ldapv3.pdf 7947KB Apr 17 2013 11:30:42 AM - mirror omadata

More documents

Recommendations

Info

Root Referrals To configure with OpenLDAP's slapd to redirect clients to this global root server, add the following to your slapd.conf file: referral ldap://root.openldap.org:389 Other servers have similiar configuration directives. Check your server document under "default" or "superior" referral. To allow your Internet (DC) style DNs to be located, you must add a DNS RR to your zone. For "dc=example,dc=net" hosted at ldap://ldap.example.net:389, you would add the RR: _ldap._tcp.example.net IN SRV 0 0 389 ldap.example.net. After loading the above, you should then be able to do: % ldapsearch -R -b "dc=example,dc=net" -h root.openldap.org "(objectclass=*)" This should return: ldap_search: Partial results and referral received additional info: Referral: ldap://ldap.example.net:389 To configure with OpenLDAP slapd to redirect clients to this global root server, add the following to your slapd.conf file: referral ldap://root.openldap.org:389 http://www.openldap.org/faq/data/cache/393.html
Page 1 and 2:
LDAP and OpenLDAP (on the Linux Pla
Page 3 and 4:
KLUG The master copy of this docume
Page 5:
Versions For the most part this doc
Page 8 and 9:
What is a directory? A directory is
Page 10 and 11:
¤¥ § ¨ © ¨ ¨ £¡ ¡
Page 12 and 13:
Requirements An LDAPv3 compliant di
Page 14 and 15:
Gotcha: “requested“ protocol ve
Page 16 and 17:
Multi-Valued RDNs While most object
Page 19 and 20:
Schema A directory has a schema sim
Page 21 and 22:
1.1.x It is true that the 1.1.x OID
Page 23 and 24:
WARNING (Object Class Type) Early O
Page 25 and 26:
Attribute Schema OID Name (alias fo
Page 27 and 28:
Attribute Syntaxes Data Type OID De
Page 29:
The OID is the truth. The names of
Page 32 and 33:
Illegal Partitions The law of parti
Page 34:
Subordinate Information Subordinate
Page 37 and 38:
Operational ACI Attributes If your
Page 39 and 40:
subSchema One of the most useful bi
Page 41 and 42:
The ManageDsaIT Control OID: 2.16.8
Page 43 and 44:
The "alias" object The alias object
Page 45 and 46:
Start TLS Extended Operation OID: 1
Page 47:
2.1.x hasSubordinates Only implemen
Page 50 and 51:
Supported `Advanced' Features Featu
Page 52 and 53:
The Config Files Configuration file
Page 54 and 55:
slapd.conf (defaultsearchbase) The
Page 56 and 57:
equire The require configuration di
Page 58 and 59:
loglevel The loglevel directive con
Page 60 and 61:
Checking the SSL Configuration Once
Page 62:
Supported Bind Types Depending on h
Page 65 and 66:
SASL RPMs Redhat 8.0 is the first t
Page 67 and 68:
SASL Methods PLAIN (AUXPROP, SASLAU
Page 69 and 70:
C? KP Q >C >GP X O X > NN>K?[ TM >P
Page 71 and 72:
saslpasswd & saslpasswd2 saslpasswd
Page 73 and 74:
PLAIN Authentication PLAIN SASL aut
Page 75 and 76:
2.1.x Authentication Request DN Map
Page 77 and 78:
2.1.x sasl-regexp rewrite pattern s
Page 79 and 80:
OpenLDAP + SASL + PAM 1. Make sure
Page 81 and 82:
OpenLDAP + SASL + GSSAPI (OpenLDAP
Page 83 and 84:
OpenLDAP + SASL + GSSAPI (OpenLDAP
Page 86 and 87:
slapd.conf (Database) # ldbm databa
Page 88 and 89:
ack-ldbm back-ldbm is the standard
Page 90 and 91:
ack-bdb back-bdb configuration dire
Page 92 and 93:
ack-sql The SQL backend is not buil
Page 94 and 95:
ack-shell The back-shell backend al
Page 96 and 97:
LDAP Indexes pres - An index of wha
Page 99 and 100:
Buffer Stuffing (Single Threaded In
Page 101 and 102:
Filesystem Since the LDAP database
Page 103 and 104:
Journalized Filesystems Journalized
Page 106 and 107:
The purpose of back-sql The back-sq
Page 108 and 109:
Mapping Concept back-sql uses a set
Page 110 and 111:
Objectclass Mappings ldap_oc_mappin
Page 112 and 113:
Attribute Mappings Stored procedure
Page 114 and 115:
Objectclass Mapping ldap_entry_objc
Page 116 and 117:
Stored Procedures
Page 118:
Using Triggers & Events
Page 121 and 122:
Replication Diagram Replication Dia
Page 123 and 124:
Populating Slaves One of the most d
Page 125 and 126:
The Replication Log On serveral dis
Page 127 and 128:
The Rejection Log The rejection log
Page 129 and 130:
Chasing Referrals If a client submi
Page 132 and 133:
The ACL Stack Access control for ob
Page 134 and 135:
Default Access defaultaccess { none
Page 136 and 137:
Examples The following are example
Page 138 and 139:
dnattr The dnattr matching construc
Page 140 and 141:
{}|~ € ‚ z x¢y w ttuv z ‡ ˆ
Page 142 and 143:
children & entry The ability to cre
Page 144:
A Limitation? One "limitation" of O
Page 147 and 148:
Advantages of ACI The single bigges
Page 149 and 150: OpenLDAPacl & OpenLDAPaci Every obj
Page 151 and 152: The ACI ACL (OpenLDAPaci) In order
Page 153 and 154: OpenLDAPaci: Rights The rights fiel
Page 156 and 157: RFC2798 (inetOrgPerson) The inetOrg
Page 158 and 159: RFC2739 http://www.faqs.org/rfcs/rf
Page 160 and 161: Hierarchy: cosine.schema dSA pilotD
Page 162 and 163: Hierarchy: Kerberos V & Samba krb5-
Page 165 and 166: syslog On most platforms OpenLDAP u
Page 167 and 168: etc/openldap/ldap.conf The defaults
Page 169 and 170: The LDAP PAM Module PAM is a system
Page 171 and 172: A PAM LDAP login file #%PAM-1.0 aut
Page 173 and 174: etc/ldap.conf timelimit 30 The maxi
Page 175 and 176: passwd PAM file (/etc/pam.d/passwd)
Page 178 and 179: Migration Scripts PADL.com (Luke Ho
Page 180 and 181: Using the scripts... Once the prope
Page 182: What can be migrated? The stock mig
Page 187 and 188: An entry of posixAccount Object stu
Page 189 and 190: ipHost Object An entry of 127.0.0.1
Page 191 and 192: oncRpc Object An entry of fypxfrd60
Page 194 and 195: What is an SRV record? Traditionall
Page 196 and 197: 1123 vs. 2181 SRV protocol and serv
Page 198 and 199: SRV and nss_ldap To use SRV records
Page 202: Public SRV Records
Page 205 and 206: Loading Tip: Normalize DN The LDAP
Page 207 and 208: Invalid Data If, when trying to loa
Page 209: Binary Data Some attributes, jpegPh
Page 212 and 213: LDIF LDAP Directory Information Fil
Page 214 and 215: ldapsearch ldapsearch [options] [qu
Page 216 and 217: ldapmodify / ldapadd The ldapmodify
Page 218 and 219: Binding with the utilities.... If y
Page 220: slapcat slapcat is the functional o
Page 223 and 224: gq (Object browser and editor)
Page 225 and 226: ldapdiff (http://webtomware.rhoen.d
Page 227 and 228: KDE Directory Administrator (http:/
Page 229 and 230: Directory Administrator Directory A
Page 231 and 232: pdb2ldif (http://uslinux.net/script
Page 233 and 234: ISPMan: Schema Editor Available at
Page 235 and 236: LDAPUtils (http://fanying.fanying.c
Page 237 and 238: squid_ldap_auth (http://sourceforge
Page 239 and 240: ldap2nis (http://ldapconsole.source
Page 241 and 242: Sympa http://www.sympa.org/ Sympa i
Page 243 and 244: MaxWare Directory Explorer Version
Page 245 and 246: LDAP Browser/Editor The LDAP Browse
Page 247: pGina http://pgina.cs.plu.edu/index
Page 250 and 251:
saslauthd Options saslauthd a authm
Page 252 and 253:
saslauthd Options saslauthd a authm
Page 254 and 255:
saslauthd -a ldap saslauthd -a ldap
Page 256 and 257:
saslauthd -a ldap saslauthd -a ldap
Page 258:
saslauthd -a ldap LDAP related sasl
Page 261 and 262:
LDAP Mail Routing (draft-lachman-la
Page 263 and 264:
m4: LDAPROUTE_DOMAIN The behaviour
Page 265 and 266:
LDAP Mail Routing + sendmail The si
Page 267 and 268:
fc822 + sendmail Most distributions
Page 269 and 270:
LDAP SMTP Access Control One exampl
Page 271 and 272:
LDAP SMTP Access Control attributet
Page 273 and 274:
sendmailMTACluster attributetype (
Page 275 and 276:
sendmailMTA objectclass ( 1.3.6.1.4
Page 277 and 278:
sendmailMTAMapName attributetype (
Page 279 and 280:
sendmailMTAMap objectclass ( 1.3.6.
Page 281 and 282:
sendmailMTAAliasGrouping & sendmail
Page 283 and 284:
sendmailMTAAliasObject objectclass
Page 285 and 286:
sendmailMTAClass objectclass ( 1.3.
Page 287 and 288:
Configuring GNARWL /etc/gnarwl.cfg
Page 289 and 290:
The GNARWL Database
Page 291 and 292:
The PDC Tree ou=People,dc=Whitemice
Page 293 and 294:
The Samba Schema By default the Sam
Page 295 and 296:
ldap ssl =
Page 297 and 298:
uids, gids, and rids UNIX operating
Page 299 and 300:
Machine Accounts Beginning with NT4
Page 301 and 302:
Samba User Attributes ntPassword -
Page 303 and 304:
Samba Password Management
Page 305 and 306:
Migrating smbpasswd PHP smbpasswd r
Page 307:
Samba Versions The LDAP support in
Page 310 and 311:
Authentication Schemes --enable-bas
Page 312 and 313:
squid_pam_auth http://squid.sourcef
Page 314 and 315:
squid-ldap-match http://marasystems
Page 316 and 317:
squid_ldap_match squid_ldap_match -
Page 318 and 319:
squid_ldap_match squid_ldap_match -
Page 321 and 322:
ind & Openldap As of version 9.0 bi
Page 323 and 324:
The dnsZone Schema While the standa
Page 325 and 326:
objectclass: dNSZone (2/4) A very b
Page 327 and 328:
objectclass: dNSZone (4/5) The dnsZ
Page 329 and 330:
objectclass: dNSZone (6/6) dn: rela
Page 331 and 332:
Query Specifics It is very simple t
Page 333:
zone2ldap zone2ldap is a utility fo
Page 336 and 337:
The DHCP LDAP Patch http://www.neww
Page 338 and 339:
DHCP Schema In order to contain the
Page 340 and 341:
An Example Tree dc=Whitemice,dc=Org
Page 342 and 343:
dn: cn=192.168.3.0,cn=whitemice-dhc
Page 344:
dn: cn=xterm1,cn=group,cn=whitemice
Page 348 and 349:
Password Authentication Protocol Al
Page 350 and 351:
Microsoft Challange Host Au- thenti
Page 352 and 353:
LDAP chap-secrets entry An explanat
Page 354:
PoPToP http://www.poptop.org PoPToP
Page 357 and 358:
Sources Multiple address books (cal
Page 359 and 360:
Turba Source Maps The map array con
Page 361 and 362:
Turba Attribute Declaration Attribu
Page 363 and 364:
Turba LDAP Personal Address Book Th
Page 366 and 367:
What is pine? http://www.washignton
Page 368 and 369:
Using The DSA CTRL-T Select DSA Ent
Page 370:
Trianii http://www.edlund.org/hacks
Page 373 and 374:
State Of LDAP Support While Evoluti
Page 375 and 376:
evolutionPerson
Page 377 and 378:
Setting Up An LDAP Addressbook Name
Page 379 and 380:
Contact Details (Dialog relations t
Page 381:
Contact Details calCalURI Free/Busy
Page 384:
! ! òñðõõ ò ë}ô ó òñðõ
Page 388 and 389:
Color Coding How the attribute of a
Page 390 and 391:
Create With Template
Page 392:
Viewing Complex Attributes GQ has b
Page 395 and 396:
Bug#4607 Versions of Open Office, u
Page 397 and 398:
Creating an LDAP Data Source Under
Page 399 and 400:
Using The Address Book To insert da
Page 401:
Use The Address Book Results The re
Page 404 and 405:
NetMeeting Directory Kit (http://vy
Page 406 and 407:
PURRO VXW RK R JLKM PLQ ON QQZ M K
Page 408 and 409:
OpenLDAP as an ILS Agent (Initializ
Page 410 and 411:
OpenLDAP as an ILS Agent (Starting
Page 412 and 413:
GNOMEMeeting and ILS Entry your ILS
Page 414 and 415:
NetMeeting & ILS The comment is NOT
Page 416 and 417:
Breaking NetMeeting Exclusivity Net
Page 419 and 420:
DSML (http://www.dsml.org) DSML (Di
Page 421 and 422:
URI Declaration What does DSML look
Page 423 and 424:
DSML & XML-RPC (http://www.worldspo
Page 425 and 426:
Using the DSML Utilities You need t
Page 428 and 429:
What is xmlBlaster? http://www.xmlb
Page 430 and 431:
LDAP Module Limitations (From the L
Page 432 and 433:
What is Active Directory Active Dir
Page 434:
SRV records used by AD _ldap._tcp.d
Page 437 and 438:
ldap_connect The first step to cont
Page 439 and 440:
Control LDAP_OPT_DEREF LDAP_OPT_SIZ
Page 441 and 442:
ldap_get_option boolean ldap_get_op
Page 443 and 444:
ldap_unbind boolean ldap_unbind (re
Page 445 and 446:
ldap_errno Error Constant Value LDA
Page 447 and 448:
ldap_search resource ldap_search(re
Page 449 and 450:
ldap_get_entries array ldap_get_ent
Page 451 and 452:
ldap_compare Since LDAP permits the
Page 453 and 454:
ldap_delete boolean ldap_delete(res
Page 455 and 456:
ldap_mod_del boolean ldap_mod_del(r
Page 458 and 459:
Synchronous & Asynchronous
Page 460 and 461:
ldap_set_option The ldap_set_option
Page 462 and 463:
ldap_bind method parameter int ldap
Page 464 and 465:
ldap_search_parameters int ldap_sea
Page 466 and 467:
ldap_first_entry LDAPMessage* ldap_
Page 468 and 469:
ldap_get_dn char* ldap_get_dn(LDAP*
Page 470 and 471:
ldap_next_attribute char* ldap_next
Page 472 and 473:
ldap_count_values int ldap_count_va
Page 474 and 475:
int ldap_msgfree(LDAPMessage* msg)
Page 476 and 477:
ldap_perror void ldap_perror(LDAP*
Page 478 and 479:
Simple C LDAP Query init & bind Hos
Page 480 and 481:
printf("Objects Found: %d\n", ldap_
Page 482 and 483:
Simple C LDAP Query Close it up if
Page 484 and 485:
ldap_modify & ldap_modify_s
Page 486 and 487:
ldap_delete & ldap_delete_s
Page 489 and 490:
AIX and OpenLDAP AIX is a descenden
Page 491 and 492:
Compiling NSS LDAP on AIX tar -xvf
Page 493 and 494:
Authentication via NSS LDAP /etc/se
Page 495 and 496:
hosts local merge hosts dns service
Page 497 and 498:
NSORDER The NSORDER enviroment vari
Page 499 and 500:
¨ ¨ ¨ ¨
show all

ldapv3.pdf 7947KB Apr 17 2013 11:30:42 AM - mirror omadata

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?