Cover image for The ABCs of LDAP

The ABCs of LDAP

Author Reinhard E. Voglmaier
Release Date: 2003/11/01
ISBN: 9780203492673
Topic:
0%
25
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

This book explores the use of Lightweight Directory Access Protocol (LDAP) as an efficient protocol. It combines all of the relevant information available on the Internet along with a number of arguments treated in the various books that are available, and provides many examples of LDAP code.

Table of Contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Table of Contents
  6. 1 The LDAP Protocol
    1. Directories and Directory Server
    2. Network Protocols
      1. The TCP/IP Protocol Stack
      2. The OSI Protocol Stack
    3. Internet Standards: RFCs
    4. DAP: X.500 Standard
    5. Finally LDAP
    6. LDAP: How It Works
    7. Under the Hood: The Database Holding Information
    8. Conclusion
    9. References
  7. 2 LDAP Basics
    1. Example: An Enterprise with a Few Departments
    2. Objects in LDAP: Object Classes, Attributes, and Schema
    3. Server Configuration
    4. First Steps with LDAP
    5. Updating a Directory with a Batch Process
    6. The LDIF Standard
    7. Ldapsearch Revisited: Search Filter
    8. LDAP: Is This a Protocol?
    9. Your Favorite Browser Speaks LDAP
    10. Conclusion
  8. 3 LDAP Models
    1. Introduction
    2. Information Model
      1. Introduction
      2. Object Classes
        1. Formal Definition of Object Classes
        2. Some Words about Object-Class Inheritance
        3. Some Examples of Object-Class Definitions
        4. Object-Class Types
      3. Object Identifiers
      4. Attribute-Type Definitions
        1. Formal Definition of Attributes
        2. Attribute Types
      5. Matching Rules
      6. Syntaxes
      7. Conclusion for Information Model
    3. Naming Model
      1. The Directory Information Tree
      2. Distinguished Name
      3. Examples of Distinguished Names
      4. Directory Suffix
      5. Aliases
      6. Referrals
      7. Distinguished-Name Syntax
      8. Last but Not Least, Information about the Server
      9. Conclusion for Naming Model
    4. Functional Model
      1. Overview of LDAP Operations
        1. Interrogation Operations
        2. Update Operations
        3. Authentication and Control Operations
      2. LDAP Operations in Detail
        1. Interrogation Operations: Search
        2. Interrogation Operations: Compare
        3. Update Operations: Add
        4. Update Operations: Delete
        5. Update Operations: Modify
        6. Update Operations: ModifyDN
        7. Authentication Operations: Bind
        8. Authentication Operations: Unbind
        9. Control Operation: Abandon
      3. Conclusion for Functional Model
    5. Security Model
      1. Authentication and Authorization
      2. Authentication
        1. Anonymous Access
        2. Basic Authentication
        3. LDAP over SSL/TLS
        4. Kerberos
        5. SASL
      3. Concluding Authentication
      4. Authorization
  9. 4 LDAP: Some Practical Details
    1. Search Revisited
      1. Query Filters
        1. equalityMatch
        2. Substring.
        3. greaterOrEqual, lessOrEqual
        4. Present
        5. approxMatch
        6. Boolean Operators: And, Or, Not
          1. Examples
        7. extensibleMatch
    2. Directory Schema Revisited
      1. Schema Descriptions
        1. ASN.l Schema Format
        2. slapd.conf Schema Format
        3. LDAP (v3) Schema Format
      2. Checking the Directory Schema
      3. Exploring the Directory Schema
      4. Extending the Directory Schema
    3. Indexes
    4. LDIF
      1. File Format
        1. Description of Directory Entries
        2. Update of Directory Entries
          1. The Add Function
          2. The Delete Function
          3. The modifyDN Function
          4. The Modify Function
      2. LDIF: Conclusion, an Example in Perl
    5. LDAP URLs
    6. Differences between LDAP (v2) and LDAP (v3)
    7. Conclusion: Work in Progress
      1. LDAP Duplication/Replication/Update Protocols (LDUP)
      2. LDAP Extensions (LDAPext)
      3. LDAP (v3) Revision (LDAPbis)
  10. 5 Distributed Architectures
    1. Introduction to Replication and Partitioning
    2. Data Distribution between LDAP and Non-LDAP Systems
    3. Partitioning
      1. What Is Partitioning?
      2. Gluing the Directories Together
      3. Referrals
      4. Examples
      5. And Now … from the Client Point of View
      6. Chaining
      7. Security Aspects Using Chaining
      8. Difference between Chaining and Referrals
    4. Replication
      1. Replication Scenarios
      2. Schema Information and ACL
      3. Single Master versus Multimaster
      4. Replication Agreements
        1. Supplier- or Consumer-Initiated Replication
        2. Frequency of Replication
        3. Unit of Replication
        4. Incremental or Total Replication
        5. Replication Account
      5. Load Sharing
      6. Security Aspects
      7. Work in Progress
    5. Data Distribution between LDAP and Non-LDAP Systems
      1. Broker
      2. Metadirectory
    6. DSML
      1. DSML Tools
      2. Castor
    7. Conclusion
  11. 6 LDAP APIs
    1. LDAP Command-Line Tools
      1. Selected Commands
        1. ldapmodify
        2. Some Examples of ldapmodify
        3. ldapsearch
        4. Some Examples of ldapsearch.
      2. Command-Line Tools: Conclusion
      3. LDAP and Programming Language Support
    2. LDAP and PHP
      1. First Steps with PHP-LDAP
      2. Authentication and Control Operations
        1. ldap_connect
        2. ldap_bind
        3. ldap_unbind
        4. ldap_close
      3. More about Authentication in a Web Environment
      4. Search and Associated Commands
        1. ldap_search
        2. ldap_read
        3. ldap_list
        4. ldap_compare
    3. Working with the Result Identifiers
      1. ldap_get_entries
      2. ldap_count_entries
      3. ldap_sort
      4. ldap_parse_result
      5. ldap_get_attributes
      6. ldap_first_entry
      7. ldap_next_entry
      8. ldap_first_attribute
      9. ldap_next_attribute
      10. ldap_get_dn
      11. ldap_get_values, ldap_get_values_len
    4. Conclusion: An Example
    5. Adding, Deleting, and Modifying Entries
      1. ldap_add
      2. ldap_delete
      3. ldap_modify
      4. ldap_rename
    6. What Remains?
    7. Perl and LDAP
      1. Our First Perl LDAP Program
      2. Perl Objects
        1. The LDAP Object
          1. Authentication/Control Methods
          2. Interrogation Methods
          3. Update Methods
          4. Schema Exploring (LDAP [v3D
          5. Callback
        2. The Search Object
        3. The Entry Object
        4. The Message Object
        5. The Reference Object
        6. The Schema Object
      3. Conclusion
        1. Scripts
      4. The C LDAP API
        1. LDAP SDK v2 versus v3
        2. Our First LDAP Program in C
        3. Structures
        4. Overview of LDAP Functions
          1. Authentication and Control Operations
          2. Interrogation Operations
          3. Iteration Commands through Results Sets
          4. Update Operations: Add, Delete, Modify DN, Modify
        5. Conclusion
      5. The Java LDAP API
        1. Our First Java Class
        2. Authentication and Control Operations
          1. Connect and Bind
          2. Unbind
          3. Clone
        3. Search and Compare Operations
          1. Search
          2. Compare
          3. Working with Search Results
          4. Working with Search Constraints
        4. Update Operations
          1. Add
          2. Delete
          3. Modify
          4. Rename
        5. LDAP URLs
        6. JNDI — Java Naming and Directory Interfaces
        7. Enterprise JavaBeans
        8. Conclusion
      6. What Is Missing
        1. Active Directory and ADSI
        2. Other Languages
  12. 7 LDAP Directory-Server Administration
    1. Open-Source Software
    2. Getting the Directory Server Up and Running
      1. Software Installation
        1. OpenLDAP Installation
          1. UNIX
          2. WIN32
        2. Sun One Installation
    3. Securing Your LDAP Server
      1. Setting Up Security in Sun One
      2. Setting Up Security in OpenLDAP
    4. LDAP Server Configuration
      1. Introduction
        1. Configure the Root DN
        2. Configure Administrator and Operator
        3. Configure the Directory Schema/Schemas
        4. Configure the Indexes
      2. Conclusion
    5. Load the Data
    6. Log Files
    7. Starting and Stopping the Server
    8. Backup and Recovery
    9. Service-Level Agreement
    10. Backup Methods
      1. Classical Backup
      2. Logical Backup of the Directory
      3. Backup via Replication
    11. System Monitoring
      1. Why Monitoring
      2. SNMP
      3. Home-Grown Solutions
        1. Use of SNMP
        2. Use the LDAP Protocol
      4. Log-File Analysis
    12. User Administration
    13. LDAP Users, Groups, and UNIX
    14. Administration Utilities
  13. 8 LDAP and Web Services
    1. Introduction
    2. LDAP URLs
    3. Application Servers
      1. Accessing an LDAP Server via CGI Scripts
    4. Accessing an LDAP Server via an Application Server
    5. Gateways
    6. Web Server Authentication
      1. Example: The auth_ldap Module for Apache
        1. The Authentication Phase
        2. The Authorization Phase
      2. LDAP Authentication Using CGI Scripts
      3. LDAP Authentication Using the PHP Preprocessor
    7. LDAP and the Web: A Case Study
      1. Requirements
      2. LDAP Internet Environment
      3. LDAP Directory
      4. LDAP Authentication and the Web Server
        1. Control if the User Is Known by the System
        2. Accept Only Members of Particular Groups
        3. Accept Only a Particular User
      5. LDAP-HTTP Gateway
      6. LDAP Application Broker
    8. Conclusion
  14. 9 The Design of Directory Services
    1. Introduction
    2. Directory Life Cycle
    3. Planning of Directory Services
      1. Goal of the Project
      2. Benefits of the Project
      3. Objectives of the Project
      4. Target of the Project
      5. Analysis of the Actual Situation
        1. Analysis of the Data to Be Held in the Directory
      6. Steps to Perform
      7. Project Plan
    4. Design of Directory Services
      1. Data Design
      2. Schema Design
      3. Tree Design
      4. Partitioning Design
      5. Replication Design
      6. Security Design
    5. Data Design
    6. Schema Design
    7. Tree Design
      1. Choosing a Root for the Directory Information Tree
      2. Branching the Directory Tree
    8. Partitioning
      1. Number of Entries Is Too High
      2. Network Traffic to the Directory Is Too High
      3. Not All of the Data Is Equally Used
      4. Some Line Segments Become Overloaded
      5. Partitioning and Namespace
    9. Replication
      1. Network Traffic to the Directory Is Too High
      2. Some Line Segments Become Overloaded
      3. Replication and Namespace
    10. Security Design
      1. Authentication
      2. Authorization
      3. Protection of the Data
    11. Conclusion
  15. Appendix A Acronyms
  16. Appendix B LDAP Requests for Comments and Drafts
    1. LDAP RFCs
    2. Comments about the Most Important LDAP RFCs
    3. List of LDAP RFCs
    4. Work in Progress
    5. LDAP (v3) Revision (ldapbis)
    6. LDAP Duplication/Replication/Update Protocols (ldup)
  17. Appendix C Useful Links
    1. General
    2. LDAP Clients
    3. OIDs and Standards
    4. Tutorials and How-Tos
    5. Security
    6. SNMP
    7. LDAP API
    8. LDAP Server Implementations
      1. Free Implementations
      2. Commercial Implementations
  18. Appendix D Standards
    1. Object Classes
    2. Attribute Types
  19. Appendix E Configuration of OpenLDAP
    1. Configuration Files
    2. Configuration File of the OpenLDAP Server
    3. The Global Section
      1. Access Control Information
      2. Schema Information
      3. Log Information
      4. Resource Limitations
      5. Referrals
    4. Back-end and Database Sections
  20. Appendix F Playing with Replication in OpenLDAP
  21. Appendix G Playing with OpenLDAP Proxy Server
    1. The Back End
    2. What We Will Need
    3. Compiling the OpenLDAP Proxy
    4. Running the OpenLDAP Proxy
    5. Further Capabilities
    6. The Meta Back End
  22. Index
3.16.83.150