ldapv3.pdf 7947KB Apr 17 2013 11:30:42 AM - mirror omadata

More documents

Recommendations

Info

The shadowLastChange Bug If a user's object has an objectclass of shadowAccount, upon changing or setting the password, pam_ldap.so will attempt to update the shadow attribute shadowLastChange. The userpasswd attribute is modified via a binding either the DN defined in /etc/ldap.conf (passwd command executed as the superuser) or as the user's dn (passwd command executed by the user). The shadowLastChange attribute should be modified in the context of the same binding, however, prior to version XXX of pam_ldap.so the P<strong>AM</strong> module would rebind annonymously in order to modify shadowLastChange. This caused the updating of shadowLastChange to fail unless anonymous binds were permitted write authortity on the attribute (a bad idea). A user does require the ability to modify their own shadowLastChange attribute in order to provide shadow functionality via pam_ldap.so.
Page 1 and 2:
LDAP and OpenLDAP (on the Linux Pla
Page 3 and 4:
KLUG The master copy of this docume
Page 5:
Versions For the most part this doc
Page 8 and 9:
What is a directory? A directory is
Page 10 and 11:
¤¥ § ¨ © ¨ ¨ £¡ ¡
Page 12 and 13:
Requirements An LDAPv3 compliant di
Page 14 and 15:
Gotcha: “requested“ protocol ve
Page 16 and 17:
Multi-Valued RDNs While most object
Page 19 and 20:
Schema A directory has a schema sim
Page 21 and 22:
1.1.x It is true that the 1.1.x OID
Page 23 and 24:
WARNING (Object Class Type) Early O
Page 25 and 26:
Attribute Schema OID Name (alias fo
Page 27 and 28:
Attribute Syntaxes Data Type OID De
Page 29:
The OID is the truth. The names of
Page 32 and 33:
Illegal Partitions The law of parti
Page 34:
Subordinate Information Subordinate
Page 37 and 38:
Operational ACI Attributes If your
Page 39 and 40:
subSchema One of the most useful bi
Page 41 and 42:
The ManageDsaIT Control OID: 2.16.8
Page 43 and 44:
The "alias" object The alias object
Page 45 and 46:
Start TLS Extended Operation OID: 1
Page 47:
2.1.x hasSubordinates Only implemen
Page 50 and 51:
Supported `Advanced' Features Featu
Page 52 and 53:
The Config Files Configuration file
Page 54 and 55:
slapd.conf (defaultsearchbase) The
Page 56 and 57:
equire The require configuration di
Page 58 and 59:
loglevel The loglevel directive con
Page 60 and 61:
Checking the SSL Configuration Once
Page 62:
Supported Bind Types Depending on h
Page 65 and 66:
SASL RPMs Redhat 8.0 is the first t
Page 67 and 68:
SASL Methods PLAIN (AUXPROP, SASLAU
Page 69 and 70:
C? KP Q >C >GP X O X > NN>K?[ TM >P
Page 71 and 72:
saslpasswd & saslpasswd2 saslpasswd
Page 73 and 74:
PLAIN Authentication PLAIN SASL aut
Page 75 and 76:
2.1.x Authentication Request DN Map
Page 77 and 78:
2.1.x sasl-regexp rewrite pattern s
Page 79 and 80:
OpenLDAP + SASL + PAM 1. Make sure
Page 81 and 82:
OpenLDAP + SASL + GSSAPI (OpenLDAP
Page 83 and 84:
OpenLDAP + SASL + GSSAPI (OpenLDAP
Page 86 and 87:
slapd.conf (Database) # ldbm databa
Page 88 and 89:
ack-ldbm back-ldbm is the standard
Page 90 and 91:
ack-bdb back-bdb configuration dire
Page 92 and 93:
ack-sql The SQL backend is not buil
Page 94 and 95:
ack-shell The back-shell backend al
Page 96 and 97:
LDAP Indexes pres - An index of wha
Page 99 and 100:
Buffer Stuffing (Single Threaded In
Page 101 and 102:
Filesystem Since the LDAP database
Page 103 and 104:
Journalized Filesystems Journalized
Page 106 and 107:
The purpose of back-sql The back-sq
Page 108 and 109:
Mapping Concept back-sql uses a set
Page 110 and 111:
Objectclass Mappings ldap_oc_mappin
Page 112 and 113:
Attribute Mappings Stored procedure
Page 114 and 115:
Objectclass Mapping ldap_entry_objc
Page 116 and 117:
Stored Procedures
Page 118:
Using Triggers & Events
Page 121 and 122:
Replication Diagram Replication Dia
Page 123 and 124:
Populating Slaves One of the most d
Page 125 and 126: The Replication Log On serveral dis
Page 127 and 128: The Rejection Log The rejection log
Page 129 and 130: Chasing Referrals If a client submi
Page 132 and 133: The ACL Stack Access control for ob
Page 134 and 135: Default Access defaultaccess { none
Page 136 and 137: Examples The following are example
Page 138 and 139: dnattr The dnattr matching construc
Page 140 and 141: {}|~ € ‚ z x¢y w ttuv z ‡ ˆ
Page 142 and 143: children & entry The ability to cre
Page 144: A Limitation? One "limitation" of O
Page 147 and 148: Advantages of ACI The single bigges
Page 149 and 150: OpenLDAPacl & OpenLDAPaci Every obj
Page 151 and 152: The ACI ACL (OpenLDAPaci) In order
Page 153 and 154: OpenLDAPaci: Rights The rights fiel
Page 156 and 157: RFC2798 (inetOrgPerson) The inetOrg
Page 158 and 159: RFC2739 http://www.faqs.org/rfcs/rf
Page 160 and 161: Hierarchy: cosine.schema dSA pilotD
Page 162 and 163: Hierarchy: Kerberos V & Samba krb5-
Page 165 and 166: syslog On most platforms OpenLDAP u
Page 167 and 168: etc/openldap/ldap.conf The defaults
Page 169 and 170: The LDAP PAM Module PAM is a system
Page 171 and 172: A PAM LDAP login file #%PAM-1.0 aut
Page 173 and 174: etc/ldap.conf timelimit 30 The maxi
Page 175: passwd PAM file (/etc/pam.d/passwd)
Page 179 and 180: Using the scripts... The file migra
Page 181 and 182: Extended Migration An extended migr
Page 185: LDAP URLs Syntax ldap[1]://:/??? Se
Page 188 and 189: posixGroup Object An entry of users
Page 190 and 191: ipService Object An entry such of j
Page 192: ipProtocol Object An entry of pipe
Page 195 and 196: Contents Of An SRV Record Service.P
Page 197 and 198: SRV records and bind Very late vers
Page 199: Non-Conformists pam_ldap The curren
Page 202: Public SRV Records
Page 205 and 206: Loading Tip: Normalize DN The LDAP
Page 207 and 208: Invalid Data If, when trying to loa
Page 209: Binary Data Some attributes, jpegPh
Page 212 and 213: LDIF LDAP Directory Information Fil
Page 214 and 215: ldapsearch ldapsearch [options] [qu
Page 216 and 217: ldapmodify / ldapadd The ldapmodify
Page 218 and 219: Binding with the utilities.... If y
Page 220: slapcat slapcat is the functional o
Page 223 and 224: gq (Object browser and editor)
Page 225 and 226: ldapdiff (http://webtomware.rhoen.d
Page 227 and 228:
KDE Directory Administrator (http:/
Page 229 and 230:
Directory Administrator Directory A
Page 231 and 232:
pdb2ldif (http://uslinux.net/script
Page 233 and 234:
ISPMan: Schema Editor Available at
Page 235 and 236:
LDAPUtils (http://fanying.fanying.c
Page 237 and 238:
squid_ldap_auth (http://sourceforge
Page 239 and 240:
ldap2nis (http://ldapconsole.source
Page 241 and 242:
Sympa http://www.sympa.org/ Sympa i
Page 243 and 244:
MaxWare Directory Explorer Version
Page 245 and 246:
LDAP Browser/Editor The LDAP Browse
Page 247:
pGina http://pgina.cs.plu.edu/index
Page 250 and 251:
saslauthd Options saslauthd a authm
Page 252 and 253:
saslauthd Options saslauthd a authm
Page 254 and 255:
saslauthd -a ldap saslauthd -a ldap
Page 256 and 257:
saslauthd -a ldap saslauthd -a ldap
Page 258:
saslauthd -a ldap LDAP related sasl
Page 261 and 262:
LDAP Mail Routing (draft-lachman-la
Page 263 and 264:
m4: LDAPROUTE_DOMAIN The behaviour
Page 265 and 266:
LDAP Mail Routing + sendmail The si
Page 267 and 268:
fc822 + sendmail Most distributions
Page 269 and 270:
LDAP SMTP Access Control One exampl
Page 271 and 272:
LDAP SMTP Access Control attributet
Page 273 and 274:
sendmailMTACluster attributetype (
Page 275 and 276:
sendmailMTA objectclass ( 1.3.6.1.4
Page 277 and 278:
sendmailMTAMapName attributetype (
Page 279 and 280:
sendmailMTAMap objectclass ( 1.3.6.
Page 281 and 282:
sendmailMTAAliasGrouping & sendmail
Page 283 and 284:
sendmailMTAAliasObject objectclass
Page 285 and 286:
sendmailMTAClass objectclass ( 1.3.
Page 287 and 288:
Configuring GNARWL /etc/gnarwl.cfg
Page 289 and 290:
The GNARWL Database
Page 291 and 292:
The PDC Tree ou=People,dc=Whitemice
Page 293 and 294:
The Samba Schema By default the Sam
Page 295 and 296:
ldap ssl =
Page 297 and 298:
uids, gids, and rids UNIX operating
Page 299 and 300:
Machine Accounts Beginning with NT4
Page 301 and 302:
Samba User Attributes ntPassword -
Page 303 and 304:
Samba Password Management
Page 305 and 306:
Migrating smbpasswd PHP smbpasswd r
Page 307:
Samba Versions The LDAP support in
Page 310 and 311:
Authentication Schemes --enable-bas
Page 312 and 313:
squid_pam_auth http://squid.sourcef
Page 314 and 315:
squid-ldap-match http://marasystems
Page 316 and 317:
squid_ldap_match squid_ldap_match -
Page 318 and 319:
squid_ldap_match squid_ldap_match -
Page 321 and 322:
ind & Openldap As of version 9.0 bi
Page 323 and 324:
The dnsZone Schema While the standa
Page 325 and 326:
objectclass: dNSZone (2/4) A very b
Page 327 and 328:
objectclass: dNSZone (4/5) The dnsZ
Page 329 and 330:
objectclass: dNSZone (6/6) dn: rela
Page 331 and 332:
Query Specifics It is very simple t
Page 333:
zone2ldap zone2ldap is a utility fo
Page 336 and 337:
The DHCP LDAP Patch http://www.neww
Page 338 and 339:
DHCP Schema In order to contain the
Page 340 and 341:
An Example Tree dc=Whitemice,dc=Org
Page 342 and 343:
dn: cn=192.168.3.0,cn=whitemice-dhc
Page 344:
dn: cn=xterm1,cn=group,cn=whitemice
Page 348 and 349:
Password Authentication Protocol Al
Page 350 and 351:
Microsoft Challange Host Au- thenti
Page 352 and 353:
LDAP chap-secrets entry An explanat
Page 354:
PoPToP http://www.poptop.org PoPToP
Page 357 and 358:
Sources Multiple address books (cal
Page 359 and 360:
Turba Source Maps The map array con
Page 361 and 362:
Turba Attribute Declaration Attribu
Page 363 and 364:
Turba LDAP Personal Address Book Th
Page 366 and 367:
What is pine? http://www.washignton
Page 368 and 369:
Using The DSA CTRL-T Select DSA Ent
Page 370:
Trianii http://www.edlund.org/hacks
Page 373 and 374:
State Of LDAP Support While Evoluti
Page 375 and 376:
evolutionPerson
Page 377 and 378:
Setting Up An LDAP Addressbook Name
Page 379 and 380:
Contact Details (Dialog relations t
Page 381:
Contact Details calCalURI Free/Busy
Page 384:
! ! òñðõõ ò ë}ô ó òñðõ
Page 388 and 389:
Color Coding How the attribute of a
Page 390 and 391:
Create With Template
Page 392:
Viewing Complex Attributes GQ has b
Page 395 and 396:
Bug#4607 Versions of Open Office, u
Page 397 and 398:
Creating an LDAP Data Source Under
Page 399 and 400:
Using The Address Book To insert da
Page 401:
Use The Address Book Results The re
Page 404 and 405:
NetMeeting Directory Kit (http://vy
Page 406 and 407:
PURRO VXW RK R JLKM PLQ ON QQZ M K
Page 408 and 409:
OpenLDAP as an ILS Agent (Initializ
Page 410 and 411:
OpenLDAP as an ILS Agent (Starting
Page 412 and 413:
GNOMEMeeting and ILS Entry your ILS
Page 414 and 415:
NetMeeting & ILS The comment is NOT
Page 416 and 417:
Breaking NetMeeting Exclusivity Net
Page 419 and 420:
DSML (http://www.dsml.org) DSML (Di
Page 421 and 422:
URI Declaration What does DSML look
Page 423 and 424:
DSML & XML-RPC (http://www.worldspo
Page 425 and 426:
Using the DSML Utilities You need t
Page 428 and 429:
What is xmlBlaster? http://www.xmlb
Page 430 and 431:
LDAP Module Limitations (From the L
Page 432 and 433:
What is Active Directory Active Dir
Page 434:
SRV records used by AD _ldap._tcp.d
Page 437 and 438:
ldap_connect The first step to cont
Page 439 and 440:
Control LDAP_OPT_DEREF LDAP_OPT_SIZ
Page 441 and 442:
ldap_get_option boolean ldap_get_op
Page 443 and 444:
ldap_unbind boolean ldap_unbind (re
Page 445 and 446:
ldap_errno Error Constant Value LDA
Page 447 and 448:
ldap_search resource ldap_search(re
Page 449 and 450:
ldap_get_entries array ldap_get_ent
Page 451 and 452:
ldap_compare Since LDAP permits the
Page 453 and 454:
ldap_delete boolean ldap_delete(res
Page 455 and 456:
ldap_mod_del boolean ldap_mod_del(r
Page 458 and 459:
Synchronous & Asynchronous
Page 460 and 461:
ldap_set_option The ldap_set_option
Page 462 and 463:
ldap_bind method parameter int ldap
Page 464 and 465:
ldap_search_parameters int ldap_sea
Page 466 and 467:
ldap_first_entry LDAPMessage* ldap_
Page 468 and 469:
ldap_get_dn char* ldap_get_dn(LDAP*
Page 470 and 471:
ldap_next_attribute char* ldap_next
Page 472 and 473:
ldap_count_values int ldap_count_va
Page 474 and 475:
int ldap_msgfree(LDAPMessage* msg)
Page 476 and 477:
ldap_perror void ldap_perror(LDAP*
Page 478 and 479:
Simple C LDAP Query init & bind Hos
Page 480 and 481:
printf("Objects Found: %d\n", ldap_
Page 482 and 483:
Simple C LDAP Query Close it up if
Page 484 and 485:
ldap_modify & ldap_modify_s
Page 486 and 487:
ldap_delete & ldap_delete_s
Page 489 and 490:
AIX and OpenLDAP AIX is a descenden
Page 491 and 492:
Compiling NSS LDAP on AIX tar -xvf
Page 493 and 494:
Authentication via NSS LDAP /etc/se
Page 495 and 496:
hosts local merge hosts dns service
Page 497 and 498:
NSORDER The NSORDER enviroment vari
Page 499 and 500:
¨ ¨ ¨ ¨
show all

ldapv3.pdf 7947KB Apr 17 2013 11:30:42 AM - mirror omadata

Create successful ePaper yourself

Delete template?

Save as template?