Red Hat Enterprise Directory Services and Authentication

This training module and certification examination is discontinued by Red Hat.

The Red Hat Enterprise Directory Services and Authentication Expertise Exam is a performance-based test of the skills covered in RH423 Red Hat Enterprise Directory Services and Authentication. RH423 is designed to train people with RHCE-level competency on skills required to manage and deploy the Red Hat Directory Server. Gaining an understanding of the basic concepts, configuration, and management of LDAP-based services is central to this course.

In order to enroll in this exam, one must have an RHCE on a current release at the time of the exam. Upon passing the exam, one will have earned this additional Certificate of Expertise to one’s RHCE certification.

Counts towards RHCA, RHCDS and RHCSS certifications

This Certificate of Expertise is one of five required to earn the designation Red Hat Certified Architect (RHCA), one of the three required in order to earn the designation Red Hat Certified Security Specialist (RHCSS), and one of the three required in order to earn the designation Red Hat Certified Datacentre Specialist (RHCDS).

Red Hat Enterprise Directory Services and Authentication

Red Hat Enterprise Directory Services and Authentication (RH423) is an intensive course designed to training Senior System Administrators the skills required to manage and deploy the Red Hat Directory Server on and for Red Hat Enterprise Linux systems. This course also covers cross-platform integration of directory services in order to provide authentication or information services across the enterprise. In addition, students will gain an understanding of the basic concepts, configuration, and management of LDAP-based services. This course also explores PAM, the Pluggable Authentication Modules system, and how it integrates with services that require authentication.

Audience

  • Experienced Linux system administrators responsible for user account information and secured enterprise authentication mechanisms of one or more Linux systems
  • System administrators who have configured directory services and authentication on other operating systems but now want to perform those tasks on a Linux system
  • Experienced system administrators wanting to integrate directory service and authentication mechanisms across multiple operating systems

Duration: 3-4 Days (24-32 hours)


Fee: Rs 15,000/- + service tax

Prerequisites

  • Red Hat Certified Engineer (RHCE) certification or equivalent experience
  • Students without an RHCE certification are encouraged to do a skills assessment online

Course Content

  • Understanding basic LDAP concepts
  • Configuration and management of Red Hat Directory Server
  • Managing user authentication with PAM and glibc NSS
  • Using Kerberos and LDAP to centrally manage user authentication
  • Using LDAP referrals and replication for distributed, highly available directory server performance
  • Exploring options for integration with Microsoft Active Directory authentication

Content Outline

  1. Introduction to Directory Services
    • What is a directory?
    • LDAP: models, schema, and attributes
    • Object classes
    • LDIF
  2. The LDAP Naming Model
    • Directory information trees and Distinguished Names
    • X.500 and “Internet” naming suffixes
    • Planning the directory hierarchy
  3. Red Hat Directory Server: Basic Configuration
    • Installation and setup of Red Hat Directory Server
    • Using the Red Hat Console
    • Using logging to monitor Red Hat Directory Server activity
    • Backing up and restoring the directory
    • Basic performance tuning with indexes
  4. Searching and Modifying the LDAP Directory
    • Using command line utilities to search the directory
    • Search filter syntax
    • Updating the directory
  5. Red Hat Directory Server: Authentication and Security
    • Configuring TLS security
    • Using access control instructions (ACI’s)
    • ACI’s and the Red Hat Console
  6. Linux User Authentication with NSS and PAM
    • Understanding authentication and authorisation
    • Name service switch (NSS)
    • Advanced pluggable authentication modules (PAM) configuration
  7. Centralised User Authentication with LDAP
    • Central account management with LDAP
    • Using migration scripts to migrate existing data into an LDAP server
    • LDAP user authentication
  8. Kerberos and LDAP
    • Introduction to Kerberos
    • Configuring the Kerberos key distribution centre (KDC) and clients
    • Configuring LDAP to support Kerberos
  9. Directory Referrals and Replication
    • Referrals and replication
    • Single master configuration
    • Multiple master configuration
    • Planning for directory server availability
  10. Cross-Platform Centralised Identity Management
    • Synchronising Red Hat Directory Server with Active Directory
    • Managing users with Winbind and LDAP
    • Mapping attributes between Linux and Windows

Certification Examination

The EX423 Directory Services and Authentication Expertise Exam tests the ability of an RHCE to implement directory services and authentication for enterprise environments.

Exam Format

The format is performance-based, meaning that candidates must perform tasks on live systems, rather than answering questions about how one might perform those tasks.

Duration: 4 Hours


Fee: Rs 12,500/- + service tax

Prerequisites

Candidates must be an RHCE on a release that is considered current in order to take this exam.

Components of the Exam

The Exam is organised as follows:

  • Directory Service Configuration and User Authentication: 4.0 hours

Exam Objectives

Candidates should be able to perform the tasks listed below:

  • Install Red Hat Directory Server
    • configure the default LDAP suffix
    • configure the administrative user
    • configure a slave replica
  • Configure Red Hat Directory Server for TLS communication
    • request a certificate from a certificate authority (CA)
    • install CA-signed server certificate
  • Configure command-line tools to
    • Use TLS
    • Use a default LDAP suffix
  • Configure Red Hat Directory Server access through user Access Controls
  • Authenticate to the Directory Server using Kerberos
  • Configure write referrals
  • Migrate NIS users and groups into LDAP
  • Create and modify entries of the inetOrgPerson object class
  • Import user information from an LDIF file
  • Export specific user information to an LDIF file
  • Configure a system to authenticate using LDAP
  • Configure a system to authenticate using Microsoft Active Directory

As with all Red Hat performance-based exams, configurations must persist after reboot without intervention.