LDAP

From Docunext Technology Wiki

Contents 1 LDAP Summary 2 Basic LDAP 3 Positive Thoughts 4 Howto / Notes 5 Helpful Debian Packages 6 TODO / Next Steps 7 LDAP Servers 8 See Also 9 Links

LDAP Summary

LDAP stands for lightweight directory access protocol, and I'm determined to start using it and to better understand how it works.

I originally setup OpenLDAP with MySQL, aka Backsql, which was a fairly herculean effort. Now for learning sake I'm just using the default database type - HDB.

I finally got to login as "admin" with phpLDAPadmin. To do so, I had to change the login attr to "cn" as suggested here.

Basic LDAP

• dn - distinguished name - I think this is like the full, canonical reference name
• cn - common name - I think this is like a nick name
• dc - domain component

Positive Thoughts

These are the things that attract me to LDAP:

• Can be used for linux and unix authentication - My Notes on using LDAP for Linux Authentication
• Can be used for linux host names - My notes on replacing /etc/hosts with LDAP - private DNS is probably better
• Can be used for SMTP, SASL, FTP, and HTTP authentication, among other uses, such as simply providing a list of valid recipients to Postfix
• Can be used for contact directories
• Secure - uses SSL/TLS and x509 certificates
• Distributed - can the database be replicated like MySQL Replication? I think so - with Slurpd? No, I think syncrepl is now preferred. Yes, see LDAP Replication!
• Lightweight - but is it fast? See nscd.

It is sometimes said that ldap is good for data that is read more often than written or updated. I agree, for hostnames, users, and other common data that is stored in files, ldap is a good choice in my opinion.

Howto / Notes

• Setup a debian machine to use an LDAP server for NSS hosts - this worked, but not that well, for me
• Setup a debian machine to use an LDAP server for Authentication - this works good for me
• Setup a CentOS machine to use an LDAP server for Authentication
• Setup a gentoo machine for LDAP authentication
• Tips n Tricks for LDAP ACLs
• LDAP Replication
• Testing LDAP
• ldaptor-utils
• Planning an LDAP Directory
• FreeBSD and pam ldap

Helpful Debian Packages

• ldap-utils
• phpLDAPadmin / ldap-account-manager / lwat / phamm / shelldap
• ldapscripts
• nscd
• LDAP SASL
• LDAP cpu

TODO / Next Steps

• LDAP TLS
• AutoFS
• LDAP ACLs

LDAP Servers

• OpenLDAP
• TinyLDAP
• ApacheDS
• 389 Directory Server

See Also

• web2ldap
• Ruby LDAP
• Authentication
• Postfix and SASL
• Saslauthd LDAP Mechanism
• Dovecot LDAP
• LDAP PHP Script
• ActiveDirectory

Links

• http://www.nexista.org/wiki/ldap/
• http://www.openldap.org/doc/admin24/
• http://wiki.debian.org/LDAP
• https://wiki.ubuntu.com/EasyLDAPServer
• http://www.umich.edu/~dirsvcs/ldap/doc/guides/slapd/
• http://www.bind9.net/manuals-openldap
• http://www.debian-administration.org/articles/403
• http://research.imb.uq.edu.au/~l.rathbone/ldap/tls.shtml
• http://code.google.com/p/google-apps-for-your-domain-ldap-sync/