OpenLDAP Training

Module 1: OpenLDAP Workshop

This one day workshop provides the participant an introduction to LDAP (more specifically OpenLDAP), its history, scope, usage, limitations and various options. A quick installation and configuration will be taught with various examples of usage.

Audience

  • Sysadmins new to directory servers
  • Those evaluating LDAP for work environment

Duration: 1 Day (6 – 8 hours)


Fee: Rs 1,000/- + service tax

Course Outline

  1. Problem Scenarios — discussion on how LDAP could be used to eliminate issues
  2. Introduction
    • What is a directory service?
    • What is LDAP?
    • LDAP vs RDBMS
  3. History & Background
    • History of Directories
    • X.500 and X.519 DAL
    • X.500 & Global Uniqueness
    • The IEFT & LDAP
  4. Quick Start
    • Configuration Choices
    • openLDAP Clients & Servers
    • ldapsearch – searching an LDAP Directory
    • LDIF
    • Installing the openLDAP server
    • What is slapd?
    • Configuring slapd
    • ldapadd — adding entries
  5. Scope of LDAP
    • Where can I use LDAP?
    • Limitations of LDAP
  6. What more
    • openLDAP for System Administrators
    • Advanced openLDAP + integration with Enterprise Mail Server
    • openLDAP Monitoring, Maintaining & Performance Tuning + integration with SAMBA

Module 2: OpenLDAP for System Administrators

The course teaches the basic theory behind directory servers and how the configure a OpenLDAP server.

Audience

  • Sysadmins who want to setup and maintain a directory server

Duration: 2 Days (16 hours)


Fee: Rs 5,000/- + service tax

Course Outline

  1. LDAP Data (Object) Model
    • Object Tree Structure
    • What are Attributes
    • Configuring the attributes
    • What are object classes
    • Using object classes & attributes to create LDAP
    • Describing the Tree & Adding Data
    • Navigating the Tree (DNs & RDNs)
  2. LDAP Schemas
    • What are schemas?
    • How are schemas defined?
  3. LDAP & LDIF
    • Overview
    • Adding entries
    • Modifying entries
    • Deleting entries
  4. Exercises:
    • Browsing the LDAP subschemas
    • Design & Code Attributes, ObjectClass and Schema
    • Adding new attributes and objectClass to DIT using LDIF
  5. OpenLDAP Installation on Linux
  6. OpenLDAP Sample Configurations
    1. Simple Directory
      • Designing the DIT
      • Select the STRUCTURAL objectClass
      • slapd.conf file
      • LDIF file
      • Loading the LDIF
      • Adding New Entries using LDIF
      • Modifying Entries using LDIF
    2. Securing the Directory
      • Security Policy
      • Adding Groups
      • ACL slapd.conf Access Definitions
      • Testing the ACL
    3. Expanded Hierarchy
      • Requirement
      • Implementation
      • LDIF
      • ACL slapd.conf Access Definitions
      • Testing the ACL
    4. Creating & Adding Objects
      • Requirement
      • Implementation
      • Attribute Definitions
      • objectClass & Schema Definition
      • ACL slapd.conf Access Definitions
      • LDIF
      • Testing the Changes
  7. Configuration Files
    • slapd.conf Overview — converting slapd.conf to use cn=config/slapd.d
    • slapd.conf List of Directives
    • slapd.conf Global Section Directives
    • slapd.conf Backend Section Directives
    • slapd.conf Database Section Directives
    • slapd.conf Overlay Directive
    • ldap.conf Directives
  8. Referrals
    • Referral Chaining

Module 3: Advanced OpenLDAP + integration with Mail Server

The course teaches the advanced theory behind directory servers and how to configure a openLDAP server and integrate it with an Enterprise Mail Server.

Audience

  • Sysadmins who want in-depth knowledge on directory server
  • Sysadmins who want to integrate LDAP with mail server

Duration: 3 Days (24 hours)


Fee: Rs 10,000/- + service tax

Course Outline

  1. OpenLDAP Architecture
    1. OpenLDAP – Backends
      • Backend – Overview
      • Backend – dbb
      • Backend – hdb
      • Backend – SQL
      • Backend – ldbm and bdb migration
    2. Overlays
      • Overlays – Overview
      • Overlay – Accesslog
      • Overlay – Auditlog
      • Overlay – Chain
      • Overlay – ppolicy (password)
      • Overlay – rwn (rewrite)
    3. LDAP Proxies
      • LDAP Proxies
      • LDAP Proxies and Referrals
      • Backends – Meta/LDAP
      • Overlay – pcache
      • Overlay – translucent
  2. Syncrepl Replication
    1. Master–Slave
      • Replication – Producer or consumer
      • Replication – Push/Pull models
      • Replication – Full/Partial scope
      • Operational Attributes (entryUUID, contextCSN)
      • Update Phases (Present and Delete)
      • Overlay – syncprov
      • Delta Replication (accesslog)
    2. Multi-Master
      • Producer and Consumer (Server Identification)
      • Limits and Limitations
      • Security Implications
  3. Backup and Replication
    1. LDAP Archive and Backup
      • LDIF – Export/Save
      • LDIF – Import/Restore
      • Exercise – Save and Restore DIT
    2. LDAP Security Model – Replication
      • LDAP Replication
      • LDAP Replication Characteristics and features
      • Replicate with syncrepl (OpenLDAP)
      • N-way multi-master with syncrepl (OpenLDAP)
  4. How-tos:
    • Configuring Multiple DITs in OpenLDAP
    • Configuring Referrals in OpenLDAP
    • Configuring Referral chaining in OpenLDAP
    • Configuring syncrepl style replication in OpenLDAP
    • Configuring delta synchronization (syncrepl) in OpenLDAP
    • Configuring and using cn=config in OpenLDAP
    • Notes about running/initialising OpenLDAP
    • Notes about overlays in OpenLDAP (or when is an overlay an overlay)
    • OpenLDAP converting to use cn=config
    • Configuring Groups of Users in OpenLDAP
    • Migrate from an existing authentication system to LDAP
  5. Indexing
    • Power of Indexing
    • Controlling Indexing
    • Cost of Indexing
    • Optimise Indexing – frequently
    • Indexing – matchingrules
    • Indexing – Substrings
  6. LDAP in Access Security
    • Authentication and Authorization
    • Network Authentication (KERBEROS)
    • Platform Authentication – UNIX/Windows
    • LINUX/UNIX – posixAccount
    • Single User – Single Password
    • Single Sign-On (SSO)
    • Windows Active Directory
    • LDAP with TLS
  7. OpenLDAP & Enterprise Mail Servers

Module 4: OpenLDAP Monitoring & Performance Tuning + integration with SAMBA

The first half of the course teaches how to monitor, maintain and tune performance of an OpenLDAP server. The second half covers integrating OpenLDAP with Samba to configure a stand-alone and drop-in replacement for Microsoft Active Directory.

Audience

  • Senior System Administrators
  • Data Centre Administrators

Duration: 3 Days (24 hours)


Fee: Rs 25,000/- + service tax

Course Outline

  1. LDAP Tools
    • ldapadd – add LDIF entries to an LDAP directory
    • ldapauth – add LDIF entries to an LDAP directory
    • ldapdelete – delete LDAP entries
    • ldapmodify – modify existing LDAP entries
    • ldapmodrdn – modify an LDAP entry’s DN
    • ldappasswd – modify an entry’s password
    • ldapsearch – search LDAP entries
    • ldapwhoami – perform an LDAP Who Am I operation of a server
    • slapacl – verify access to attributes by inspecting the configuraion of a DIT
    • slapadd – add LDAP entries to a database – STOP SLAPD FIRST
    • slapauth – verify SASL data against a DIT
    • slapcat – export an LDIF from an LDAP database – STOP SLAPD FIRST
    • slapdn – verify a DN against a DIT configuration
    • slapindex – re-index an LDAP database – STOP SLAPD FIRST
    • slappasswd – generate password
    • slaptest – verify a slapd.conf file or a cn=config directory (slapd.d)
  2. Maintenance
    • Directory Backups
    • Berkeley DB Logs
    • Checkpointing
    • Migration
  3. Monitoring
    • Monitor configuration via cn=config(5)
    • Monitor configuration via slapd.conf(5)
    • Accessing Monitoring Information
    • Monitor Information
      • Backends
      • Connections
      • Databases
      • Listener
      • Log
      • Operations
      • Overlays
      • SASL
      • Statistics
      • Threads
      • Time
      • TLS
      • Waiters
  4. Tuning
    1. Performance Factors
      • Memory
      • Disks
      • Network Topology
      • Directory Layout Design
      • Expected Usage
    2. Indexes
      • Understanding how a search works
      • What to index
      • Presence indexing
    3. Logging
      • What log level to use
      • What to watch out for
      • Improving throughput
    4. Caching
      • Berkeley DB Cache
      • slapd(8) Entry Cache (cachesize)
      • IDL Cache (idlcachesize)
      • slapd(8) Threads
  5. openLDAP & Samba


Please fill in your details below so that we can serve you better.

Name (required)

Email (required)

Phone No. (required)

Organisation

Designation/Role

Name of course you're interested in (required)

Please fill in if you have any query