Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Mastering OpenLDAP
Table of Contents Mastering OpenLDAP Credits About the Author About the Reviewers Preface
What This Book Covers What You Need for This Book Conventions Reader Feedback Customer Support
Downloading the Example Code for the Book Errata Questions
1. Directory Servers and LDAP
LDAP Basics
What is a Directory? The Structure of a Directory Entry A Unique Name: The DN An Example LDAP Entry
The Object Class Attribute Operational Attributes
The Directory Information Tree What to Do with an LDAP Server
The History of LDAP and OpenLDAP A Technical Overview of OpenLDAP
The Server Clients Utilities Libraries
Summary
2. Installation and Configuration
Before Getting Started
OpenLDAP Binaries for Operating Systems
Commercial OpenLDAP Distribution Source Code Compilation
A Quick Note on Versions
Installation
Dependencies Installing OpenLDAP
Configuring the SLAPD Server
Basics
Schemas More Directives Module Directives
Database Configuration ACLs Verifying a Configuration File
Starting and Stopping the Server
Using the Init Script Running SLAPD Directly
Configuring the LDAP Clients
A Basic ldap.conf File
Size and Time Limits
Testing the Server Summary
3. Using OpenLDAP
A Brief Survey of the LDAP Suite LDAP from the Server Side
SLAPD
The Binding Operation The Search Operation More Operations: Additions, Modifications, and Deletions
The Addition Operation The Modification Operation The Delete Operation
Infrequent Operations
The ModifyDN Operation The Compare Operation The Extended Operation
SLAPD Summary
SLURPD
Creating Directory Data
The LDIF File Format
Anatomy of an LDIF File Representing Attribute Values in LDIF
Example.Com in LDIF
Defining the Base DN Record Structuring the Directory with Organizational Units
Theory 1: Directory as Organizational Chart Theory 2: Directory as IT Service Expressing the OUs in LDIF
Adding User Records Adding System Records Adding Group Records
The Complete LDIF File
Using the Utilities to Prepare the Directory
slapadd
When Should slapadd be Used? What Does slapadd Do? Loading the LDIF File
Stopping the Server Running ldapadd in Test Mode Importing the Records Using slapadd Restarting the Directory If Something Went Wrong... Destroying and Recreating the Directory Files
slapindex slapcat
Operational Attributes
slapacl slapauth slapdn slappasswd
Storing and Using Passwords in OpenLDAP Generating a Password with slappasswd
slaptest
Performing Directory Operations Using the Clients
Common Command-Line Flags
Common Flags Setting Defaults in ldap.conf
ldapsearch
A Simple Search Restricting Returned Fields Requesting Operational Attributes Searching Using a File
ldapadd
Adding Records from a File
ldapmodify
Adding a Record with ldapmodify Modifying Existing Records Modifying the Relative DN
Moving a Record with modrdn
Deleting Entire Records
ldapdelete ldapcompare ldapmodrdn
Modifying the Superior DN with ldapmodrdn
ldappasswd ldapwhoami
Summary
4. Securing OpenLDAP
LDAP Security: The Three Aspects Securing Network-Based Directory Connections with SSL/TLS
The Basics of SSL and TLS
Authenticity Encryption StartTLS
Creating an SSL/TLS CA Creating a Certificate
Creating a New Certificate Request Signing the Certificate Request Configuring and Installing the Certificates
Remove the Pass Phrase from the Key Relocate the Certificates Install the CA Certificate Optional: Clean Up
Configuring StartTLS Configuring Client TLS Configuring LDAPS
Debugging with the OpenSSL Client
Using Security Strength Factors
The security Directive
A Fine-Grained security Directive
Authenticating Users to the Directory
Simple Binding
Using an Authentication User for Simple Binding
SASL Binding
Configuring Cyrus SASL
The SASL Configuration File Setting a User Password
Configuring SLAPD for SASL Support
Using a Replacement String in authz-regexp Using a Search Filter in authz-regexp A Note on ACLs and Search Filters Failure of Mapping Removing the Need to Specify the Realm Debugging the SASL Configuration
Using Client SSL/TLS Certificates to Authenticate
Creating a New Client Certificate Configuring the Client Configuring the Server Testing with ldapwhoami Going Further with SASL
Controlling Authorization with ACLs
The Basics of ACLs Access to [resources]
Access using DN Access using attrs Access using Filters Combining Access Specifiers
By [who] [type of access granted] [control]
The Access Field The who Field
The * and anonymous Specifiers The self Specifier The users Specifier The dn Specifier Groups and Members Member-Based Record Access Network, Connections, and Security Advanced Step: Using the set Specifier
The control Field
Getting More from Regular Expressions Debugging ACLs A Practical Example
Summary
5. Advanced Configuration
Multiple Database Backends
The slapd.conf File Creating and Importing a Second Directory
Performance Tuning
Performance Directives
Global Directives
Time Limits Idle Timeouts Size Limits Threads
Directives in the Database Section
Limits Read-only and Restrict Directives Index (BDB/HDB Backends Only) Controlling the Cache (BDB/HDB Only) Reducing Disk I/O Latency (BDB/HDB Only)
The DB_CONFIG File
Setting the Cache Size Configuring the Data Directory Optimizing BDB/HDB Transaction Logging Tuning Lock Files More about Berkeley DB
Directory Overlays
A Brief Tour of the Official Overlays Configuring an Overlay: denyop
Loading the module Adding the Overlay Adding Overlay-Specific Directives
Referential Integrity Overlay
Configuring the Overlay Modifying the Records Drawbacks A Useful Note
The Uniqueness Overlay Summary
6. LDAP Schemas
Introduction to LDAP Schemas
Why Do They Look So Complicated? Schema Definitions Object Classes and Attributes Object Class Definitions Attribute Definitions Object Identifier Definitions DIT Content Rules Retrieving the Schemas from SLAPD
The ObjectClass Hierarchy
Attribute Hierarchies
Subordinate Attributes and Searching
Object Class Types: Abstract, Structural, and Auxiliary
The Object Class Hierarchy: An Overview Abstract Classes Structural Object Classes Auxiliary Object Classes
Moving Onward
Schemas: Accesslog and Password Policy Overlays
Logging with the Accesslog Overlay
Loading the accesslog Module Configuring the Access Log Backend Creating A Directory for the Access Log Files Enabling Logging for the Main Backend The Log Records
Implementing a Complex Overlay: Password Policy
Setting the Global Directives in slapd.conf: Schema and Module Creating a Password Policy Configure the Overlay Directives Test the Overlay Password Policy Operational Attributes Summary of ppolicy Operational Attributes
Creating a Schema
Getting an OID Giving Our OID a Name Creating Object Classes Creating Attributes Loading the New Schema
Troubleshooting Schema Loading
A New Record
Summary
7. Multiple Directories
Replication: An Overview
SyncRepl
Configuring SyncRepl
Configuring the Master Server
Creating a SyncRepl User
Configuring the Shadow Server
The syncrepl Directive Configuring a Referral
Starting Replication
For Larger Directories...
Delta SyncRepl
The Master Server's Configuration The Shadow Server's Configuration
Debugging SyncRepl
Starting Over Strategic Logging A Few Common Mistakes
Configuring an LDAP Proxy
Using the LDAP Backend
Using Identity Management Features
Turning the Simple Proxy into a Caching Proxy
Notes on the Attribute Sets and Templates
A Translucent Proxy
Summary
8. LDAP and the Web
The LDAP-Aware Application Apache and LDAP
A Short Guide to Installing Apache Configuring LDAP Authentication
Loading the Modules Editing the default Configuration File
The Directory Section—Apache 2.2 Changes in Apache 2.0
Other Features of the Require Parameter
phpLDAPadmin
Prerequisites Installing phpLDAPadmin
Is Your Package Broken?
Configuring phpLDAPadmin
A Basic Look at Configuration Parameters
Setting a variable Calling a function Setting an Array Value
Configuring the LDAP Server Settings
A First Look at phpLDAPadmin
Navigating phpLDAPadmin Viewing and Modifying a Record Adding a New Record Searching with phpLDAPadmin
Summary
A. Building OpenLDAP from Source
Why Build from Source? Getting the Code The Tools for Compiling
Build Tools Installing Dependencies
Compiling OpenLDAP
Configuring Building with make
Installation Building Everything Summary
B. LDAP URLs
The LDAP URL Common Uses of LDAP URLs
Not all LDAP URLs are for Searching
For More Information on LDAP URLs... Summary
C. Useful LDAP Commands
Getting Information about the Directory
The Root DSE The Subschema Record The Configuration Record
Making a Directory Backup
A Backup Copy of the Directory Database An LDIF Backup File
Rebuilding a Database (BDB, HDB)
Step 1: Stop the Server Step 2: Dump the Database Step 3: Delete the Old Database Files Step 4: Create a New Database Step 5: Restart SLAPD Troubleshooting Rebuilds
Summary
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion