Practical Ldap On Linux (2002).pdf

Practical LDAP on Linux

A practical guide to integrating LDAP

directory services on Linux

Michael Clark <michael@metaparadigm.com>

http://gort.metaparadigm.com/ldap/

Aug-23-02

Presentation Overview

‹ The need for LDAP

‹ LDAP Overview and Basics

‹ Setting up and tuning OpenLDAP

‹ Name services, authentication and authorisation

‹ Mail routing with sendmail and postfix

‹ Apache authentication

‹ Other LDAP tools and applications

Aug-23-02

The need for LDAP

‹ Multiple disparate sources of the same information

‹ Users need separate logins and passwords to login to

different systems

‹ Complex to keep information in sync

‹ Similar data spread around many flat files or in

database with different formats

‹ Inadequacies of NIS ie. Not very extensible

‹ X.500 is too complicated

Aug-23-02

LDAP Overview

‹ LDAP is a ‘Lightweight Directory Access Protocol’

‹ LDAP marries a lightweight DAP with the X.500

information model

‹ Uses an extensible hierarchical object data model

‹ An LDAP server may implement multiple ‘back-ends’:

RDBMS, simple indexes (Berkeley DB), X.500 gateway

‹ Designed for frequent reads and infrequent writes

Aug-23-02

LDAP Benefits

‹ Standardised schemas exist for many purposes

(well beyond that of NIS)

‹ Allows consolidation of many information sources

‹ Well defined API, support from many applications

‹ Easily replicated and distributed

‹ Multiple backends allow integration with existing data

sources (RDBMS, etc)

‹ Much faster than RDBMS (using lightweight backend

like Berkeley DB)

Aug-23-02