Lightweight Directory Access Protocol is used for providing data for the individuals or system users or network devices and the systems in network which require authentication or information from the network. This can be useful for network authentication for critical data or to share address books between the email clients on the network.
LDAP was developed as a protocol to provide centralized and secure access to resources over the network. The earlier standard that was in use was X.500, this was developed towards 1988. X.500 was developed with hierarchial name space and was able to maintain a large quantity of information. There was specific communication link maintained between the directory client and the directory server and the protocol in use was named as Directory Access Protocol.
The X.500 protocol was mainly an application layer protocol and required the whole of OSI level to be installed for successful working. This was the major drawback, since the installation and setting of OSI layers will require high resources and the implementation of directory access protocol at a smaller level of organization will be cost intensive.
LDAP came into existence with protocol much less resource intensive and also had the use of TCP/IP stack compared to the OSI model which was earlier implemented. The LDAP had used few features from the X.500 and was able to remove few resource intensive features from the model.
Installation
The installation of LDAP is mainly with RPMs for redhat based systems and you will need the RPMs:
openldap-2.0.27-8
nss_ldap-202-5
openldap-clients-2.0.27-8
openldap-servers-2.0.27-8
openldap12
normall the redhat systems will work with the above details but some may require these additional packages:
slapd, ldap-utils, libldap2, libldap2-dev
configuration
The major configuration files with LDAP are at:
/etc/openldap/slapd.conf
The configuration contains the details of hostname, domain info, admin info and references.
Sample configuration of slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
#include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/redhat/rfc822-MailMember.schema
#include /etc/openldap/schema/redhat/autofs.schema
#include /etc/openldap/schema/redhat/kerberosobject.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
#pidfile /var/run/slapd.pid
#argsfile /var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# To allow TLS-enabled connections, create /usr/share/ssl/certs/slapd.pem
# and uncomment the following lines.
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
#suffix "dc=stooges,dc=org"
suffix "o=stooges"
rootdn "cn=StoogeAdmin,o=stooges"
rootpw secret1
directory /var/lib/ldap/stooges
defaultaccess read
schemacheck on
lastmod on
#allow *
# Indices to maintain
#index objectClass eq
#index objectClass,uid,uidNumber,gidNumber eq
#index cn,mail,surname,givenname eq,subinitial
index cn,sn,st eq,pres,sub
database ldbm
suffix "o=delta"
# Only one suffix allowed per database
#suffix "dc=delta,dc=org"
rootdn "cn=DeanWormer,o=delta"
rootpw secret2
directory /var/lib/ldap/fraternity
defaultaccess read
schemacheck on
lastmod on
index cn,sn,st eq,pres,sub
--------------------------------------------------
0 comments:
Post a Comment