Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services
eBook - ePub

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Matt Butcher

Partager le livre
  1. 484 pages
  2. English
  3. ePUB (adapté aux mobiles)
  4. Disponible sur iOS et Android
eBook - ePub

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Matt Butcher

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

In Detail

This book is the ideal introduction to using OpenLDAP for Application Developers and will also benefit System Administrators running OpenLDAP. It prepares the reader to build a directory using OpenLDAP, and then employ this directory in the context of the network, taking a practical approach that emphasizes how to get things done. On occasion, it delves into theoretical aspects of LDAP, but only where understanding the theory helps to answer practical questions. The reader requires no knowledge of OpenLDAP, but even readers already familiar with the technology will find new things and techniques.

This book is organized into three major sections: the first section covers the basics of LDAP directory services and the OpenLDAP server; the second focuses on building directory services with OpenLDAP; in the third section of the book, we look at how OpenLDAP is integrated with other applications and services on the network. This book not only demystifies OpenLDAP, but gives System Administrators and Application Developers a solid understanding of how to make use of OpenLDAP's directory services.

The OpenLDAP directory server is a mature product that has been around (in one form or another) since 1995. It is an open-source server that provides network clients with directory services. All major Linux distributions include the OpenLDAP server, and many major applications, both open-source and proprietary, are directory aware and can make use of the services provided by OpenLDAP.

The OpenLDAP directory server can be used to store organizational information in a centralized location, and make this information available to authorized applications. Client applications connect to OpenLDAP using the Lightweight Directory Access Protocol (LDAP) and can then search the directory and (if they have appropriate access) modify and manipulate records.

LDAP servers are most frequently used to provide network-based authentication services for users; but there are many other uses for an LDAP server, including using the directory as an address book, a DNS database, an organizational tool, or even as a network object store for applications.

Approach

This book has been written from the application developer's perspective, tackling the topics that will be most important to helping the application developer understand OpenLDAP, and get it set up as securely and quickly as possible. It shows how OpenLDAP interoperates with other UNIX/Linux services (DNS, NIS, Samba, etc.).

Who this book is for

The target audience will require basic Linux system administration knowledge, but no prior knowledge of LDAP or OpenLDAP is assumed. If you are web savvy and are interested in using OpenLDAP for web applications and services like client interaction then this is the book for you

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services par Matt Butcher en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Computer Science et Information Technology. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Éditeur
Packt Publishing
Année
2007
ISBN
9781847191021
Édition
1
Sujet
Computer Science
Sous-sujet
Information Technology

Mastering OpenLDAP

Matt Butcher

Table of Contents

Mastering OpenLDAP
Credits
About the Author
About the Reviewers
Preface
What This Book Covers
What You Need for This Book
Conventions
Reader Feedback
Customer Support
Downloading the Example Code for the Book
Errata
Questions
1. Directory Servers and LDAP
LDAP Basics
What is a Directory?
The Structure of a Directory Entry
A Unique Name: The DN
An Example LDAP Entry
The Object Class Attribute
Operational Attributes
The Directory Information Tree
What to Do with an LDAP Server
The History of LDAP and OpenLDAP
A Technical Overview of OpenLDAP
The Server
Clients
Utilities
Libraries
Summary
2. Installation and Configuration
Before Getting Started
OpenLDAP Binaries for Operating Systems
Commercial OpenLDAP Distribution
Source Code Compilation
A Quick Note on Versions
Installation
Dependencies
Installing OpenLDAP
Configuring the SLAPD Server
Basics
Schemas
More Directives
Module Directives
Database Configuration
ACLs
Verifying a Configuration File
Starting and Stopping the Server
Using the Init Script
Running SLAPD Directly
Configuring the LDAP Clients
A Basic ldap.conf File
Size and Time Limits
Testing the Server
Summary
3. Using OpenLDAP
A Brief Survey of the LDAP Suite
LDAP from the Server Side
SLAPD
The Binding Operation
The Search Operation
More Operations: Additions, Modifications, and Deletions
The Addition Operation
The Modification Operation
The Delete Operation
Infrequent Operations
The ModifyDN Operation
The Compare Operation
The Extended Operation
SLAPD Summary
SLURPD
Creating Directory Data
The LDIF File Format
Anatomy of an LDIF File
Representing Attribute Values in LDIF
Example.Com in LDIF
Defining the Base DN Record
Structuring the Directory with Organizational Units
Theory 1: Directory as Organizational Chart
Theory 2: Directory as IT Service
Expressing the OUs in LDIF
Adding User Records
Adding System Records
Adding Group Records
The Complete LDIF File
Using the Utilities to Prepare the Directory
slapadd
When Should slapadd be Used?
What Does slapadd Do?
Loading the LDIF File
Stopping the Server
Running ldapadd in Test Mode
Importing the Records Using slapadd
Restarting the Directory
If Something Went Wrong...
Destroying and Recreating the Directory Files
slapindex
slapcat
Operational Attributes
slapacl
slapauth
slapdn
slappasswd
Storing and Using Passwords in OpenLDAP
Generating a Password with slappasswd
slaptest
Performing Directory Operations Using the Clients
Common Command-Line Flags
Common Flags
Setting Defaults in ldap.conf
ldapsearch
A Simple Search
Restricting Returned Fields
Requesting Operational Attributes
Searching Using a File
ldapadd
Adding Records from a File
ldapmodify
Adding a Record with ldapmodify
Modifying Existing Records
Modifying the Relative DN
Moving a Record with modrdn
Deleting Entire Records
ldapdelete
ldapcompare
ldapmodrdn
Modifying the Superior DN with ldapmodrdn
ldappasswd
ldapwhoami
Summary
4. Securing OpenLDAP
LDAP Security: The Three Aspects
Securing Network-Based Directory Connections with SSL/TLS
The Basics of SSL and TLS
Authenticity
Encryption
StartTLS
Creating an SSL/TLS CA
Creating a Certificate
Creating a New Certificate Request
Signing the Certificate Request
Configuring and Installing the Certificates
Remove the Pass Phrase from the Key
Relocate the Certificates
Install the CA Certificate
Optional: Clean Up
Configuring StartTLS
Configuring Client TLS
Configuring LDAPS
Debugging with the OpenSSL Client
Using Security Strength Factors
The security Directive
A Fine-Grained security Directive
Authenticating Users to the Directory
Simple Binding
Using an Authentication User for Simple Binding
SASL Binding
Configuring Cyrus SASL
The SASL Configuration File
Setting a User Password
Configuring SLAPD for SASL Support
Using a Replacement String in authz-regexp
Using a Search Filter in authz-regexp
A Note on ACLs and Search Filters
Failure of Mapping
Removing the Need to Specify the Realm
Debugging the SASL Configuration
Using Client SSL/TLS Certificates to Authenticate
Creating a New Client Certificate
Configuring the Client
Configuring the Server
Testing with ldapwhoami
Going Further with SASL
Controlling Authorization with ACLs
The Basics of ACLs
Access to [resources]
Access using DN
Access using attrs
Access using Filters
Combining Access Specifiers
By [who] [type of access granted] [control]
The Access Field
The who Field
The * and anonymous Specifiers
The self Specifier
The users Specifier
The dn Specifier
Groups and Members
Member-Based Record Access
Network, Connections, and Security
Advanced Step: Using the set Specifier
The control Field
Getting More from Regular Expressions
Debugging ACLs
A Practical Example
Summary
5. Advanced Configuration
Multiple Database Backends
The slapd.conf File
Creating and Importing a Second Directory
Performance Tuning
Performance Directives
Global Directives
Time Limits
Idle Timeouts
Size Limits
Threads
Directives in the Database Section
Limits
Read-only and Restrict Directives
Index (BDB/HDB Backends Only)
Controlling the Cache (BDB/HDB Only)
Reducing Disk I/O Latency (BDB/HDB Only)
The DB_CONFIG File
Setting the Cache Size
Configuring the Data Directory
Optimizing BDB/HDB Transaction Logging
Tuning Lock Files
More about Berkeley DB
Directory Overlays
A Brief Tour of the Official Overlays
Configuring an Overlay: denyop
Loading the module
Adding the Overlay
Adding Overlay-Specific Directives
Referential Integrity Overlay
Configuring the Overlay
Modifying the Records
Drawbacks
A Useful Note
The Uniqueness Overlay
Summary
6. LDAP Schemas
Introduction to LDAP Schemas
Why Do They Look So Complicated?
Schema Definitions
Object Classes and Attributes
Object Class Definitions
Attribute Definitions
Object Identifier Definitions
DIT Content Rules
Retrieving the Schemas from SLAPD
The ObjectClass Hierarchy
Attribute Hierarchies
Subordinate Attributes and Searching
Object Class Types: Abstract, Structural, and Auxiliary
The Object Class Hierarchy: An Overview
Abstract Classes
Structural Object Classes
Auxiliary Object Classes
Moving Onward
Schemas: Accesslog and Password Policy Overlays
Logging with the Accesslog Overlay
Loading the accesslog Module
Configuring the Access Log Backend
Creating A Directory for the Access Log Files
Enabling Logging for the Main Backend
The Log Records
Implementing a Complex Overlay: Password Policy
Setting the Global Directives in slapd.conf: Schema and Module
Creating a Password Policy
Configure the Over...

Table des matiĂšres