Book Image

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Book Image

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Overview of this book

This book is the ideal introduction to using OpenLDAP for Application Developers and will also benefit System Administrators running OpenLDAP. It prepares the reader to build a directory using OpenLDAP, and then employ this directory in the context of the network, taking a practical approach that emphasizes how to get things done. On occasion, it delves into theoretical aspects of LDAP, but only where understanding the theory helps to answer practical questions. The reader requires no knowledge of OpenLDAP, but even readers already familiar with the technology will find new things and techniques. This book is organized into three major sections: the first section covers the basics of LDAP directory services and the OpenLDAP server; the second focuses on building directory services with OpenLDAP; in the third section of the book, we look at how OpenLDAP is integrated with other applications and services on the network. This book not only demystifies OpenLDAP, but gives System Administrators and Application Developers a solid understanding of how to make use of OpenLDAP's directory services.The OpenLDAP directory server is a mature product that has been around (in one form or another) since 1995. It is an open-source server that provides network clients with directory services. All major Linux distributions include the OpenLDAP server, and many major applications, both open-source and proprietary, are directory aware and can make use of the services provided by OpenLDAP.The OpenLDAP directory server can be used to store organizational information in a centralized location, and make this information available to authorized applications. Client applications connect to OpenLDAP using the Lightweight Directory Access Protocol (LDAP) and can then search the directory and (if they have appropriate access) modify and manipulate records. LDAP servers are most frequently used to provide network-based authentication services for users; but there are many other uses for an LDAP server, including using the directory as an address book, a DNS database, an organizational tool, or even as a network object store for applications.

Related Content you might be interested in

Current Title:

Small book image
Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services
Aug, 2007 | 484 pages
No titles found
Table of Contents (17 chapters)
Mastering OpenLDAP
Mastering OpenLDAP
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
Directory Servers and LDAP
Directory Servers and LDAP
LDAP Basics
The History of LDAP and OpenLDAP
A Technical Overview of OpenLDAP
Summary
2
Installation and Configuration
Installation and Configuration
Before Getting Started
Installation
Configuring the SLAPD Server
Starting and Stopping the Server
Configuring the LDAP Clients
Testing the Server
Summary
3
Using OpenLDAP
Using OpenLDAP
A Brief Survey of the LDAP Suite
LDAP from the Server Side
Creating Directory Data
Using the Utilities to Prepare the Directory
Performing Directory Operations Using the Clients
Summary
4
Securing OpenLDAP
Securing OpenLDAP
LDAP Security: The Three Aspects
Securing Network-Based Directory Connections with SSL/TLS
Authenticating Users to the Directory
Controlling Authorization with ACLs
Summary
5
Advanced Configuration
Advanced Configuration
Multiple Database Backends
Performance Tuning
Directory Overlays
The Uniqueness Overlay
Summary
6
LDAP Schemas
LDAP Schemas
Introduction to LDAP Schemas
The ObjectClass Hierarchy
Schemas: Accesslog and Password Policy Overlays
Creating a Schema
Summary
7
Multiple Directories
Multiple Directories
Replication: An Overview
Configuring SyncRepl
Configuring an LDAP Proxy
Summary
8
LDAP and the Web
LDAP and the Web
The LDAP-Aware Application
Apache and LDAP
phpLDAPadmin
Summary
Building OpenLDAP from Source
Building OpenLDAP from Source
Why Build from Source?
Getting the Code
The Tools for Compiling
Compiling OpenLDAP
Installation
Building Everything
Summary
LDAP URLs
LDAP URLs
The LDAP URL
Common Uses of LDAP URLs
For More Information on LDAP URLs...
Summary
Useful LDAP Commands
Useful LDAP Commands
Getting Information about the Directory
Making a Directory Backup
Rebuilding a Database (BDB, HDB)
Summary
Index
Index

Common Uses of LDAP URLs

Throughout this book LDAP URLs have been used for various purposes.

In Chapter 4 we used LDAP URLs to perform searches in the authz-regexp directive in slapd.conf.

While a full LDAP URL, as we examined, can be a useful way to formulate a search, this is probably not the primary use of LDAP URLs. More commonly the LDAP URL syntax is simplified and used to capture only basic information.

Not all LDAP URLs are for Searching

In Chapter 3 we used LDAP URLs to connect to SLAPD from the ldapsearch utility, but we were not using the LDAP URL as a way to specify a search string. In many cases in fact, an LDAP URL may be used simply to provide protocol, host, and port information in one convenient string:

ldap://example.com:646

In this example the LDAP URL provides sufficient information for a client to use the plain LDAP protocol when connecting to the server Example.Com on the non-standard port 646.

Directory referrals, handled in the slapd.conf file by the referral directive, also use LDAP URL syntax, but only use the protocol, domain, and port settings.

LDAP URLs then, are used for two main purposes, and the purpose of each determines the form:

  • LDAP search URLs follow the sophisticated eight-field format, and can convey all the information needed for an LDAP agent to perform a search

  • LDAP connection URLs utilize only protocol, host, and port information, and are used mainly to convey information about how to connect to a directory

There are currently no LDAP URL forms for modifying or deleting LDAP records.

Previous Section
End of Section
Next Section