Book Image

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Book Image

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Overview of this book

This book is the ideal introduction to using OpenLDAP for Application Developers and will also benefit System Administrators running OpenLDAP. It prepares the reader to build a directory using OpenLDAP, and then employ this directory in the context of the network, taking a practical approach that emphasizes how to get things done. On occasion, it delves into theoretical aspects of LDAP, but only where understanding the theory helps to answer practical questions. The reader requires no knowledge of OpenLDAP, but even readers already familiar with the technology will find new things and techniques. This book is organized into three major sections: the first section covers the basics of LDAP directory services and the OpenLDAP server; the second focuses on building directory services with OpenLDAP; in the third section of the book, we look at how OpenLDAP is integrated with other applications and services on the network. This book not only demystifies OpenLDAP, but gives System Administrators and Application Developers a solid understanding of how to make use of OpenLDAP's directory services.The OpenLDAP directory server is a mature product that has been around (in one form or another) since 1995. It is an open-source server that provides network clients with directory services. All major Linux distributions include the OpenLDAP server, and many major applications, both open-source and proprietary, are directory aware and can make use of the services provided by OpenLDAP.The OpenLDAP directory server can be used to store organizational information in a centralized location, and make this information available to authorized applications. Client applications connect to OpenLDAP using the Lightweight Directory Access Protocol (LDAP) and can then search the directory and (if they have appropriate access) modify and manipulate records. LDAP servers are most frequently used to provide network-based authentication services for users; but there are many other uses for an LDAP server, including using the directory as an address book, a DNS database, an organizational tool, or even as a network object store for applications.

Related Content you might be interested in

Current Title:

Small book image
Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services
Aug, 2007 | 484 pages
No titles found
Table of Contents (17 chapters)
Mastering OpenLDAP
Mastering OpenLDAP
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
Directory Servers and LDAP
Directory Servers and LDAP
LDAP Basics
The History of LDAP and OpenLDAP
A Technical Overview of OpenLDAP
Summary
2
Installation and Configuration
Installation and Configuration
Before Getting Started
Installation
Configuring the SLAPD Server
Starting and Stopping the Server
Configuring the LDAP Clients
Testing the Server
Summary
3
Using OpenLDAP
Using OpenLDAP
A Brief Survey of the LDAP Suite
LDAP from the Server Side
Creating Directory Data
Using the Utilities to Prepare the Directory
Performing Directory Operations Using the Clients
Summary
4
Securing OpenLDAP
Securing OpenLDAP
LDAP Security: The Three Aspects
Securing Network-Based Directory Connections with SSL/TLS
Authenticating Users to the Directory
Controlling Authorization with ACLs
Summary
5
Advanced Configuration
Advanced Configuration
Multiple Database Backends
Performance Tuning
Directory Overlays
The Uniqueness Overlay
Summary
6
LDAP Schemas
LDAP Schemas
Introduction to LDAP Schemas
The ObjectClass Hierarchy
Schemas: Accesslog and Password Policy Overlays
Creating a Schema
Summary
7
Multiple Directories
Multiple Directories
Replication: An Overview
Configuring SyncRepl
Configuring an LDAP Proxy
Summary
8
LDAP and the Web
LDAP and the Web
The LDAP-Aware Application
Apache and LDAP
phpLDAPadmin
Summary
Building OpenLDAP from Source
Building OpenLDAP from Source
Why Build from Source?
Getting the Code
The Tools for Compiling
Compiling OpenLDAP
Installation
Building Everything
Summary
LDAP URLs
LDAP URLs
The LDAP URL
Common Uses of LDAP URLs
For More Information on LDAP URLs...
Summary
Useful LDAP Commands
Useful LDAP Commands
Getting Information about the Directory
Making a Directory Backup
Rebuilding a Database (BDB, HDB)
Summary
Index
Index

The History of LDAP and OpenLDAP

At first glance, the term LDAP seems misleading. When we talk, for instance, about the primary protocol for the web, HTTP (HyperText Transfer Protocol), we are talking about the way that web applications transfer information across the network. We are not talking about the format of the data that is moved across the network, nor are we talking about how that data is stored on or retrieved from the server.

But when we talk about LDAP, we are usually talking not only about the network protocol, but about a particular kind of server that stores data of a well-defined format inside of a special database. There is a historical reason for this seemingly misleading name.

Originally, LDAP was just a network protocol used to get data out of an X.500 directory (a directory server architecture, designed in the 1980s and standardized in 1988). This was the intent of Yeong, Howes, and Killie when they initially drafted the LDAP specification as RFC 1487 in 1993.

Tip

About RFCs

RFCs (Requests for Comments) are a series of technical documents, usually specifying standards. Each RFC is identified by number, which are organized sequentially—earlier RFCs have lower numbers. There are many websites that make the RFC database, in whole or in part, available. One exemplary source is the RFC Editor (http://www.rfc-editor.org), which is used in this book.

The first LDAP servers were gateways to X.500 directories, but these servers quickly evolved into full-fledged directory servers. Tim Howes and his colleagues at the University of Michigan created the Open Source University of Michigan LDAP Implementation, which became the reference implementation for other LDAP servers.

Note

Historical information on the University of Michigan LDAP project is still available online: http://www.umich.edu/~dirsvcs/ldap/ldap.html

As the University of Michigan's LDAP server matured, a wealth of new standards was created. LDAP picked up industry momentum. Tim Howes was hired by Netscape, and LDAP went mainstream.

By the late 1990's, Netscape, Novell, Oracle, and Microsoft (among others) all touted LDAP offerings. RFC 2251, released in 1997, standardized LDAPv3, which made vast improvements to the earlier LDAP standards.

The market for LDAP servers matured, but the University of Michigan project lost momentum. Key developers had left the university to move along to other projects.

In 1998 the OpenLDAP project was started by Kurt Zeilenga. Soon after, Howard Chu (formerly of the University of Michigan, and the current architect of the project) joined. They rescued the University of Michigan's code base, beginning development anew. The result, OpenLDAP 2.0, was highly successful, and made its way into almost every major Linux distribution.

Note

A complete list of OpenLDAP contributors, from the project's inception to the present, can be found at http://www.openldap.org/project/.

Since the late '90's, OpenLDAP has continued to mature, overseen by the OpenLDAP Foundation, and supported by contributions from industry sponsors. As of this writing, version 2.3 is the stable release, and version 2.4 is in the beta stages.

As was the intent with the University of Michigan LDAP server, OpenLDAP still adheres closely to the LDAP standards. In fact, Kurt Zeilenga is responsible for many of the updates made to the LDAP standards in June 2006.

But in addition to its high degree of standards compliance, OpenLDAP is also one of the fastest directory servers in the market, far outpacing offerings from other Open Source directory server implementations.

Previous Section
End of Section 3
Next Section