Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services
eBook - ePub

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Matt Butcher

Buch teilen
  1. 484 Seiten
  2. English
  3. ePUB (handyfreundlich)
  4. Über iOS und Android verfügbar
eBook - ePub

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Matt Butcher

Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben

Über dieses Buch

In Detail

This book is the ideal introduction to using OpenLDAP for Application Developers and will also benefit System Administrators running OpenLDAP. It prepares the reader to build a directory using OpenLDAP, and then employ this directory in the context of the network, taking a practical approach that emphasizes how to get things done. On occasion, it delves into theoretical aspects of LDAP, but only where understanding the theory helps to answer practical questions. The reader requires no knowledge of OpenLDAP, but even readers already familiar with the technology will find new things and techniques.

This book is organized into three major sections: the first section covers the basics of LDAP directory services and the OpenLDAP server; the second focuses on building directory services with OpenLDAP; in the third section of the book, we look at how OpenLDAP is integrated with other applications and services on the network. This book not only demystifies OpenLDAP, but gives System Administrators and Application Developers a solid understanding of how to make use of OpenLDAP's directory services.

The OpenLDAP directory server is a mature product that has been around (in one form or another) since 1995. It is an open-source server that provides network clients with directory services. All major Linux distributions include the OpenLDAP server, and many major applications, both open-source and proprietary, are directory aware and can make use of the services provided by OpenLDAP.

The OpenLDAP directory server can be used to store organizational information in a centralized location, and make this information available to authorized applications. Client applications connect to OpenLDAP using the Lightweight Directory Access Protocol (LDAP) and can then search the directory and (if they have appropriate access) modify and manipulate records.

LDAP servers are most frequently used to provide network-based authentication services for users; but there are many other uses for an LDAP server, including using the directory as an address book, a DNS database, an organizational tool, or even as a network object store for applications.

Approach

This book has been written from the application developer's perspective, tackling the topics that will be most important to helping the application developer understand OpenLDAP, and get it set up as securely and quickly as possible. It shows how OpenLDAP interoperates with other UNIX/Linux services (DNS, NIS, Samba, etc.).

Who this book is for

The target audience will require basic Linux system administration knowledge, but no prior knowledge of LDAP or OpenLDAP is assumed. If you are web savvy and are interested in using OpenLDAP for web applications and services like client interaction then this is the book for you

Häufig gestellte Fragen

Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services von Matt Butcher im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Information Technology. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.

Information

Verlag
Packt Publishing
Jahr
2007
ISBN
9781847191021
Auflage
1
Thema
Computer Science
Thema
Information Technology

Mastering OpenLDAP

Matt Butcher

Table of Contents

Mastering OpenLDAP
Credits
About the Author
About the Reviewers
Preface
What This Book Covers
What You Need for This Book
Conventions
Reader Feedback
Customer Support
Downloading the Example Code for the Book
Errata
Questions
1. Directory Servers and LDAP
LDAP Basics
What is a Directory?
The Structure of a Directory Entry
A Unique Name: The DN
An Example LDAP Entry
The Object Class Attribute
Operational Attributes
The Directory Information Tree
What to Do with an LDAP Server
The History of LDAP and OpenLDAP
A Technical Overview of OpenLDAP
The Server
Clients
Utilities
Libraries
Summary
2. Installation and Configuration
Before Getting Started
OpenLDAP Binaries for Operating Systems
Commercial OpenLDAP Distribution
Source Code Compilation
A Quick Note on Versions
Installation
Dependencies
Installing OpenLDAP
Configuring the SLAPD Server
Basics
Schemas
More Directives
Module Directives
Database Configuration
ACLs
Verifying a Configuration File
Starting and Stopping the Server
Using the Init Script
Running SLAPD Directly
Configuring the LDAP Clients
A Basic ldap.conf File
Size and Time Limits
Testing the Server
Summary
3. Using OpenLDAP
A Brief Survey of the LDAP Suite
LDAP from the Server Side
SLAPD
The Binding Operation
The Search Operation
More Operations: Additions, Modifications, and Deletions
The Addition Operation
The Modification Operation
The Delete Operation
Infrequent Operations
The ModifyDN Operation
The Compare Operation
The Extended Operation
SLAPD Summary
SLURPD
Creating Directory Data
The LDIF File Format
Anatomy of an LDIF File
Representing Attribute Values in LDIF
Example.Com in LDIF
Defining the Base DN Record
Structuring the Directory with Organizational Units
Theory 1: Directory as Organizational Chart
Theory 2: Directory as IT Service
Expressing the OUs in LDIF
Adding User Records
Adding System Records
Adding Group Records
The Complete LDIF File
Using the Utilities to Prepare the Directory
slapadd
When Should slapadd be Used?
What Does slapadd Do?
Loading the LDIF File
Stopping the Server
Running ldapadd in Test Mode
Importing the Records Using slapadd
Restarting the Directory
If Something Went Wrong...
Destroying and Recreating the Directory Files
slapindex
slapcat
Operational Attributes
slapacl
slapauth
slapdn
slappasswd
Storing and Using Passwords in OpenLDAP
Generating a Password with slappasswd
slaptest
Performing Directory Operations Using the Clients
Common Command-Line Flags
Common Flags
Setting Defaults in ldap.conf
ldapsearch
A Simple Search
Restricting Returned Fields
Requesting Operational Attributes
Searching Using a File
ldapadd
Adding Records from a File
ldapmodify
Adding a Record with ldapmodify
Modifying Existing Records
Modifying the Relative DN
Moving a Record with modrdn
Deleting Entire Records
ldapdelete
ldapcompare
ldapmodrdn
Modifying the Superior DN with ldapmodrdn
ldappasswd
ldapwhoami
Summary
4. Securing OpenLDAP
LDAP Security: The Three Aspects
Securing Network-Based Directory Connections with SSL/TLS
The Basics of SSL and TLS
Authenticity
Encryption
StartTLS
Creating an SSL/TLS CA
Creating a Certificate
Creating a New Certificate Request
Signing the Certificate Request
Configuring and Installing the Certificates
Remove the Pass Phrase from the Key
Relocate the Certificates
Install the CA Certificate
Optional: Clean Up
Configuring StartTLS
Configuring Client TLS
Configuring LDAPS
Debugging with the OpenSSL Client
Using Security Strength Factors
The security Directive
A Fine-Grained security Directive
Authenticating Users to the Directory
Simple Binding
Using an Authentication User for Simple Binding
SASL Binding
Configuring Cyrus SASL
The SASL Configuration File
Setting a User Password
Configuring SLAPD for SASL Support
Using a Replacement String in authz-regexp
Using a Search Filter in authz-regexp
A Note on ACLs and Search Filters
Failure of Mapping
Removing the Need to Specify the Realm
Debugging the SASL Configuration
Using Client SSL/TLS Certificates to Authenticate
Creating a New Client Certificate
Configuring the Client
Configuring the Server
Testing with ldapwhoami
Going Further with SASL
Controlling Authorization with ACLs
The Basics of ACLs
Access to [resources]
Access using DN
Access using attrs
Access using Filters
Combining Access Specifiers
By [who] [type of access granted] [control]
The Access Field
The who Field
The * and anonymous Specifiers
The self Specifier
The users Specifier
The dn Specifier
Groups and Members
Member-Based Record Access
Network, Connections, and Security
Advanced Step: Using the set Specifier
The control Field
Getting More from Regular Expressions
Debugging ACLs
A Practical Example
Summary
5. Advanced Configuration
Multiple Database Backends
The slapd.conf File
Creating and Importing a Second Directory
Performance Tuning
Performance Directives
Global Directives
Time Limits
Idle Timeouts
Size Limits
Threads
Directives in the Database Section
Limits
Read-only and Restrict Directives
Index (BDB/HDB Backends Only)
Controlling the Cache (BDB/HDB Only)
Reducing Disk I/O Latency (BDB/HDB Only)
The DB_CONFIG File
Setting the Cache Size
Configuring the Data Directory
Optimizing BDB/HDB Transaction Logging
Tuning Lock Files
More about Berkeley DB
Directory Overlays
A Brief Tour of the Official Overlays
Configuring an Overlay: denyop
Loading the module
Adding the Overlay
Adding Overlay-Specific Directives
Referential Integrity Overlay
Configuring the Overlay
Modifying the Records
Drawbacks
A Useful Note
The Uniqueness Overlay
Summary
6. LDAP Schemas
Introduction to LDAP Schemas
Why Do They Look So Complicated?
Schema Definitions
Object Classes and Attributes
Object Class Definitions
Attribute Definitions
Object Identifier Definitions
DIT Content Rules
Retrieving the Schemas from SLAPD
The ObjectClass Hierarchy
Attribute Hierarchies
Subordinate Attributes and Searching
Object Class Types: Abstract, Structural, and Auxiliary
The Object Class Hierarchy: An Overview
Abstract Classes
Structural Object Classes
Auxiliary Object Classes
Moving Onward
Schemas: Accesslog and Password Policy Overlays
Logging with the Accesslog Overlay
Loading the accesslog Module
Configuring the Access Log Backend
Creating A Directory for the Access Log Files
Enabling Logging for the Main Backend
The Log Records
Implementing a Complex Overlay: Password Policy
Setting the Global Directives in slapd.conf: Schema and Module
Creating a Password Policy
Configure the Over...

Inhaltsverzeichnis