Book Image

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Book Image

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Overview of this book

This book is the ideal introduction to using OpenLDAP for Application Developers and will also benefit System Administrators running OpenLDAP. It prepares the reader to build a directory using OpenLDAP, and then employ this directory in the context of the network, taking a practical approach that emphasizes how to get things done. On occasion, it delves into theoretical aspects of LDAP, but only where understanding the theory helps to answer practical questions. The reader requires no knowledge of OpenLDAP, but even readers already familiar with the technology will find new things and techniques. This book is organized into three major sections: the first section covers the basics of LDAP directory services and the OpenLDAP server; the second focuses on building directory services with OpenLDAP; in the third section of the book, we look at how OpenLDAP is integrated with other applications and services on the network. This book not only demystifies OpenLDAP, but gives System Administrators and Application Developers a solid understanding of how to make use of OpenLDAP's directory services.The OpenLDAP directory server is a mature product that has been around (in one form or another) since 1995. It is an open-source server that provides network clients with directory services. All major Linux distributions include the OpenLDAP server, and many major applications, both open-source and proprietary, are directory aware and can make use of the services provided by OpenLDAP.The OpenLDAP directory server can be used to store organizational information in a centralized location, and make this information available to authorized applications. Client applications connect to OpenLDAP using the Lightweight Directory Access Protocol (LDAP) and can then search the directory and (if they have appropriate access) modify and manipulate records. LDAP servers are most frequently used to provide network-based authentication services for users; but there are many other uses for an LDAP server, including using the directory as an address book, a DNS database, an organizational tool, or even as a network object store for applications.

Related Content you might be interested in

Current Title:

Small book image
Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services
Aug, 2007 | 484 pages
No titles found
Table of Contents (17 chapters)
Mastering OpenLDAP
Mastering OpenLDAP
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
Directory Servers and LDAP
Directory Servers and LDAP
LDAP Basics
The History of LDAP and OpenLDAP
A Technical Overview of OpenLDAP
Summary
2
Installation and Configuration
Installation and Configuration
Before Getting Started
Installation
Configuring the SLAPD Server
Starting and Stopping the Server
Configuring the LDAP Clients
Testing the Server
Summary
3
Using OpenLDAP
Using OpenLDAP
A Brief Survey of the LDAP Suite
LDAP from the Server Side
Creating Directory Data
Using the Utilities to Prepare the Directory
Performing Directory Operations Using the Clients
Summary
4
Securing OpenLDAP
Securing OpenLDAP
LDAP Security: The Three Aspects
Securing Network-Based Directory Connections with SSL/TLS
Authenticating Users to the Directory
Controlling Authorization with ACLs
Summary
5
Advanced Configuration
Advanced Configuration
Multiple Database Backends
Performance Tuning
Directory Overlays
The Uniqueness Overlay
Summary
6
LDAP Schemas
LDAP Schemas
Introduction to LDAP Schemas
The ObjectClass Hierarchy
Schemas: Accesslog and Password Policy Overlays
Creating a Schema
Summary
7
Multiple Directories
Multiple Directories
Replication: An Overview
Configuring SyncRepl
Configuring an LDAP Proxy
Summary
8
LDAP and the Web
LDAP and the Web
The LDAP-Aware Application
Apache and LDAP
phpLDAPadmin
Summary
Building OpenLDAP from Source
Building OpenLDAP from Source
Why Build from Source?
Getting the Code
The Tools for Compiling
Compiling OpenLDAP
Installation
Building Everything
Summary
LDAP URLs
LDAP URLs
The LDAP URL
Common Uses of LDAP URLs
For More Information on LDAP URLs...
Summary
Useful LDAP Commands
Useful LDAP Commands
Getting Information about the Directory
Making a Directory Backup
Rebuilding a Database (BDB, HDB)
Summary
Index
Index

A Technical Overview of OpenLDAP

This book is a practically oriented technical book. It is designed to help you get OpenLDAP up and running, and to help you integrate LDAP into your own applications.

We will now begin this transition from the high-level material presented earlier to a more practical examination of the OpenLDAP suite of packages. First, let's take a brief look at the technical structure of OpenLDAP.

The OpenLDAP suite can be broken up into four components:

  • Servers: Provide LDAP services

  • Clients: Manipulate LDAP data

  • Utilities: Support LDAP servers

  • Libraries: provide programming interfaces to LDAP

In the course of this book, we will look at all four of these categories. Here, we will just get an overview:

This diagram explains how these four elements relate to each other.

The Server

The main server in the LDAP suite is SLAPD (the Stand-Alone LDAP Daemon). This server provides access to one or more directory information trees. Clients connect to the server over the LDAP protocol, usually using a network-based connection (though SLAPD provides a UNIX socket listener, too).

A server can store directory data locally, or simply access (or proxy access) to external sources. Typically, it provides authentication and searching services, and may also support adding, removing, and modifying directory data. It provides fine-grained access control to the directory.

SLAPD is a major focus of this book, and we will discuss it in detail in the chapters to come.

Clients

Clients access LDAP servers over the LDAP network protocol. They function by requesting that the server performs operations on their behalf. Typically, a client will first connect to the directory server, then bind (authenticate), and then perform zero or more other operations (searches, modifications, additions, deletions, and so on) before finally unbinding and disconnecting.

Utilities

Unlike clients, utilities do not perform operations using the LDAP protocol. Instead, they manipulate data at a lower level, and without mediation by the server. They are used primarily to help maintain the server.

Libraries

There are several OpenLDAP libraries that are shared between LDAP applications. The libraries provide LDAP functions to these applications. The clients, utilities, and servers all share access to some of these libraries.

Application Programming Interfaces (APIs) are provided to allow software developers to write their own LDAP-aware applications without having to re-write fundamental LDAP code.

While the APIs provided with OpenLDAP are written in C, the OpenLDAP project also provides two Java APIs. These Java libraries are not included in the OpenLDAP suite, and are not covered in this book. Both however, can be retrieved from the OpenLDAP website: http://openldap.org.

As we move on through this book we will examine each of these components of the LDAP architecture in detail.

Previous Section
End of Section 4
Next Section