ldapv3.pdf 7947KB Apr 17 2013 11:30:42 AM - mirror omadata

More documents

Recommendations

Info

ind & Openldap As of version 9.0 bind, the world's most popular DNS server, sports sdb. sdb is a standard mechanism allowing bind to utilize various backends to retrieve the information requested by clients. A sdb compliant LDAP backend for bind is available at - http://www.venaas.no/ldap/bind-sdb/ Using this backend DNS queries are re-written to LDAP requests and the Dit is queried. There is no exporting of LDAP information to flat files, etc... All information is presented live from the DSA. Source RPMs of bind-sdb-ldap are available from http://home.teleport.ch/simix/RPMS/Bind-LDAP/
Page 1 and 2:
LDAP and OpenLDAP (on the Linux Pla
Page 3 and 4:
KLUG The master copy of this docume
Page 5:
Versions For the most part this doc
Page 8 and 9:
What is a directory? A directory is
Page 10 and 11:
¤¥ § ¨ © ¨ ¨ £¡ ¡
Page 12 and 13:
Requirements An LDAPv3 compliant di
Page 14 and 15:
Gotcha: “requested“ protocol ve
Page 16 and 17:
Multi-Valued RDNs While most object
Page 19 and 20:
Schema A directory has a schema sim
Page 21 and 22:
1.1.x It is true that the 1.1.x OID
Page 23 and 24:
WARNING (Object Class Type) Early O
Page 25 and 26:
Attribute Schema OID Name (alias fo
Page 27 and 28:
Attribute Syntaxes Data Type OID De
Page 29:
The OID is the truth. The names of
Page 32 and 33:
Illegal Partitions The law of parti
Page 34:
Subordinate Information Subordinate
Page 37 and 38:
Operational ACI Attributes If your
Page 39 and 40:
subSchema One of the most useful bi
Page 41 and 42:
The ManageDsaIT Control OID: 2.16.8
Page 43 and 44:
The "alias" object The alias object
Page 45 and 46:
Start TLS Extended Operation OID: 1
Page 47:
2.1.x hasSubordinates Only implemen
Page 50 and 51:
Supported `Advanced' Features Featu
Page 52 and 53:
The Config Files Configuration file
Page 54 and 55:
slapd.conf (defaultsearchbase) The
Page 56 and 57:
equire The require configuration di
Page 58 and 59:
loglevel The loglevel directive con
Page 60 and 61:
Checking the SSL Configuration Once
Page 62:
Supported Bind Types Depending on h
Page 65 and 66:
SASL RPMs Redhat 8.0 is the first t
Page 67 and 68:
SASL Methods PLAIN (AUXPROP, SASLAU
Page 69 and 70:
C? KP Q >C >GP X O X > NN>K?[ TM >P
Page 71 and 72:
saslpasswd & saslpasswd2 saslpasswd
Page 73 and 74:
PLAIN Authentication PLAIN SASL aut
Page 75 and 76:
2.1.x Authentication Request DN Map
Page 77 and 78:
2.1.x sasl-regexp rewrite pattern s
Page 79 and 80:
OpenLDAP + SASL + PAM 1. Make sure
Page 81 and 82:
OpenLDAP + SASL + GSSAPI (OpenLDAP
Page 83 and 84:
OpenLDAP + SASL + GSSAPI (OpenLDAP
Page 86 and 87:
slapd.conf (Database) # ldbm databa
Page 88 and 89:
ack-ldbm back-ldbm is the standard
Page 90 and 91:
ack-bdb back-bdb configuration dire
Page 92 and 93:
ack-sql The SQL backend is not buil
Page 94 and 95:
ack-shell The back-shell backend al
Page 96 and 97:
LDAP Indexes pres - An index of wha
Page 99 and 100:
Buffer Stuffing (Single Threaded In
Page 101 and 102:
Filesystem Since the LDAP database
Page 103 and 104:
Journalized Filesystems Journalized
Page 106 and 107:
The purpose of back-sql The back-sq
Page 108 and 109:
Mapping Concept back-sql uses a set
Page 110 and 111:
Objectclass Mappings ldap_oc_mappin
Page 112 and 113:
Attribute Mappings Stored procedure
Page 114 and 115:
Objectclass Mapping ldap_entry_objc
Page 116 and 117:
Stored Procedures
Page 118:
Using Triggers & Events
Page 121 and 122:
Replication Diagram Replication Dia
Page 123 and 124:
Populating Slaves One of the most d
Page 125 and 126:
The Replication Log On serveral dis
Page 127 and 128:
The Rejection Log The rejection log
Page 129 and 130:
Chasing Referrals If a client submi
Page 132 and 133:
The ACL Stack Access control for ob
Page 134 and 135:
Default Access defaultaccess { none
Page 136 and 137:
Examples The following are example
Page 138 and 139:
dnattr The dnattr matching construc
Page 140 and 141:
{}|~ € ‚ z x¢y w ttuv z ‡ ˆ
Page 142 and 143:
children & entry The ability to cre
Page 144:
A Limitation? One "limitation" of O
Page 147 and 148:
Advantages of ACI The single bigges
Page 149 and 150:
OpenLDAPacl & OpenLDAPaci Every obj
Page 151 and 152:
The ACI ACL (OpenLDAPaci) In order
Page 153 and 154:
OpenLDAPaci: Rights The rights fiel
Page 156 and 157:
RFC2798 (inetOrgPerson) The inetOrg
Page 158 and 159:
RFC2739 http://www.faqs.org/rfcs/rf
Page 160 and 161:
Hierarchy: cosine.schema dSA pilotD
Page 162 and 163:
Hierarchy: Kerberos V & Samba krb5-
Page 165 and 166:
syslog On most platforms OpenLDAP u
Page 167 and 168:
etc/openldap/ldap.conf The defaults
Page 169 and 170:
The LDAP PAM Module PAM is a system
Page 171 and 172:
A PAM LDAP login file #%PAM-1.0 aut
Page 173 and 174:
etc/ldap.conf timelimit 30 The maxi
Page 175 and 176:
passwd PAM file (/etc/pam.d/passwd)
Page 178 and 179:
Migration Scripts PADL.com (Luke Ho
Page 180 and 181:
Using the scripts... Once the prope
Page 182:
What can be migrated? The stock mig
Page 187 and 188:
An entry of posixAccount Object stu
Page 189 and 190:
ipHost Object An entry of 127.0.0.1
Page 191 and 192:
oncRpc Object An entry of fypxfrd60
Page 194 and 195:
What is an SRV record? Traditionall
Page 196 and 197:
1123 vs. 2181 SRV protocol and serv
Page 198 and 199:
SRV and nss_ldap To use SRV records
Page 201 and 202:
Root Referrals To configure with Op
Page 204 and 205:
Loading Tip: Objectclass When loadi
Page 206 and 207:
Misc. Data Loading Tips 1. If a lin
Page 208 and 209:
Non-English Data If your data conta
Page 211 and 212:
OpenLDAP Utilities ldapsearch Allow
Page 213 and 214:
LDAP Queries ldapsearch "(&(uid=awi
Page 215 and 216:
Requesting Attributes If you do not
Page 217 and 218:
ldapmodrdn While the dn of an objec
Page 219 and 220:
slapadd slapadd is used to initiall
Page 222 and 223:
gq gq is an LDAP v3 utility for Gna
Page 224 and 225:
gq (Schema browser)
Page 226 and 227:
HAD Hyperactive Directory Administr
Page 228 and 229:
Directory Administrator (http://www
Page 230 and 231:
LDAP Browser / Editor (http://www.i
Page 232 and 233:
LDIF To VCard http://www.pawebworld
Page 234 and 235:
From the cpu manual page CPU (http:
Page 236 and 237:
Wallal (http://www.mnot.net/wallal/
Page 238 and 239:
mod_auth_ldap (http://nona.net/soft
Page 240 and 241:
Gnarwl (http://www.oss.billiton.de/
Page 242 and 243:
š š š
Page 244 and 245:
MaxWare Directory Explorer Version
Page 246 and 247:
ActiveX LDAP Client http://www.polo
Page 249 and 250:
saslauthd saslauthd is a stand alon
Page 251 and 252:
saslauthd Options saslauthd a authm
Page 253 and 254:
RedHat's saslauthd The RedHat Cyrus
Page 255 and 256:
saslauthd -a ldap LDAP related sasl
Page 257 and 258:
saslauthd -a ldap saslauthd -a ldap
Page 260 and 261:
m4: LDAPDefaultSpec The first m4 va
Page 262 and 263:
m4: LDAPROUTE_DOMAIN The m4 sendmai
Page 264 and 265:
¨ Ÿ ¦ «° µ¬ ¨ Ÿ ¦ «° µ
Page 266 and 267:
RFC822 rfc822 defines a the concept
Page 268 and 269:
LDAP + sendmail You can also define
Page 270 and 271: LDAP SMTP Access Control cn=Allow S
Page 272 and 273: The Sendmail Schema
Page 274 and 275: sendmailMTAHost attributetype ( 1.3
Page 276 and 277: sendmailMTAKey attributetype ( 1.3.
Page 278 and 279: sendmailMTAMapValue attributetype (
Page 280 and 281: sendmailMTAMapObject objectclass (
Page 282 and 283: sendmailMTAAlias objectclass ( 1.3.
Page 284 and 285: sendmailMTAClassName & sendmailMTAC
Page 286 and 287: Installing GNARWL GNARWL in an LDAP
Page 288 and 289: GNARWL Integration
Page 290 and 291: This information now exclusively ap
Page 292 and 293: Building Samba 1. Grab the latest s
Page 294 and 295: [globals] encrypt passwords = yes d
Page 296 and 297: The Admin And His Secrets Since the
Page 298 and 299: Samba Users Samba users must be UN*
Page 300 and 301: Samba User Attributes profilePath -
Page 302 and 303: Samba Times The sambaAccount object
Page 304 and 305: Samba Security The ntpassword and l
Page 306 and 307: Samba Attribute Indexes For good pe
Page 309 and 310: What is Squid? http://www.squid-cac
Page 311 and 312: Authentication Helpers Squid uses h
Page 313 and 314: squid_ldap_auth The helper for dire
Page 315 and 316: squid_ldap_match The squid_ldap_mat
Page 317 and 318: squid_ldap_match squid_ldap_match -
Page 319: Example Squid Configuration auth_pa
Page 323 and 324: The dnsZone Schema While the standa
Page 325 and 326: objectclass: dNSZone (2/4) A very b
Page 327 and 328: objectclass: dNSZone (4/5) The dnsZ
Page 329 and 330: objectclass: dNSZone (6/6) dn: rela
Page 331 and 332: Query Specifics It is very simple t
Page 333: zone2ldap zone2ldap is a utility fo
Page 336 and 337: The DHCP LDAP Patch http://www.neww
Page 338 and 339: DHCP Schema In order to contain the
Page 340 and 341: An Example Tree dc=Whitemice,dc=Org
Page 342 and 343: dn: cn=192.168.3.0,cn=whitemice-dhc
Page 344: dn: cn=xterm1,cn=group,cn=whitemice
Page 348 and 349: Password Authentication Protocol Al
Page 350 and 351: Microsoft Challange Host Au- thenti
Page 352 and 353: LDAP chap-secrets entry An explanat
Page 354: PoPToP http://www.poptop.org PoPToP
Page 357 and 358: Sources Multiple address books (cal
Page 359 and 360: Turba Source Maps The map array con
Page 361 and 362: Turba Attribute Declaration Attribu
Page 363 and 364: Turba LDAP Personal Address Book Th
Page 366 and 367: What is pine? http://www.washignton
Page 368 and 369: Using The DSA CTRL-T Select DSA Ent
Page 370:
Trianii http://www.edlund.org/hacks
Page 373 and 374:
State Of LDAP Support While Evoluti
Page 375 and 376:
evolutionPerson
Page 377 and 378:
Setting Up An LDAP Addressbook Name
Page 379 and 380:
Contact Details (Dialog relations t
Page 381:
Contact Details calCalURI Free/Busy
Page 384:
! ! òñðõõ ò ë}ô ó òñðõ
Page 388 and 389:
Color Coding How the attribute of a
Page 390 and 391:
Create With Template
Page 392:
Viewing Complex Attributes GQ has b
Page 395 and 396:
Bug#4607 Versions of Open Office, u
Page 397 and 398:
Creating an LDAP Data Source Under
Page 399 and 400:
Using The Address Book To insert da
Page 401:
Use The Address Book Results The re
Page 404 and 405:
NetMeeting Directory Kit (http://vy
Page 406 and 407:
PURRO VXW RK R JLKM PLQ ON QQZ M K
Page 408 and 409:
OpenLDAP as an ILS Agent (Initializ
Page 410 and 411:
OpenLDAP as an ILS Agent (Starting
Page 412 and 413:
GNOMEMeeting and ILS Entry your ILS
Page 414 and 415:
NetMeeting & ILS The comment is NOT
Page 416 and 417:
Breaking NetMeeting Exclusivity Net
Page 419 and 420:
DSML (http://www.dsml.org) DSML (Di
Page 421 and 422:
URI Declaration What does DSML look
Page 423 and 424:
DSML & XML-RPC (http://www.worldspo
Page 425 and 426:
Using the DSML Utilities You need t
Page 428 and 429:
What is xmlBlaster? http://www.xmlb
Page 430 and 431:
LDAP Module Limitations (From the L
Page 432 and 433:
What is Active Directory Active Dir
Page 434:
SRV records used by AD _ldap._tcp.d
Page 437 and 438:
ldap_connect The first step to cont
Page 439 and 440:
Control LDAP_OPT_DEREF LDAP_OPT_SIZ
Page 441 and 442:
ldap_get_option boolean ldap_get_op
Page 443 and 444:
ldap_unbind boolean ldap_unbind (re
Page 445 and 446:
ldap_errno Error Constant Value LDA
Page 447 and 448:
ldap_search resource ldap_search(re
Page 449 and 450:
ldap_get_entries array ldap_get_ent
Page 451 and 452:
ldap_compare Since LDAP permits the
Page 453 and 454:
ldap_delete boolean ldap_delete(res
Page 455 and 456:
ldap_mod_del boolean ldap_mod_del(r
Page 458 and 459:
Synchronous & Asynchronous
Page 460 and 461:
ldap_set_option The ldap_set_option
Page 462 and 463:
ldap_bind method parameter int ldap
Page 464 and 465:
ldap_search_parameters int ldap_sea
Page 466 and 467:
ldap_first_entry LDAPMessage* ldap_
Page 468 and 469:
ldap_get_dn char* ldap_get_dn(LDAP*
Page 470 and 471:
ldap_next_attribute char* ldap_next
Page 472 and 473:
ldap_count_values int ldap_count_va
Page 474 and 475:
int ldap_msgfree(LDAPMessage* msg)
Page 476 and 477:
ldap_perror void ldap_perror(LDAP*
Page 478 and 479:
Simple C LDAP Query init & bind Hos
Page 480 and 481:
printf("Objects Found: %d\n", ldap_
Page 482 and 483:
Simple C LDAP Query Close it up if
Page 484 and 485:
ldap_modify & ldap_modify_s
Page 486 and 487:
ldap_delete & ldap_delete_s
Page 489 and 490:
AIX and OpenLDAP AIX is a descenden
Page 491 and 492:
Compiling NSS LDAP on AIX tar -xvf
Page 493 and 494:
Authentication via NSS LDAP /etc/se
Page 495 and 496:
hosts local merge hosts dns service
Page 497 and 498:
NSORDER The NSORDER enviroment vari
Page 499 and 500:
¨ ¨ ¨ ¨
show all

ldapv3.pdf 7947KB Apr 17 2013 11:30:42 AM - mirror omadata

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?