LDAP System Administration

February 22, 2015 @ 2:20 am

LDAP System Administration

Gerald Carter

Language: English

Pages: 312

ISBN: 1565924916

Format: PDF / Kindle (mobi) / ePub


Be more productive and make your life easier. That's what LDAP System Administration is all about.System administrators often spend a great deal of time managing configuration information located on many different machines: usernames, passwords, printer configurations, email client configurations, and network filesystem configurations, to name a few. LDAPv3 provides tools for centralizing all of the configuration information and placing it under your control. Rather than maintaining several administrative databases (NIS, Active Directory, Samba, and NFS configuration files), you can make changes in only one place and have all your systems immediately "see" the updated information.Practically platform independent, this book uses the widely available, open source OpenLDAP 2 directory server as a premise for examples, showing you how to use it to help you manage your configuration information effectively and securely. OpenLDAP 2 ships with most Linux® distributions and Mac OS® X, and can be easily downloaded for most Unix-based systems. After introducing the workings of a directory service and the LDAP protocol, all aspects of building and installing OpenLDAP, plus key ancillary packages like SASL and OpenSSL, this book discusses:

  • Configuration and access control
  • Distributed directories; replication and referral
  • Using OpenLDAP to replace NIS
  • Using OpenLDAP to manage email configurations
  • Using LDAP for abstraction with FTP and HTTP servers, Samba, and Radius
  • Interoperating with different LDAP servers, including Active Directory
  • Programming using Net::LDAP

If you want to be a master of your domain, LDAP System Administration will help you get up and running quickly regardless of which LDAP version you use. After reading this book, even with no previous LDAP experience, you'll be able to integrate a directory server into essential network services such as mail, DNS, HTTP, and SMB/CIFS.

The Definitive Guide to Apache mod_rewrite

The Second Machine Age: Work, Progress, and Prosperity in a Time of Brilliant Technologies

QOS-Enabled Networks: Tools and Foundations (2nd Edition) (Wiley Series on Communications Networking & Distributed Systems)

Guide to Parallel Operating Systems with Windows 7 and Linux (2nd Edition)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

terminal listed in /etc/securetty. The final PAM module, pam_nologin.so, results in all logins except root failing if the file /etc/nologin exists. These modules are processed in order. You should examine for yourself what will occur in the following scenario. Assuming that the file /etc/nologin exists, what users will be able to log onto the system? The answer is that only the root account will be able to log on but only from a secure console. How would this be different if the control flag in

a response to the client's bind request as usual, and LDAP communication continues normally. Distributed Directories At this point we have completed examining the simple directory of Figure 2-1. Since we have covered the basics, let's expand Figure 2-1 to create a distributed directory. In a distributed directory, different hosts possess different portions of the directory tree. Figure 2-9 illustrates how the directory would look if the people ou were housed on a separate host. There

The needs of the applications that will use the directory determine which schema you use. All the attributeType and objectClass definitions required for a bare-bones server are included in the file core.schema. Some of these attributeTypes and objectClasses are: Attributes for storing the timestamp of the last update on an entry Attributes for representing name, locations, etc. Objects to represent an organization or person Objects to represent DNS domain names And so on . . . By

ldap.plainjoe.org´)dnl The ALIAS_FILE definition will contain the base suffix, search filter, and requested attribute values. By default, Sendmail uses a subtree scope, which is fine for the alias searches: define(`ALIAS_FILE´, `ldap:-k (&(objectClass=sendmailMTAAliasObject)(sendmailMTAKey=%0)) -v sendmailMTAAliasValue -b "ou=aliases,ou=sendmail,ou=services,dc=plainjoe,dc=org"´)dnl After generating and installing the new sendmail.cf file: $ cd sendmail-8.12.6/cf/cf $ sh Build

are wrapped in a do . . . while loop to ensure that you have a valid UID upon exit. You perform a one-level search because the uidPool object is assumed to be stored directly under the search base (e.g., dc=plainjoe,dc=org). The actual location of the pool in the directory is an arbitrary choice, of course. If the search fails, either by returning an error or because of an empty list, get_next_uid( ) fails and returns an invalid UID value (-1): do { $msg = $ldap->search( base =>

Download sample

Download

About admin