Book Image

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Book Image

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Overview of this book

This book is the ideal introduction to using OpenLDAP for Application Developers and will also benefit System Administrators running OpenLDAP. It prepares the reader to build a directory using OpenLDAP, and then employ this directory in the context of the network, taking a practical approach that emphasizes how to get things done. On occasion, it delves into theoretical aspects of LDAP, but only where understanding the theory helps to answer practical questions. The reader requires no knowledge of OpenLDAP, but even readers already familiar with the technology will find new things and techniques. This book is organized into three major sections: the first section covers the basics of LDAP directory services and the OpenLDAP server; the second focuses on building directory services with OpenLDAP; in the third section of the book, we look at how OpenLDAP is integrated with other applications and services on the network. This book not only demystifies OpenLDAP, but gives System Administrators and Application Developers a solid understanding of how to make use of OpenLDAP's directory services.The OpenLDAP directory server is a mature product that has been around (in one form or another) since 1995. It is an open-source server that provides network clients with directory services. All major Linux distributions include the OpenLDAP server, and many major applications, both open-source and proprietary, are directory aware and can make use of the services provided by OpenLDAP.The OpenLDAP directory server can be used to store organizational information in a centralized location, and make this information available to authorized applications. Client applications connect to OpenLDAP using the Lightweight Directory Access Protocol (LDAP) and can then search the directory and (if they have appropriate access) modify and manipulate records. LDAP servers are most frequently used to provide network-based authentication services for users; but there are many other uses for an LDAP server, including using the directory as an address book, a DNS database, an organizational tool, or even as a network object store for applications.

Related Content you might be interested in

Current Title:

Small book image
Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services
Aug, 2007 | 484 pages
No titles found
Table of Contents (17 chapters)
Mastering OpenLDAP
Mastering OpenLDAP
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
Directory Servers and LDAP
Directory Servers and LDAP
LDAP Basics
The History of LDAP and OpenLDAP
A Technical Overview of OpenLDAP
Summary
2
Installation and Configuration
Installation and Configuration
Before Getting Started
Installation
Configuring the SLAPD Server
Starting and Stopping the Server
Configuring the LDAP Clients
Testing the Server
Summary
3
Using OpenLDAP
Using OpenLDAP
A Brief Survey of the LDAP Suite
LDAP from the Server Side
Creating Directory Data
Using the Utilities to Prepare the Directory
Performing Directory Operations Using the Clients
Summary
4
Securing OpenLDAP
Securing OpenLDAP
LDAP Security: The Three Aspects
Securing Network-Based Directory Connections with SSL/TLS
Authenticating Users to the Directory
Controlling Authorization with ACLs
Summary
5
Advanced Configuration
Advanced Configuration
Multiple Database Backends
Performance Tuning
Directory Overlays
The Uniqueness Overlay
Summary
6
LDAP Schemas
LDAP Schemas
Introduction to LDAP Schemas
The ObjectClass Hierarchy
Schemas: Accesslog and Password Policy Overlays
Creating a Schema
Summary
7
Multiple Directories
Multiple Directories
Replication: An Overview
Configuring SyncRepl
Configuring an LDAP Proxy
Summary
8
LDAP and the Web
LDAP and the Web
The LDAP-Aware Application
Apache and LDAP
phpLDAPadmin
Summary
Building OpenLDAP from Source
Building OpenLDAP from Source
Why Build from Source?
Getting the Code
The Tools for Compiling
Compiling OpenLDAP
Installation
Building Everything
Summary
LDAP URLs
LDAP URLs
The LDAP URL
Common Uses of LDAP URLs
For More Information on LDAP URLs...
Summary
Useful LDAP Commands
Useful LDAP Commands
Getting Information about the Directory
Making a Directory Backup
Rebuilding a Database (BDB, HDB)
Summary
Index
Index

Building Everything

In the build mentioned in the previous section we compiled only the basics. This gets us what we need to run just the basics. But there are lots of OpenLDAP backends and overlays that can be useful (many of which are covered in this book). In cases where we want to build everything, typically it is best to compile OpenLDAP with module support, and compile all of the overlays and backends as modules. That way we can have all of the extras available, but only the ones needed (and configured in slapd.conf) get loaded at runtime.

Note

Many of the additional backends and overlays have their own dependencies. For example, the Perl backend requires that the Perl libraries be installed. Most of the necessary dependencies are installed by default in Ubuntu. If you don't have the requisite libraries for a module, the configure or make programs will let you know what library is missing, and you will have to track down which package contains that library. For this process, you may find the package search on Debian's website useful (http://www.us.debian.org/distrib/packages#search_contents).

Since we are building OpenLDAP with modules, we will need to make sure that libtool and the libtool header files are installed. In Ubuntu, it is not installed by default. Also, since the Perl backend (back_perl) will be installed, we will need to install the Perl development package. You can install all of these with one command:

  $ sudo apt-get install libtool libltdl3 libltdl3-dev libperl-dev

The libltdl3 library is usually installed by default, but the others are also needed to compile OpenLDAP with module support. Now we are ready to build OpenLDAP with modules.

To build OpenLDAP with all of the extra modules, we just need to use the correct flags with configure:

  $./configure --enable-dynamic --enable-modules --enable-backends=mod 
\
               --enable-overlays=mod

To build everything we need only four flags. The first, --enable-dynamic enables shared libraries. Second, --enable-modules simply tells configure that we want to use modules. The next two indicate what backends and overlays we want built: --enable-overlays, which is set to mod in order to build modules, and –enable-backends (also set to mod) to build all of the available backends.

Once configure completes, you can run make:

  $ make depend && make && make test

This will build all the dependencies, then build OpenLDAP (and all of the modules), and then test everything. When you are ready to install, you can follow the instructions in the previous section.

Previous Section
End of Section
Next Section