Deploying OpenLDAP

...I was excited to see Deploying OpenLDAP, by Tom Jackiewicz and published by Apress, on Amazon's electronic bookshelf. After reviewing the Table of Contents I quickly ordered the book.For all the work and time invested in using LDAP, not enough time has been spent designing the layout and the logic of directories. End users and system architects often don't give appropriate attention to the deployment of LDAP as a standards-based system with interfacing ability. Thus, many of LDAP's best features&emdash;especially OpenLDAP&emdash;become unusable. As a remedy, Deploying OpenLDAP delves into the logic, theories and fundamentals of directories. The text focuses on open standards, rather than proprietary systems&emdash;which are expensive and incompatible with other systems. If you already know advanced programming implementation, but don't fully understand how all pieces fit together , then this book will surpass explaining, "what is," and instead show you, "how to." Cover......Page 1 Copyright......Page 4 Contents at a Glance......Page 7 Contents......Page 9 About the Author......Page 15 About the Technical Reviewers......Page 17 Acknowledgments......Page 19 Source Code......Page 21 X.500......Page 23 NIS......Page 24 Relational Model......Page 25 LDAP Standards......Page 26 Gathering Information......Page 35 Name......Page 37 Phone......Page 38 PKI Information......Page 39 Badge......Page 40 Customer Data......Page 41 Changing Application Sources......Page 42 User-Facing Applications......Page 43 Back-End Systems......Page 44 Understanding Meta-Directories......Page 46 LDAP As Oracle......Page 49 LDAP As a Sync Source......Page 52 Shortsighted Deployment......Page 54 Summary......Page 56 Defining Your Schema......Page 57 ASN Schema Format......Page 60 Object Identifiers (OIDs)......Page 61 Attributes......Page 63 Attribute Name......Page 64 Attribute Syntax......Page 65 Object Classes......Page 68 Other Data Definition Information......Page 69 Groups......Page 70 Roles......Page 71 Schema Checking......Page 72 Structuring the Directory Information Tree (DIT)......Page 73 Organization by Business Function or Group......Page 74 LDAP Operations......Page 75 Changetype: modify......Page 76 Chaining Operations......Page 77 Indexing Data......Page 78 Summary......Page 79 Separating Your Environments......Page 81 Setting Up Classes of Hosts......Page 84 Using the Creative Convention......Page 86 RFC 1178......Page 87 Using the Logical Convention......Page 89 Function and Major Designation......Page 90 Using the Standard Host Specifications......Page 91 Using the Standard Host Installation......Page 92 Starting the Application......Page 94 Using Command-Line Options......Page 95 Implementing Logs......Page 96 Summary......Page 97 Choosing a Distribution......Page 99 Obtaining the Distribution......Page 100 Performing the Base Installation......Page 102 Creating a Local Database......Page 105 Creating an Offline Database......Page 107 Using LDAP Search Filters......Page 109 Using OpenLDAP Utilities......Page 112 ldapmodify (1) and ldapadd (1)......Page 113 ldapsearch (1)......Page 115 ldapdelete (1)......Page 118 ldapmodrdn (1)......Page 121 slapcat (8C)......Page 123 slapadd (8C)......Page 124 Summary......Page 125 How Much RAM Do You Need?......Page 127 How Much Disk Space Do You Need?......Page 128 Authentication......Page 130 SASL......Page 131 SASL Proxy Authorization......Page 133 Shared-Secret Mechanisms......Page 134 Transport Layer Security......Page 137 Kerberos......Page 138 Understanding Replication......Page 139 changelog/Replication Log......Page 140 slurpd......Page 142 Importing Databases......Page 143 slapcat......Page 144 Testing......Page 145 DNS Resource Records for Service Location......Page 146 Localized Scope......Page 147 ldap.conf......Page 148 SASL Options......Page 149 slapd.conf......Page 150 slapd.oc.conf......Page 155 Summary......Page 156 Utilizing Command-Line Tools......Page 157 LDAP Controls......Page 162 LDAP API......Page 167 Downloading the Netscape C SDK......Page 168 API Calls......Page 170 Obtaining the LDAP Perl API......Page 172 Error Processing......Page 173 Functions That Perform Operations on Entries......Page 174 ldap_abandon_ext(ld,msgid,serverctrls,clientctrls)......Page 179 ldap_add_ext_s(ld,dn,attrs,serverctrls,clientctrls)......Page 180 ldap_bind_s(ld,dn,passwd,authmethod)......Page 181 ldap_create_persistentsearch_control(ld,changetypes,changesonly, return_echg_ctrls,ctrl_iscritical,ctrlp)......Page 182 ldap_delete_ext(ld,dn,serverctrls,clientctrls,msgidp)......Page 183 ldap_explode_dn(dn,notypes)......Page 184 ldap_extended_operation_s(ld,requestoid,requestdata,serverctrls, clientctrls,retoidp,retdatap)......Page 185 ldap_get_entry_controls(ld,entry,serverctrlsp)......Page 186 ldap_get_values_len(ld,entry,target)......Page 187 ldap_is_ldap_url(url)......Page 188 ldap_modify_ext_s(ld,dn,mods,serverctrls,clientctrls)......Page 189 ldap_modrdn_s(ld,dn,newrdn)......Page 190 ldap_next_attribute(ld,entry,ber)......Page 191 ldap_result(ld,msgid,all,timeout,result)......Page 192 ldap_sasl_bind(ld,dn,mechanism,cred,serverctrls,clientctrls,msgidp)......Page 193 ldap_search(ld,base,scope,filter,attrs,attrsonly)......Page 194 ldap_search_ext_s(ld,base,scope,filter,attrs,attrsonly,serverctrls,clientctrls, timeoutp,sizelimit,res)......Page 195 ldap_search_s(ld,base,scope,filter,attrs,attrsonly,res)......Page 196 ldap_simple_bind(ld,who,passwd)......Page 197 ldap_simple_bind_s(ld,who,passwd)......Page 198 Performing Operations Against Your OpenLDAP Directory......Page 208 Using Java and JNDI......Page 209 Introduction......Page 223 Top-Level Structure......Page 224 Directory Entries......Page 225 Entry Object Class......Page 226 Multivalued Attributes......Page 227 Object Classes......Page 228 Attribute Type Definitions......Page 230 Conformance......Page 231 Summary......Page 232 Introducing Network Information Services......Page 233 Introducing Standard NIS Configurations......Page 234 Performing Synchronization with LDAP......Page 236 Performing Direct Integration......Page 237 Configuring the LDAP Client (Host)......Page 272 Using the ldapclient Utility......Page 278 Configuring NSS......Page 283 Configuring PAM......Page 284 Setting Up Security......Page 285 Using Sendmail......Page 286 Enabling the Software......Page 287 Migrating Information......Page 289 Setting Up LDAP Routing......Page 293 Summary......Page 295 Preparing for Integration......Page 297 Integrating Apache......Page 298 Integrating Pine......Page 302 Integrating Samba......Page 308 Integrating Eudora......Page 316 Integrating Exchange......Page 317 Integrating Appliances......Page 320 Summary......Page 321 Index......Page 323

For all the work and time invested in using LDAP, not enough time has been spent designing the layout and the logic of directories. End users and system architects often do not give appropriate attention to the deployment of LDAP as a standards-based system with interfacing ability. Thus, many of LDAPs best features-especially OpenLDAP-become unusable.

As a remedy, Deploying OpenLDAP delves into the logic, theories and fundamentals of directories. The text focuses on open standards, rather than proprietary systems, which are expensive and incompatible with other systems. If you already know advanced programming implementation, but don't fully understand how all pieces fit together, then this book will go beyond explaining 'what is,' and instead show you 'how to.'

Table of Contents

1. Assessing Your Environment
2. Understanding Data Definitions
3. Implementing Deployment, Operations, and Administration Strategies
4. Installing OpenLDAP
5. Implementing OpenLDAP
6. Scripting and Programming LDAP
7. Integrating at the System Level
8. Integrating OpenLDAP with Applications, User Systems, and Client Tools

* Focuses on open standards rather than proprietary systems, which are expensive and incompatible with other systems. * Can be used by someone who already knows advanced programming and implementation but doesnt understand how everything fits together. * Scripting for network administrators who want to perform tasks but arent necessarily programmers.