You are previewing LDAP System Administration.
O'Reilly logo
LDAP System Administration

Book Description

Be more productive and make your life easier. That's what LDAP System Administration is all about. System administrators often spend a great deal of time managing configuration information located on many different machines: usernames, passwords, printer configurations, email client configurations, and network filesystem configurations, to name a few. LDAPv3 provides tools for centralizing all of the configuration information and placing it under your control. Rather than maintaining several administrative databases (NIS, Active Directory, Samba, and NFS configuration files), you can make changes in only one place and have all your systems immediately "see" the updated information. Practically platform independent, this book uses the widely available, open source OpenLDAP 2 directory server as a premise for examples, showing you how to use it to help you manage your configuration information effectively and securely. OpenLDAP 2 ships with most Linux® distributions and Mac OS® X, and can be easily downloaded for most Unix-based systems. After introducing the workings of a directory service and the LDAP protocol, all aspects of building and installing OpenLDAP, plus key ancillary packages like SASL and OpenSSL, this book discusses:

  • Configuration and access control

  • Distributed directories; replication and referral

  • Using OpenLDAP to replace NIS

  • Using OpenLDAP to manage email configurations

  • Using LDAP for abstraction with FTP and HTTP servers, Samba, and Radius

  • Interoperating with different LDAP servers, including Active Directory

  • Programming using Net::LDAP

If you want to be a master of your domain, LDAP System Administration will help you get up and running quickly regardless of which LDAP version you use. After reading this book, even with no previous LDAP experience, you'll be able to integrate a directory server into essential network services such as mail, DNS, HTTP, and SMB/CIFS.

Table of Contents

  1. LDAP System Administration
    1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
    2. A Note Regarding Supplemental Files
    3. Preface
      1. How This Book Is Organized
        1. Part I : LDAP Basics
        2. Part II : Application Integration
        3. Part III: Appendixes
      2. Conventions Used in This Book
      3. Comments and Questions
      4. Acknowledgments
    4. I. LDAP Basics
      1. 1. "Now where did I put that...?", or "What is a directory?"
        1. 1.1. The Lightweight Directory Access Protocol
        2. 1.2. What Is LDAP?
          1. 1.2.1. Lightweight
          2. 1.2.2. Directory
          3. 1.2.3. Access Protocol
        3. 1.3. LDAP Models
      2. 2. LDAPv3 Overview
        1. 2.1. LDIF
          1. 2.1.1. Distinguished Names and Relative Distinguished Names
          2. 2.1.2. Back to Our Regularly Scheduled Program . . .
        2. 2.2. What Is an Attribute?
          1. 2.2.1. Attribute Syntax
          2. 2.2.2. What Does the Value of the objectClass Attribute Mean?
        3. 2.3. What Is the dc Attribute?
          1. 2.3.1. Where Is dc=org?
        4. 2.4. Schema References
        5. 2.5. Authentication
          1. 2.5.1. Anonymous Authentication
          2. 2.5.2. Simple Authentication
          3. 2.5.3. Simple Authentication Over SSL/TLS
          4. 2.5.4. Simple Authentication and Security Layer (SASL)
        6. 2.6. Distributed Directories
        7. 2.7. Continuing Standardization
      3. 3. OpenLDAP
        1. 3.1. Obtaining the OpenLDAP Distribution
        2. 3.2. Software Requirements
          1. 3.2.1. Threads
          2. 3.2.2. SSL/TLS Libraries
          3. 3.2.3. Database Backend Modules
          4. 3.2.4. SASL Libraries
        3. 3.3. Compiling OpenLDAP 2
        4. 3.4. OpenLDAP Clients and Servers
        5. 3.5. The slapd.conf Configuration File
          1. 3.5.1. Schema Files
          2. 3.5.2. Logging
          3. 3.5.3. SASL Options
          4. 3.5.4. SSL/TLS Options
            1. 3.5.4.1. Generating the server's certificate
          5. 3.5.5. More Security-Related Parameters
          6. 3.5.6. Serving Up Data
            1. 3.5.6.1. bdb backend-specific parameters
        6. 3.6. Access Control Lists (ACLs)
      4. 4. OpenLDAP: Building a Company White Pages
        1. 4.1. A Starting Point
        2. 4.2. Defining the Schema
        3. 4.3. Updating slapd.conf
        4. 4.4. Starting slapd
        5. 4.5. Adding the Initial Directory Entries
          1. 4.5.1. Verifying the Directory's Contents
          2. 4.5.2. Updating What Is Already There
        6. 4.6. Graphical Editors
      5. 5. Replication, Referrals, Searching, and SASL Explained
        1. 5.1. More Than One Copy Is "a Good Thing"
          1. 5.1.1. Building slurpd
          2. 5.1.2. Replication in a Nutshell
          3. 5.1.3. Configuring the Master Server
          4. 5.1.4. Configuring the Replica Server
          5. 5.1.5. slurpd's replogfile
        2. 5.2. Distributing the Directory
        3. 5.3. Advanced Searching Options
          1. 5.3.1. Following Referrals with ldapsearch
          2. 5.3.2. Limiting Your Searches
        4. 5.4. Determining a Server's Capabilities
        5. 5.5. Creating Custom Schema Files for slapd
        6. 5.6. SASL and OpenLDAP
    5. II. Application Integration
      1. 6. Replacing NIS
        1. 6.1. More About NIS
        2. 6.2. Schemas for Information Services
        3. 6.3. Information Migration
        4. 6.4. The pam_ldap Module
          1. 6.4.1. Configuring /etc/ldap.conf
        5. 6.5. The nss_ldap Module
        6. 6.6. OpenSSH, PAM, and NSS
        7. 6.7. Authorization Through PAM
          1. 6.7.1. One Host and a Group of Users
          2. 6.7.2. One User and a Group of Hosts
        8. 6.8. Netgroups
        9. 6.9. Security
        10. 6.10. Automount Maps
        11. 6.11. PADL's NIS/LDAP Gateway
      2. 7. Email and LDAP
        1. 7.1. Representing Users
        2. 7.2. Email Clients and LDAP
          1. 7.2.1. Mozilla Mail
          2. 7.2.2. Pine 4
          3. 7.2.3. Eudora
          4. 7.2.4. Microsoft Outlook Express
        3. 7.3. Mail Transfer Agents (MTAs)
          1. 7.3.1. Sendmail
            1. 7.3.1.1. Maps
            2. 7.3.1.2. Aliases
            3. 7.3.1.3. Mail routing using LDAP
          2. 7.3.2. Postfix
          3. 7.3.3. Exim
      3. 8. Standard Unix Services and LDAP
        1. 8.1. The Directory Namespace
        2. 8.2. An FTP/HTTP Combination
          1. 8.2.1. ProFTPD
          2. 8.2.2. Apache
        3. 8.3. User Authentication with Samba
          1. 8.3.1. Configuring Samba
            1. 8.3.1.1. Configuring OpenLDAP
          2. 8.3.2. Adding and Using a sambaAccount
        4. 8.4. FreeRadius
          1. 8.4.1. FreeRadius and OpenLDAP
        5. 8.5. Resolving Hosts
        6. 8.6. Central Printer Management
      4. 9. LDAP Interoperability
        1. 9.1. Interoperability or Integration?
        2. 9.2. Directory Gateways
        3. 9.3. Cross-Platform Authentication Services
          1. 9.3.1. A Short Discussion About Kerberos
        4. 9.4. Distributed, Multivendor Directories
        5. 9.5. Metadirectories
        6. 9.6. Push/Pull Agents for Directory Synchronization
          1. 9.6.1. The Directory Services Markup Language
      5. 10. Net::LDAP and Perl
        1. 10.1. The Net::LDAP Module
        2. 10.2. Connecting, Binding, and Searching
        3. 10.3. Working with Net::LDAP::LDIF
        4. 10.4. Updating the Directory
          1. 10.4.1. Adding New Entries
          2. 10.4.2. Deleting Entries
          3. 10.4.3. Modifying Entries
            1. 10.4.3.1. Net::LDAP::Entry
            2. 10.4.3.2. Pushing an updated entry back to the server
            3. 10.4.3.3. Modifying directory entries
        5. 10.5. Advanced Net::LDAP Scripting
          1. 10.5.1. References and Referrals
          2. 10.5.2. Scripting Authentication with SASL
          3. 10.5.3. Extensions and Controls
            1. 10.5.3.1. Extensions
            2. 10.5.3.2. Controls
    6. III. Appendixes
      1. A. PAM and NSS
        1. A.1. Pluggable Authentication Modules
          1. A.1.1. Configuring PAM
        2. A.2. Name Service Switch (NSS)
      2. B. OpenLDAP Command-Line Tools
        1. B.1. Debugging Options
        2. B.2. Slap Tools
          1. B.2.1. slapadd(8c)
          2. B.2.2. slapcat(8c)
          3. B.2.3. slapindex(8c)
          4. B.2.4. slappasswd(8c)
        3. B.3. LDAP Tools
          1. B.3.1. ldapadd(1), ldapmodify(1)
          2. B.3.2. ldapcompare(1)
          3. B.3.3. ldapdelete(1)
          4. B.3.4. ldapmodrdn(1)
          5. B.3.5. ldappasswd(1)
          6. B.3.6. ldapsearch(1)
      3. C. Common Attributes and Objects
        1. C.1. Schema Files
        2. C.2. Attributes
        3. C.3. Object Classes
          1. account
          2. dcObject
          3. dNSZone
          4. gidPool
          5. inetLocalMailReciptient
          6. inetOrgPerson
          7. nisMap
          8. nisNetgroup
          9. nisObject
          10. nprintHostPrinter
          11. nprintNetworkPrinterInfo
          12. nprintPortPrinterInfo
          13. organizationalPerson
          14. organizationalUnit
          15. person
          16. posixAccount
          17. posixGroup
          18. printerAbstract
          19. printerIPP
          20. printerLPR
          21. printerService
          22. printerServiceAuxClass
          23. radiusprofile
          24. referral
          25. sambaAccount
          26. sendmailMTA
          27. sendmailMTAAlias
          28. sendmailMTAAliasObject
          29. sendmailMTAClass
          30. sendmailMTAMap
          31. sendmailMTAMapObject
          32. shadowAccount
          33. uidPool
      4. D. LDAP RFCs, Internet-Drafts, and Mailing Lists
        1. D.1. Requests for Comments
        2. D.2. Mailing Lists
      5. E. slapd.conf ACLs
        1. E.1. What?
        2. E.2. Who?
        3. E.3. How Much?
        4. E.4. Examples
    7. Colophon
    8. SPECIAL OFFER: Upgrade this ebook with O’Reilly