- Page 1 and 2:
LDAP and OpenLDAP (on the Linux Pla
- Page 3 and 4:
KLUG The master copy of this docume
- Page 5:
Versions For the most part this doc
- Page 8 and 9:
What is a directory? A directory is
- Page 10 and 11:
¤¥ § ¨ © ¨ ¨ £¡ ¡
- Page 12 and 13:
Requirements An LDAPv3 compliant di
- Page 14 and 15:
Gotcha: “requested“ protocol ve
- Page 16 and 17:
Multi-Valued RDNs While most object
- Page 19 and 20:
Schema A directory has a schema sim
- Page 21 and 22:
1.1.x It is true that the 1.1.x OID
- Page 23 and 24:
WARNING (Object Class Type) Early O
- Page 25 and 26:
Attribute Schema OID Name (alias fo
- Page 27 and 28:
Attribute Syntaxes Data Type OID De
- Page 29:
The OID is the truth. The names of
- Page 32 and 33:
Illegal Partitions The law of parti
- Page 34:
Subordinate Information Subordinate
- Page 37 and 38:
Operational ACI Attributes If your
- Page 39 and 40:
subSchema One of the most useful bi
- Page 41 and 42:
The ManageDsaIT Control OID: 2.16.8
- Page 43 and 44:
The "alias" object The alias object
- Page 45 and 46:
Start TLS Extended Operation OID: 1
- Page 47:
2.1.x hasSubordinates Only implemen
- Page 50 and 51:
Supported `Advanced' Features Featu
- Page 52 and 53:
The Config Files Configuration file
- Page 54 and 55:
slapd.conf (defaultsearchbase) The
- Page 56 and 57:
equire The require configuration di
- Page 58 and 59:
loglevel The loglevel directive con
- Page 60 and 61:
Checking the SSL Configuration Once
- Page 62:
Supported Bind Types Depending on h
- Page 65 and 66:
SASL RPMs Redhat 8.0 is the first t
- Page 67 and 68:
SASL Methods PLAIN (AUXPROP, SASLAU
- Page 69 and 70:
C? KP Q >C >GP X O X > NN>K?[ TM >P
- Page 71 and 72:
saslpasswd & saslpasswd2 saslpasswd
- Page 73 and 74:
PLAIN Authentication PLAIN SASL aut
- Page 75 and 76:
2.1.x Authentication Request DN Map
- Page 77 and 78:
2.1.x sasl-regexp rewrite pattern s
- Page 79 and 80:
OpenLDAP + SASL + PAM 1. Make sure
- Page 81 and 82:
OpenLDAP + SASL + GSSAPI (OpenLDAP
- Page 83 and 84:
OpenLDAP + SASL + GSSAPI (OpenLDAP
- Page 86 and 87:
slapd.conf (Database) # ldbm databa
- Page 88 and 89:
ack-ldbm back-ldbm is the standard
- Page 90 and 91:
ack-bdb back-bdb configuration dire
- Page 92 and 93:
ack-sql The SQL backend is not buil
- Page 94 and 95:
ack-shell The back-shell backend al
- Page 96 and 97:
LDAP Indexes pres - An index of wha
- Page 99 and 100:
Buffer Stuffing (Single Threaded In
- Page 101 and 102:
Filesystem Since the LDAP database
- Page 103 and 104:
Journalized Filesystems Journalized
- Page 106 and 107:
The purpose of back-sql The back-sq
- Page 108 and 109:
Mapping Concept back-sql uses a set
- Page 110 and 111:
Objectclass Mappings ldap_oc_mappin
- Page 112 and 113:
Attribute Mappings Stored procedure
- Page 114 and 115:
Objectclass Mapping ldap_entry_objc
- Page 116 and 117:
Stored Procedures
- Page 118:
Using Triggers & Events
- Page 121 and 122:
Replication Diagram Replication Dia
- Page 123 and 124:
Populating Slaves One of the most d
- Page 125 and 126:
The Replication Log On serveral dis
- Page 127 and 128:
The Rejection Log The rejection log
- Page 129 and 130:
Chasing Referrals If a client submi
- Page 132 and 133:
The ACL Stack Access control for ob
- Page 134 and 135:
Default Access defaultaccess { none
- Page 136 and 137:
Examples The following are example
- Page 138 and 139:
dnattr The dnattr matching construc
- Page 140 and 141:
{}|~ € ‚ z x¢y w ttuv z ‡ ˆ
- Page 142 and 143:
children & entry The ability to cre
- Page 144:
A Limitation? One "limitation" of O
- Page 147 and 148:
Advantages of ACI The single bigges
- Page 149 and 150:
OpenLDAPacl & OpenLDAPaci Every obj
- Page 151 and 152:
The ACI ACL (OpenLDAPaci) In order
- Page 153 and 154:
OpenLDAPaci: Rights The rights fiel
- Page 156 and 157:
RFC2798 (inetOrgPerson) The inetOrg
- Page 158 and 159:
RFC2739 http://www.faqs.org/rfcs/rf
- Page 160 and 161:
Hierarchy: cosine.schema dSA pilotD
- Page 162 and 163:
Hierarchy: Kerberos V & Samba krb5-
- Page 165 and 166:
syslog On most platforms OpenLDAP u
- Page 167 and 168:
etc/openldap/ldap.conf The defaults
- Page 169 and 170:
The LDAP PAM Module PAM is a system
- Page 171 and 172:
A PAM LDAP login file #%PAM-1.0 aut
- Page 173 and 174:
etc/ldap.conf timelimit 30 The maxi
- Page 175 and 176:
passwd PAM file (/etc/pam.d/passwd)
- Page 178 and 179:
Migration Scripts PADL.com (Luke Ho
- Page 180 and 181:
Using the scripts... Once the prope
- Page 182:
What can be migrated? The stock mig
- Page 187 and 188:
An entry of posixAccount Object stu
- Page 189 and 190:
ipHost Object An entry of 127.0.0.1
- Page 191 and 192:
oncRpc Object An entry of fypxfrd60
- Page 194 and 195:
What is an SRV record? Traditionall
- Page 196 and 197:
1123 vs. 2181 SRV protocol and serv
- Page 198 and 199:
SRV and nss_ldap To use SRV records
- Page 201 and 202:
Root Referrals To configure with Op
- Page 204 and 205:
Loading Tip: Objectclass When loadi
- Page 206 and 207:
Misc. Data Loading Tips 1. If a lin
- Page 208 and 209:
Non-English Data If your data conta
- Page 211 and 212:
OpenLDAP Utilities ldapsearch Allow
- Page 213 and 214:
LDAP Queries ldapsearch "(&(uid=awi
- Page 215 and 216:
Requesting Attributes If you do not
- Page 217 and 218:
ldapmodrdn While the dn of an objec
- Page 219 and 220:
slapadd slapadd is used to initiall
- Page 222 and 223:
gq gq is an LDAP v3 utility for Gna
- Page 224 and 225:
gq (Schema browser)
- Page 226 and 227:
HAD Hyperactive Directory Administr
- Page 228 and 229:
Directory Administrator (http://www
- Page 230 and 231:
LDAP Browser / Editor (http://www.i
- Page 232 and 233:
LDIF To VCard http://www.pawebworld
- Page 234 and 235:
From the cpu manual page CPU (http:
- Page 236 and 237:
Wallal (http://www.mnot.net/wallal/
- Page 238 and 239:
mod_auth_ldap (http://nona.net/soft
- Page 240 and 241:
Gnarwl (http://www.oss.billiton.de/
- Page 242 and 243:
š š š
- Page 244 and 245: MaxWare Directory Explorer Version
- Page 246 and 247: ActiveX LDAP Client http://www.polo
- Page 249 and 250: saslauthd saslauthd is a stand alon
- Page 251 and 252: saslauthd Options saslauthd a authm
- Page 253 and 254: RedHat's saslauthd The RedHat Cyrus
- Page 255 and 256: saslauthd -a ldap LDAP related sasl
- Page 257 and 258: saslauthd -a ldap saslauthd -a ldap
- Page 260 and 261: m4: LDAPDefaultSpec The first m4 va
- Page 262 and 263: m4: LDAPROUTE_DOMAIN The m4 sendmai
- Page 264 and 265: ¨ Ÿ ¦ «° µ¬ ¨ Ÿ ¦ «° µ
- Page 266 and 267: RFC822 rfc822 defines a the concept
- Page 268 and 269: LDAP + sendmail You can also define
- Page 270 and 271: LDAP SMTP Access Control cn=Allow S
- Page 272 and 273: The Sendmail Schema
- Page 274 and 275: sendmailMTAHost attributetype ( 1.3
- Page 276 and 277: sendmailMTAKey attributetype ( 1.3.
- Page 278 and 279: sendmailMTAMapValue attributetype (
- Page 280 and 281: sendmailMTAMapObject objectclass (
- Page 282 and 283: sendmailMTAAlias objectclass ( 1.3.
- Page 284 and 285: sendmailMTAClassName & sendmailMTAC
- Page 286 and 287: Installing GNARWL GNARWL in an LDAP
- Page 288 and 289: GNARWL Integration
- Page 290 and 291: This information now exclusively ap
- Page 292 and 293: Building Samba 1. Grab the latest s
- Page 296 and 297: The Admin And His Secrets Since the
- Page 298 and 299: Samba Users Samba users must be UN*
- Page 300 and 301: Samba User Attributes profilePath -
- Page 302 and 303: Samba Times The sambaAccount object
- Page 304 and 305: Samba Security The ntpassword and l
- Page 306 and 307: Samba Attribute Indexes For good pe
- Page 309 and 310: What is Squid? http://www.squid-cac
- Page 311 and 312: Authentication Helpers Squid uses h
- Page 313 and 314: squid_ldap_auth The helper for dire
- Page 315 and 316: squid_ldap_match The squid_ldap_mat
- Page 317 and 318: squid_ldap_match squid_ldap_match -
- Page 319: Example Squid Configuration auth_pa
- Page 322 and 323: DNS & Cosine The Cosine schema (inc
- Page 324 and 325: objectclass: dNSZone (¼) DNS recor
- Page 326 and 327: objectclass: dNSZone (¾) dNSTTL (1
- Page 328 and 329: objectclass: dNSZone (5/6) dn: rela
- Page 330 and 331: Configuring sbd ldap zone "3.168.19
- Page 332 and 333: Ü Misc. Points Features LDAP URLS
- Page 335 and 336: The ISC DHCP Server http://www.isc.
- Page 337 and 338: LDAP DHCP Configuration In order to
- Page 339 and 340: Indexes /etc/openldap/slapd.conf in
- Page 341 and 342: dhcpServer & dhcpService dn:cn=esta
- Page 343 and 344: dhcpGroup Object dn: cn=group,cn=wh
- Page 347 and 348:
What is pppd? The pppd daemon is an
- Page 349 and 350:
Challenge Host Authentication Proto
- Page 351 and 352:
LDAP chap-secrets entry If you are
- Page 353 and 354:
Other LDAP enabled pppds ftp://ftp.
- Page 356 and 357:
What is Turba? Turba is a web addre
- Page 358 and 359:
Source Parameters The params array
- Page 360 and 361:
Turba Source Search Keys The search
- Page 362 and 363:
Turba LDAP Personal Address Books L
- Page 364:
Turba LDAP Personal Address Book De
- Page 367 and 368:
Setting Up To Use The DSA DSA Host
- Page 369 and 370:
Viewing The Object From the address
- Page 372 and 373:
What is evolution? http://www.ximia
- Page 374 and 375:
evolutionPerson The evolution sourc
- Page 376 and 377:
Calender Entries
- Page 378 and 379:
Viewing An LDAP Addressbook LDAP ad
- Page 380 and 381:
Contact Details (Dialog relations t
- Page 383 and 384:
What is Mozilla?
- Page 387 and 388:
What is GQ?
- Page 389 and 390:
Drag-n-Drop
- Page 391 and 392:
Handling Complex Attribtues Import
- Page 394 and 395:
What Is Star Office? What is Open O
- Page 396 and 397:
Creating an LDAP Data Source Bring
- Page 398 and 399:
Browsing The Address Book Selecting
- Page 400 and 401:
Using The Address Book Available da
- Page 403 and 404:
ILS The Internet Locator Service is
- Page 405 and 406:
ILS and LDAP The Netmeeting Directo
- Page 407 and 408:
OpenLDAP as an ILS Agent (OBJECTCLA
- Page 409 and 410:
OpenLDAP as an ILS Agent (The secon
- Page 411 and 412:
GNOMEMeeting and ILS Before you can
- Page 413 and 414:
GNOMEMeeting and ILS GNOME Meeting
- Page 415 and 416:
Netmeeting Quibbles The Netmeeting
- Page 417:
389 vs. 1002 Prior to Windows 2000
- Page 420 and 421:
Why DSML What do directories and XM
- Page 422 and 423:
DSML Misc For binary data DSML supp
- Page 424 and 425:
DSML Tools A set of DSML utilities
- Page 426:
Castor (http://castor.exolab.org/in
- Page 429 and 430:
LDAP Authentication Module The LDAP
- Page 431 and 432:
Active Directory is a registered tr
- Page 433 and 434:
MKSADExtPlugin* (http://www.css-sol
- Page 436 and 437:
Using LDAP via PHP Establish Connec
- Page 438 and 439:
ldap_connect with URLs If you have
- Page 440 and 441:
ldap_set_option / controls if (ldap
- Page 442 and 443:
ldap_bind boolean ldap_bind (resour
- Page 444 and 445:
ldap_error string ldap_error (resou
- Page 446 and 447:
ldap_err2str Error Constant Value L
- Page 448 and 449:
ldap_search & dereferencing The der
- Page 450 and 451:
ldap_free_result boolean ldap_free_
- Page 452 and 453:
ldap_add boolean ldap_add(resource
- Page 454 and 455:
ldap_mod_add boolean ldap_mod_add(r
- Page 456:
ldap_mod_replace boolean ldap_mod_d
- Page 459 and 460:
ldap_init & ldap_open Before any ot
- Page 461 and 462:
ldap_bind & ldap_bind_s Once a conn
- Page 463 and 464:
ldap_search & ldap_search_s int lda
- Page 465 and 466:
ldap_count_entries int ldap_count_e
- Page 467 and 468:
ldap_next_entry LDAPMessage* ldap_n
- Page 469 and 470:
ldap_first_attribute char* ldap_fir
- Page 471 and 472:
ldap_get_values char **ldap_get_val
- Page 473 and 474:
void ldap_value_free(char** vals) l
- Page 475 and 476:
ldap_unbind & ldap_unbind_s int lda
- Page 477 and 478:
#include "stdio.h" #include "stdlib
- Page 479 and 480:
la[0] = "givenname"; la[1] = "sn";
- Page 481 and 482:
Simple C LDAP Query Walk the Attrib
- Page 483 and 484:
ldap_result
- Page 485 and 486:
ldap_add & ldap_add_s
- Page 487:
ldap_modrdn & ldap_modrdn_s
- Page 490 and 491:
NSS LDAP & AIX Since version ~198 P
- Page 492 and 493:
Authentication via NSS LDAP on AIX
- Page 494 and 495:
The AIX Name Service The NSORDER en
- Page 496 and 497:
etc/irs.conf Name spaces: services
- Page 498 and 499:
More Information For more informati
- Page 500:
More Information... Understanding a
Change language