Table of Contents
Preface
Chapter 1: Directory Servers and LDAP
Chapter 2: Installation and Configuration
Chapter 3: Using OpenLDAP
Chapter 4: Securing OpenLDAP
Chapter 5: Advanced Configuration
Chapter 6: LDAP Schemas
Chapter 7: Multiple Directories
Chapter 8: LDAP and the Web
Appendix A: Building OpenLDAP from Source
Appendix B: LDAP URLs
Appendix C: Useful LDAP Commands
Index
- Chapter 1: Directory Servers and LDAP
- LDAP Basics
- What is a Directory?
- The Structure of a Directory Entry
- A Unique Name: The DN
- An Example LDAP Entry
- The Object Class Attribute
- Operational Attributes
- The Directory Information Tree
- What to Do with an LDAP Server
- The History of LDAP and OpenLDAP
- A Technical Overview of OpenLDAP
- The Server
- Clients
- Utilities
- Libraries
- Summary
- LDAP Basics
- Chapter 2: Installation and Configuration
- Before Getting Started
- OpenLDAP Binaries for Operating Systems
- Commercial OpenLDAP Distribution
- Source Code Compilation
- A Quick Note on Versions
- OpenLDAP Binaries for Operating Systems
- Installation
- Dependencies
- Installing OpenLDAP
- Configuring the SLAPD Server
- Basics
- Schemas
- More Directives
- Module Directives
- Database Configuration
- ACLs
- Verifying a Configuration File
- Basics
- Starting and Stopping the Server
- Using the Init Script
- Running SLAPD Directly
- Configuring the LDAP Clients
- A Basic ldap.conf File
- Size and Time Limits
- A Basic ldap.conf File
- Testing the Server
- Summary
- Before Getting Started
- Chapter 3: Using OpenLDAP
- A Brief Survey of the LDAP Suite
- LDAP from the Server Side
- SLAPD
- The Binding Operation
- The Search Operation
- More Operations: Additions, Modifications, and Deletions
- Infrequent Operations
- SLAPD Summary
- SLURPD
- SLAPD
- Creating Directory Data
- The LDIF File Format
- Anatomy of an LDIF File
- Representing Attribute Values in LDIF
- Example.Com in LDIF
- Defining the Base DN Record
- Structuring the Directory with Organizational Units
- Adding User Records
- Adding System Records
- Adding Group Records
- The Complete LDIF File
- The LDIF File Format
- Using the Utilities to Prepare the Directory
- slapadd
- When Should slapadd be Used?
- What Does slapadd Do?
- Loading the LDIF File
- slapindex
- slapcat
- Operational Attributes
- slapacl
- slapauth
- slapdn
- slappasswd
- Storing and Using Passwords in OpenLDAP
- Generating a Password with slappasswd
- slaptest
- slapadd
- Performing Directory Operations Using the Clients
- Common Command-Line Flags
- Common Flags
- Setting Defaults in ldap.conf
- ldapsearch
- A Simple Search
- Restricting Returned Fields
- Requesting Operational Attributes
- Searching Using a File
- ldapadd
- Adding Records from a File
- ldapmodify
- Adding a Record with ldapmodify
- Modifying Existing Records
- Modifying the Relative DN
- Deleting Entire Records
- ldapdelete
- ldapcompare
- ldapmodrdn
- Modifying the Superior DN with ldapmodrdn
- ldappasswd
- ldapwhoami
- Common Command-Line Flags
- Summary
- Chapter 4: Securing OpenLDAP
- LDAP Security: The Three Aspects
- Securing Network-Based Directory Connections with SSL/TLS
- The Basics of SSL and TLS
- Authenticity
- Encryption
- StartTLS
- Creating an SSL/TLS CA
- Creating a Certificate
- Creating a New Certificate Request
- Signing the Certificate Request
- Configuring and Installing the Certificates
- Configuring StartTLS
- Configuring Client TLS
- Configuring LDAPS
- Debugging with the OpenSSL Client
- Using Security Strength Factors
- The security Directive
- The Basics of SSL and TLS
- Authenticating Users to the Directory
- Simple Binding
- Using an Authentication User for Simple Binding
- SASL Binding
- Configuring Cyrus SASL
- Configuring SLAPD for SASL Support
- Using Client SSL/TLS Certificates to Authenticate
- Creating a New Client Certificate
- Configuring the Client
- Configuring the Server
- Testing with ldapwhoami
- Going Further with SASL
- Simple Binding
- Controlling Authorization with ACLs
- The Basics of ACLs
- Access to [resources]
- Access using DN
- Access using attrs
- Access using Filters
- Combining Access Specifiers
- By [who] [type of access granted] [control]
- The Access Field
- The who Field
- The control Field
- Getting More from Regular Expressions
- Debugging ACLs
- A Practical Example
- Summary
- Chapter 5: Advanced Configuration
- Multiple Database Backends
- The slapd.conf File
- Creating and Importing a Second Directory
- Performance Tuning
- Performance Directives
- Global Directives
- Directives in the Database Section
- The DB_CONFIG File
- Setting the Cache Size
- Configuring the Data Directory
- Optimizing BDB/HDB Transaction Logging
- Tuning Lock Files
- More about Berkeley DB
- Performance Directives
- Directory Overlays
- A Brief Tour of the Official Overlays
- Configuring an Overlay: denyop
- Loading the module
- Adding the Overlay
- Adding Overlay-Specific Directives
- Referential Integrity Overlay
- Configuring the Overlay
- Modifying the Records
- Drawbacks
- A Useful Note
- The Uniqueness Overlay
- Summary
- Multiple Database Backends
- Chapter 6: LDAP Schemas
- Introduction to LDAP Schemas
- Why Do They Look So Complicated?
- Schema Definitions
- Object Classes and Attributes
- Object Class Definitions
- Attribute Definitions
- Object Identifier Definitions
- DIT Content Rules
- Retrieving the Schemas from SLAPD
- The ObjectClass Hierarchy
- Attribute Hierarchies
- Subordinate Attributes and Searching
- Object Class Types: Abstract, Structural, and Auxiliary
- The Object Class Hierarchy: An Overview
- Abstract Classes
- Structural Object Classes
- Auxiliary Object Classes
- Moving Onward
- Attribute Hierarchies
- Schemas: Accesslog and Password Policy Overlays
- Logging with the Accesslog Overlay
- Loading the accesslog Module
- Configuring the Access Log Backend
- Creating A Directory for the Access Log Files
- Enabling Logging for the Main Backend
- The Log Records
- Implementing a Complex Overlay: Password Policy
- Setting the Global Directives in slapd.conf: Schema and Module
- Creating a Password Policy
- Configure the Overlay Directives
- Test the Overlay
- Password Policy Operational Attributes
- Summary of ppolicy Operational Attributes
- Logging with the Accesslog Overlay
- Creating a Schema
- Getting an OID
- Giving Our OID a Name
- Creating Object Classes
- Creating Attributes
- Loading the New Schema
- Troubleshooting Schema Loading
- A New Record
- Summary
- Introduction to LDAP Schemas
- Chapter 7: Multiple Directories
- Replication: An Overview
- SyncRepl
- Configuring SyncRepl
- Configuring the Master Server
- Creating a SyncRepl User
- Configuring the Shadow Server
- The syncrepl Directive
- Configuring a Referral
- Starting Replication
- For Larger Directories...
- Delta SyncRepl
- The Master Server's Configuration
- The Shadow Server's Configuration
- Debugging SyncRepl
- Starting Over
- Strategic Logging
- A Few Common Mistakes
- Configuring the Master Server
- Configuring an LDAP Proxy
- Using the LDAP Backend
- Using Identity Management Features
- Turning the Simple Proxy into a Caching Proxy
- Notes on the Attribute Sets and Templates
- A Translucent Proxy
- Using the LDAP Backend
- Summary
- Replication: An Overview
- Chapter 8: LDAP and the Web
- The LDAP-Aware Application
- Apache and LDAP
- A Short Guide to Installing Apache
- Configuring LDAP Authentication
- Loading the Modules
- Editing the default Configuration File
- Other Features of the Require Parameter
- phpLDAPadmin
- Prerequisites
- Installing phpLDAPadmin
- Is Your Package Broken?
- Configuring phpLDAPadmin
- A Basic Look at Configuration Parameters
- Configuring the LDAP Server Settings
- A First Look at phpLDAPadmin
- Navigating phpLDAPadmin
- Viewing and Modifying a Record
- Adding a New Record
- Searching with phpLDAPadmin
- Summary
- Appendix A: Building OpenLDAP from Source
- Why Build from Source?
- Getting the Code
- The Tools for Compiling
- Build Tools
- Installing Dependencies
- Compiling OpenLDAP
- Configuring
- Building with make
- Installation
- Building Everything
- Summary
- Appendix B: LDAP URLs
- The LDAP URL
- Common Uses of LDAP URLs
- Not all LDAP URLs are for Searching
- For More Information on LDAP URLs...
- Summary
- Appendix C: Useful LDAP Commands
- Getting Information about the Directory
- The Root DSE
- The Subschema Record
- The Configuration Record
- Making a Directory Backup
- A Backup Copy of the Directory Database
- An LDIF Backup File
- Rebuilding a Database (BDB, HDB)
- Step 1: Stop the Server
- Step 2: Dump the Database
- Step 3: Delete the Old Database Files
- Step 4: Create a New Database
- Step 5: Restart SLAPD
- Troubleshooting Rebuilds
- Summary
- Getting Information about the Directory
