This document seeks to guide the reader through the steps involved in building OpenSSL and OpenLDAP (with SSL/TLS support) on Windows using the MinGW toolset (and MSYS). It is aimed primarily at an audience wishing to compile LDAP client libraries for high-level languages such as Python or Ruby.Therefore, instructions are included for the appropriate modules in both of these languages (python-ldap and Ruby/LDAP, respectively).
I used the following versions of various software packages. Other versions will likely work fine, but have not been tested.
The “natural habitat” of OpenSSL and OpenLDAP is the landscape of Unix-like POSIX-compliant operating systems (Linux, Mac OS X, *BSD, and so on). However, circumstances place many users in front of Windows machines, while still desiring software tailor-made for a POSIX environment. MinGW (Minimalist GNU for Windows) is one response to this dilemma. It allows compiling of a large quantity of GNU (freely available) software so that it runs natively on Windows. The resulting executables or DLLs are redistributable, needing no extra libraries in order to run. (Cygwin, an alternative, needs its own library for its binaries to work.)
MSYS (Minimal SYStem) is a build environment for MinGW, offering POSIX-similar behavior so that automatic configuration scripts and build tools run as intended.
MinGW installation is fairly straight-forward, if you download the automated installer. I use the default path, “C:\MinGW” for my installation.
For MSYS, start by downloading the exe file (1.0.10 at the time of this writing). I then downloaded most of the packages in the Technology Preview category, which may be unnecessary. Unfortunately, each of them needs to be installed separately. If you do not have the tar utility and its friends (or if you prefer a graphical interface), free compression utilities like TUGZip or 7-zip work very well.
A better alternative: (Thanks to Waldemar Osuch for this advice!) Simply download and install msysCORE-1.0.11-2007.01.19-1.tar.bz2, then run "msys/postinstall/pi.bat".
Once MSYS is installed and optionally upgraded, a couple other packages are needed: libiconv, zlib, and GNU regex. The first two are available as mingwPORTs, and that is how I installed them. Just follow the directions, and things should work fine. There is a user contributed port of GNU regex to MinGW available from the MinGW downloads. I used it, and it worked well.
If you have no need of security, OpenLDAP will work fine without OpenSSL. However, most prefer encryption when authenticating remotely. SSL/TLS in OpenLDAP depend on OpenSSL.
tar zxf openssl-0.9.8g.tar.gzIf you do not, TUGZip and 7-zip should extract the files without a problem. MinGW's tar has trouble with symlinks.
"mingw"Conveniently, the previous line reads
-DOPENSSL_USE_APPLINK:-mno-cygwin -Wl,--export-all -shared:.dll.a
./config --prefix=/mingw --openssldir=/mingw/openssl shared(I do not think the openssldir is all that important, for our purposes anyway. The prefix, however, is.)
cp *.a /mingw/lib
cp *.dll /mingw/bin
This is what we came here to do. Again, I am only interested in the client libraries, so I do not intend to compile slapd, slurpd, etc. The same procedures may work with some modifications, but I have not tested it.
./configure --with-ssl --with-tls --disable-slapd --disable-backends --disable-slurpd --prefix=/mingw --sysconfdir=/c
class = OpenLDAP2
defines = WIN32
library_dirs = /mingw/lib
include_dirs = /mingw/include
libs = ldap_r lber ssl crypto ws2_32 gdi32
# Installation options
compile = 1
optimize = 1
target_version = 2.5
/c/python25/python setup.py build --compiler=mingw32
/c/python25/python setup.py bdist_wininst
Note: Waldemar Osuch has some helpful advice:
When building the python extension I have temporarily tweaked Mingw32CCompiler from distutils/cygwincompiler.py to force static linking. No need for *.dll distribution.
294 # ld_version >= "2.13" support -shared so use it instead of
295 # -mdll -static
296 if self.ld_version >= "2.13":
297 shared_option = "-shared"
299 shared_option = "-mdll -static"
300 #TODO Uncomment for python-ldap
301 #shared_option = "-mdll -static"
Now that you have come this far, I should point out that Ruby/LDAP builds fine using Microsoft Visual C++ 2003, and uses Microsoft's very own wldap32.dll. If you are interfacing with Active Directory, I would stick with the Microsoft option. However, if you are working with another solution, such as eDirectory or an OpenLDAP server, you may have security problems when wldap32.dll doesn't find exactly what it wants in terms of certificates, etc. Or, as in our situation, you may be developing Ruby on Rails apps locally, and want to be sure that your development environment uses similar libraries to the ones on your Linux or *BSD web server (which most likely uses OpenLDAP). Compiling Ruby/LDAP against OpenLDAP may be a good option.
./configure --prefix=/mingw --with-winsock2
cp ldap.so lib
Gem::Specification.new do |spec|
spec.authors = ['Takaaki Tateishi', 'Ian Macdonald']
spec.email = 'firstname.lastname@example.org'
spec.has_rdoc = true
spec.homepage = 'http://ruby-ldap.sourceforge.net/'
spec.name = 'ldap'
spec.summary = 'LDAP library for Ruby'
spec.description = <<-EOF
ldap is a Ruby library to perform queries on an LDAP server
spec.version = '0.9.7'
spec.platform = Gem::Platform::CURRENT
spec.files = Dir['lib/**/*.rb'] + Dir['lib/*.so']
spec.required_ruby_version = '>= 1.8.0'
spec.require_paths = ['lib']
gem build ldap.gemspec
gem install gem install ldap-0.9.7-x86-mswin32.gem