡΠ°Π±ΠΎΡΡΠΈΠΊΠΈ, ΠΊΠΎΠΌΠΌΠΈΡΠ΅ΡΡ ΠΈ Π²Π»Π°Π΄Π΅Π»ΡΡΡ ΠΊΠΎΠ΄Π° OpenLDAP, Π½Π΅ ΡΠΌΠΎΠ³Π»ΠΈ ΡΠ΅ΡΠΈΡΡ Π²ΠΎΠ·Π½ΠΈΠΊΡΠΈΠ΅ ΠΏΡΠΎΠ±Π»Π΅ΠΌΡ, ΠΏΠΎΡΡΠΎΠΌΡ Π±ΡΠ»ΠΎ ΡΠ΅ΡΠ΅Π½ΠΎ ΠΏΠΎΠΏΡΠΎΠ±ΠΎΠ²Π°ΡΡ ΡΠ΄Π΅Π»Π°ΡΡ ΡΡΠΎ ΡΠ°ΠΌΠΎΡΡΠΎΡΡΠ΅Π»ΡΠ½ΠΎ.
ΠΠ°ΠΊ Π²ΠΏΠΎΡΠ»Π΅Π΄ΡΡΠ²ΠΈΠΈ Π²ΡΡΡΠ½ΠΈΠ»ΠΎΡΡ, ΠΎΡΠΈΠ±ΠΎΠΊ Π² ΠΊΠΎΠ΄Π΅ Π±ΡΠ»ΠΎ ΠΊΡΠ°ΡΠ½ΠΎ Π±ΠΎΠ»ΡΡΠ΅, ΡΠ΅ΠΌ ΠΌΠΎΠΆΠ½ΠΎ Π±ΡΠ»ΠΎ ΠΏΡΠ΅Π΄ΠΏΠΎΠ»Π°Π³Π°ΡΡ. ΠΠΎΡΡΠΎΠΌΡ Π±ΡΠ»ΠΎ Π·Π°ΡΡΠ°ΡΠ΅Π½ΠΎ Π±ΠΎΠ»ΡΡΠ΅ ΡΡΠΈΠ»ΠΈΠΉ ΡΠ΅ΠΌ ΠΏΠ»Π°Π½ΠΈΡΠΎΠ²Π°Π»ΠΎΡΡ, Π° ReOpenLDAP ΠΏΠΎ-ΠΏΡΠ΅ΠΆΠ½Π΅ΠΌΡ ΠΏΡΠ΅Π΄ΡΡΠ°Π²Π»ΡΠ΅Ρ ΠΎΠΏΡΠ΅Π΄Π΅Π»ΡΠ½Π½ΡΡ ΡΠ΅Π½Π½ΠΎΡΡΡ ΠΈ (ΠΏΠΎ ΠΈΠΌΠ΅ΡΡΠ΅ΠΉΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ) ΡΠ²Π»ΡΠ΅ΡΡΡ Π΅Π΄ΠΈΠ½ΡΡΠ²Π΅Π½Π½ΡΠΌ LDAP-ΡΠ΅ΡΠ²Π΅ΡΠΎΠΌ, ΠΏΠΎΠ»Π½ΠΎΡΠ΅Π½Π½ΠΎ ΠΈ Π½Π°Π΄ΡΠΆΠ½ΠΎ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°ΡΡΠΈΠΌ ΠΌΡΠ»ΡΡΠΈ-ΠΌΠ°ΡΡΠ΅Ρ ΡΠΎΠΏΠΎΠ»ΠΎΠ³ΠΈΡ Π΄Π»Ρ RFC-4533, Π² ΡΠΎΠΌ ΡΠΈΡΠ»Π΅ Π² Π²ΡΡΠΎΠΊΠΎΠ½Π°Π³ΡΡΠΆΠ΅Π½Π½ΡΡ ΡΡΠ΅Π½Π°ΡΠΈΡΡ .
Below is a list of main new features of ReOpenLDAP,
for a description ones please see the corresponding man pages after installation,
i.e. man --manpath=CONFIGURED_PREFIX/share/man slapd.conf.
For latest news and changes please refer to the NEWS.md and ChangeLog.
List of changes emerged from OpenLDAP project could be seen in the CHANGES.OpenLDAP.
- multi-master replication is working properly and robustly (it seems no other LDAP server can do this)
reopenldap [iddqd] [idkfa]quorum { [vote-sids ...] [vote-rids ...] [auto-sids] [auto-rids] [require-sids ...] [require-rids ...] [all-links] }quorum limit-concurrent-refreshbiglock { none | local | common }- storage (mdb backend): dreamcatcher & oom-handler (ITS#7974), lifo & coalesce (ITS#7958)
syncprov-showstatus { none | running | all }- syncrepl's
requirecheckpresentoption keepalive <idle>:<probes>:<interval>for incoming connections- built-in memory checker called 'Hipagut', including ls-malloc
- support for OpenSSL 1.1.x, Mozilla NSS, GnuTLS and LibreSSL 2.5.x
- ready for LTO (Link-Time Optimization) by GCC and clang.
ReOpenLDAP is intended for use in scenarios of heavy industrial operation using synchronization/replication in multi-master mode and full-mesh topology. This assumes that the installation and operation will be handled by in-house system administrators or qualified specialists with relevant experience.
Thus, you should rely on your own strength, and seek my support only to fix a bugs you have discovered. With this you can count on free support under the generally accepted terms of use of open source code. If you need more then I think it's wise considering paid support.
Nonetheless, please note and understand that I do not have the ability to provide a full-fledged support for documentation, including assembly and/or installation manuals, etc.
Traditional triade ./configure --prefix=YOUR_INSTALLATION_PREFIX YOUR_OPTIONS && make && make install.
However the configure will absent, in case you use development or a snapshot versions,
so you need run the ./bootstrap to build them.
For more information please see the local INSTALL file after the ./bootstrap was done.
Below is a main configure's options, to see full list please run ./configure --help,
for instance both --libexecdir=DIR and --sysconfdir=DIR are provided.
Fine tuning of the installation directories:
...
--libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
--datadir=DIR read-only architecture-independent data [DATAROOTDIR]
--infodir=DIR info documentation [DATAROOTDIR/info]
...
Optional Features:
...
--enable-debug enable debug logging no|yes|extra [yes]
--enable-ci enable Continuous Integration stuff no|yes [no]
--enable-syslog enable syslog support [auto]
--enable-contrib enable extra plugins and overlays no|yes|broken [no]
--enable-experimental enable experimental and developing features no|yes [no]
--enable-check enable internal checking and assertions no|yes|always|default [no]
--enable-hipagut enable internal memory allocation debugger no|yes|always|extra [no]
--enable-proctitle enable proctitle support [yes]
--enable-referrals enable LDAPv2+ Referrals (experimental) [no]
--enable-ipv6 enable IPv6 support [auto]
--enable-local enable AF_LOCAL (AF_UNIX) socket support [auto]
--enable-deprecated enable deprecated interfaces of libreldap no|yes [no]
--enable-valgrind Whether to enable Valgrind on the unit tests
...
SLAPD (Standalone LDAP Daemon) Options:
--enable-slapd enable building slapd [yes]
--enable-dynacl enable run-time loadable ACL support (experimental) [no]
--enable-aci enable per-object ACIs (experimental) no|yes|mod [no]
--enable-cleartext enable cleartext passwords [yes]
--enable-crypt enable crypt(3) passwords [no]
--enable-lmpasswd enable LAN Manager passwords [no]
--enable-spasswd enable (Cyrus) SASL password verification [no]
--enable-modules enable dynamic module support [yes]
--enable-rewrite enable DN rewriting in back-ldap and rwm overlay [auto]
--enable-rlookups enable reverse lookups of client hostnames [no]
--enable-slapi enable SLAPI support (experimental) [no]
--enable-slp enable SLPv2 support [no]
--enable-wrappers enable tcp wrapper support [no]
SLAPD Backend Options:
--enable-backends enable all stable/non-experimental backends no|yes|mod
--enable-mdb enable MDBX database backend no|yes|mod [yes]
--enable-hdb enable Hierarchical Berkeley DB backend (obsolete) no|yes|mod [no]
--enable-bdb enable Berkeley DB backend (obsolete) no|yes|mod [no]
--enable-dnssrv enable dnssrv backend (experimental) no|yes|mod [no]
--enable-ldap enable ldap backend no|yes|mod [no]
--enable-meta enable metadirectory backend no|yes|mod [no]
--enable-asyncmeta enable asynchronous metadirectory backend (experimental) no|yes|mod [no]
--enable-monitor enable monitor backend no|yes|mod [yes]
--enable-ndb enable MySQL NDB Cluster backend (experimental) no|yes|mod [no]
--enable-null enable null backend no|yes|mod [no]
--enable-passwd enable passwd backend no|yes|mod [no]
--enable-perl enable perl backend no|yes|mod [no]
--enable-relay enable relay backend (experimental) no|yes|mod [yes]
--enable-shell enable shell backend no|yes|mod [no]
--enable-sock enable sock backend no|yes|mod [no]
--enable-sql enable SQL backend (experimental and buggy) no|yes|mod [no]
--enable-wt enable WiredTiger backend no|yes|mod [no]
SLAPD Overlay Options:
--enable-overlays enable all available overlays no|yes|mod
--enable-accesslog In-Directory Access Logging overlay no|yes|mod [no]
--enable-auditlog Audit Logging overlay no|yes|mod [no]
--enable-autoca Automatic Certificate Authority overlay no|yes|mod [no]
--enable-collect Collect overlay no|yes|mod [no]
--enable-constraint Attribute Constraint overlay no|yes|mod [no]
--enable-dds Dynamic Directory Services overlay no|yes|mod [no]
--enable-deref Dereference overlay no|yes|mod [no]
--enable-dyngroup Dynamic Group overlay no|yes|mod [no]
--enable-dynlist Dynamic List overlay no|yes|mod [no]
--enable-memberof Reverse Group Membership overlay no|yes|mod [no]
--enable-ppolicy Password Policy overlay no|yes|mod [no]
--enable-pcache Proxy Cache overlay no|yes|mod [no]
--enable-refint Referential Integrity overlay no|yes|mod [no]
--enable-retcode Return Code testing overlay no|yes|mod [no]
--enable-rwm Rewrite/Remap overlay no|yes|mod [no]
--enable-seqmod Sequential Modify overlay no|yes|mod [no]
--enable-sssvlv ServerSideSort/VLV overlay no|yes|mod [no]
--enable-syncprov Syncrepl Provider overlay no|yes|mod [yes]
--enable-translucent Translucent Proxy overlay no|yes|mod [no]
--enable-unique Attribute Uniqueness overlay no|yes|mod [no]
--enable-valsort Value Sorting overlay no|yes|mod [no]
Optional Packages:
...
--with-cyrus-sasl with Cyrus SASL support [auto]
--with-gssapi with GSSAPI support [auto]
--with-fetch with fetch(3) URL support [auto]
--with-tls with TLS/SSL support auto|openssl|gnutls|moznss [auto]
--with-yielding-select with implicitly yielding select [auto]
--with-mp with multiple precision statistics auto|longlong|long|bignum|gmp [auto]
--with-odbc with specific ODBC support iodbc|unixodbc|auto [auto]
Some influential environment variables:
...
EXTRA_CFLAGS
Extra build-time CFLAGS, e.g. -Wall -Werror. Alternatively, ones
can be specified or overridden by invocation 'make
EXTRA_CFLAGS="a b c"'
...
KRB5_CFLAGS C compiler flags for KRB5, overriding pkg-config
KRB5_LIBS linker flags for KRB5, overriding pkg-config
HEIMDAL_CFLAGS
C compiler flags for HEIMDAL, overriding pkg-config
HEIMDAL_LIBS
linker flags for HEIMDAL, overriding pkg-config
LIBSODIUM_CFLAGS
C compiler flags for LIBSODIUM, overriding pkg-config
LIBSODIUM_LIBS
linker flags for LIBSODIUM, overriding pkg-config
UUID_CFLAGS C compiler flags for UUID, overriding pkg-config
UUID_LIBS linker flags for UUID, overriding pkg-config
OPENSSL_CFLAGS
C compiler flags for OPENSSL, overriding pkg-config
OPENSSL_LIBS
linker flags for OPENSSL, overriding pkg-config
GNUTLS_CFLAGS
C compiler flags for GNUTLS, overriding pkg-config
GNUTLS_LIBS linker flags for GNUTLS, overriding pkg-config
MOZNSS_CFLAGS
C compiler flags for MOZNSS, overriding pkg-config
MOZNSS_LIBS linker flags for MOZNSS, overriding pkg-config