Synopses & Reviews
Be more productive and make your life easier. That's what LDAP System Administration is all about.System administrators often spend a great deal of time managing configuration information located on many different machines: usernames, passwords, printer configurations, email client configurations, and network filesystem configurations, to name a few. LDAPv3 provides tools for centralizing all of the configuration information and placing it under your control. Rather than maintaining several administrative databases (NIS, Active Directory, Samba, and NFS configuration files), you can make changes in only one place and have all your systems immediately "see" the updated information.Practically platform independent, this book uses the widely available, open source OpenLDAP 2 directory server as a premise for examples, showing you how to use it to help you manage your configuration information effectively and securely. OpenLDAP 2 ships with most Linux® distributions and Mac OS® X, and can be easily downloaded for most Unix-based systems. After introducing the workings of a directory service and the LDAP protocol, all aspects of building and installing OpenLDAP, plus key ancillary packages like SASL and OpenSSL, this book discusses:
- Configuration and access control
- Distributed directories; replication and referral
- Using OpenLDAP to replace NIS
- Using OpenLDAP to manage email configurations
- Using LDAP for abstraction with FTP and HTTP servers, Samba, and Radius
- Interoperating with different LDAP servers, including Active Directory
- Programming using Net::LDAP
If you want to be a master of your domain,
LDAP System Administration will help you get up and running quickly regardless of which LDAP version you use. After reading this book, even with no previous LDAP experience, you'll be able to integrate a directory server into essential network services such as mail, DNS, HTTP, and SMB/CIFS.
Synopsis
Carter discusses using directories for the Unix system administration, and tells readers how to get the directory running, how to get data into the directory, and other critical LDAP skills.
About the Author
Gerald (Jerry) Carter received his Masters degree in Computer Science from Auburn University, where he continues to pursue his PhD. He has been a member of the Samba development Team since 1998 and his involvement with Unix systems and network administration of UNIX began in 1995. Jerry currently works for HP, working on embedded printing appliances. Having published articles with various web-based magazines, he teaches instructional courses as a consultant for several companies and conferences.
Table of Contents
Preface; How This Book Is Organized; Conventions Used in This Book; Comments and Questions; Acknowledgments; Part I: LDAP Basics; Chapter 1: "Now where did I put that...?", or "What is a directory?"; 1.1 The Lightweight Directory Access Protocol; 1.2 What Is LDAP?; 1.3 LDAP Models; Chapter 2: LDAPv3 Overview; 2.1 LDIF; 2.2 What Is an Attribute?; 2.3 What Is the dc Attribute?; 2.4 Schema References; 2.5 Authentication; 2.6 Distributed Directories; 2.7 Continuing Standardization; Chapter 3: OpenLDAP; 3.1 Obtaining the OpenLDAP Distribution; 3.2 Software Requirements; 3.3 Compiling OpenLDAP 2; 3.4 OpenLDAP Clients and Servers; 3.5 The slapd.conf Configuration File; 3.6 Access Control Lists (ACLs); Chapter 4: OpenLDAP: Building a Company White Pages; 4.1 A Starting Point; 4.2 Defining the Schema; 4.3 Updating slapd.conf; 4.4 Starting slapd; 4.5 Adding the Initial Directory Entries; 4.6 Graphical Editors; Chapter 5: Replication, Referrals, Searching, and SASL Explained; 5.1 More Than One Copy Is "a Good Thing"; 5.2 Distributing the Directory; 5.3 Advanced Searching Options; 5.4 Determining a Server's Capabilities; 5.5 Creating Custom Schema Files for slapd; 5.6 SASL and OpenLDAP; Part II: Application Integration; Chapter 6: Replacing NIS; 6.1 More About NIS; 6.2 Schemas for Information Services; 6.3 Information Migration; 6.4 The pam_ldap Module; 6.5 The nss_ldap Module; 6.6 OpenSSH, PAM, and NSS; 6.7 Authorization Through PAM; 6.8 Netgroups; 6.9 Security; 6.10 Automount Maps; 6.11 PADL's NIS/LDAP Gateway; Chapter 7: Email and LDAP; 7.1 Representing Users; 7.2 Email Clients and LDAP; 7.3 Mail Transfer Agents (MTAs); Chapter 8: Standard Unix Services and LDAP; 8.1 The Directory Namespace; 8.2 An FTP/HTTP Combination; 8.3 User Authentication with Samba; 8.4 FreeRadius; 8.5 Resolving Hosts; 8.6 Central Printer Management; Chapter 9: LDAP Interoperability; 9.1 Interoperability or Integration?; 9.2 Directory Gateways; 9.3 Cross-Platform Authentication Services; 9.4 Distributed, Multivendor Directories; 9.5 Metadirectories; 9.6 Push/Pull Agents for Directory Synchronization; Chapter 10: Net::LDAP and Perl; 10.1 The Net::LDAP Module; 10.2 Connecting, Binding, and Searching; 10.3 Working with Net::LDAP::LDIF; 10.4 Updating the Directory; 10.5 Advanced Net::LDAP Scripting; Part III: Appendixes; Appendix A: PAM and NSS; A.1 Pluggable Authentication Modules; A.2 Name Service Switch (NSS); Appendix B: OpenLDAP Command-Line Tools; B.1 Debugging Options; B.2 Slap Tools; B.3 LDAP Tools; Appendix C: Common Attributes and Objects; C.1 Schema Files; C.2 Attributes; C.3 Object Classes; Appendix D: LDAP RFCs, Internet-Drafts, and Mailing Lists; D.1 Requests for Comments; D.2 Mailing Lists; Appendix E: slapd.conf ACLs; E.1 What?; E.2 Who?; E.3 How Much?; E.4 Examples; Colophon;