Getting Started with OpenLDAP, Part 6

Before we get into creating centralised authentication and roaming profiles, we need to look at the process that ensures all users on the network get access to their data, irrespective of the location or system they log on to. It might be beyond the scope of an article pertaining to LDAP, but it is important in the context of centralised authentication environments, where all users must have access to their desktop. This feature is an essential requirement in modern computing environments and therefore, I feel the need to elaborate on auto-mounting here. Let’s get down to work The test...

read more

Getting Started with OpenLDAP, Part 5

In Part 4, we created an OpenLDAP-based address book with basic data. In this article, we will focus on centralised network authentication—a basic requirement of the networked world. Modern-day users centrally authenticate to a plethora of services that range from webmail service providers and office desktop passwords to ticket-booking sites for travel, entertainment, etc. Most of these sites and office servers save at least the username/password attributes in a centralised directory. In this article, we will configure Linux clients for authentication through a centralised directory. The...

read more

Getting Started with OpenLDAP, Part 4

I hope readers have explored the various attributes used to create records in LDAP directories. Once you have a list of the data items (attributes) that you want to store in your directory, the next step is to locate the appropriate ObjectClasses that contain those attributes. You can use multiple ObjectClasses in one record, but not all ObjectClasses can be used together. In this article, we will discuss how to find and use ObjectClasses to obtain all the attributes needed to store the desired data in a directory. Let us approach this exercise with a specific example—an addressbook, or in...

read more

Getting Started with OpenLDAP, Part 3

To understand ACLs and LDAP security better, we need to understand the underlying structure of data in a directory. In this part, we explore LDAP concepts such as schema, ObjectClasses and attributes — these will help us build an LDAP server capable of authenticating Linux users. A schema file can be understood to be analogous to a spreadsheet file. Each schema file defines certain ObjectClasses and attributes. ObjectClasses can be considered to be similar to each sheet within a spreadsheet file. Attributes are analogous to each column within a sheet. In other words, multiple attributes are grouped together in an ObjectClass. Multiple ObjectClasses can be grouped to form a record. The ability to use different schemas (or schemata) for a single record enables a directory to store records with different data—providing much greater flexibility. Let’s see all these in action.

read more

Getting Started with OpenLDAP, Part 2

In this part, we take a look at adding an initial level of security to OpenLDAP servers. We cover how to encrypt rootdn password with slappasswd, understand the structure of slapd.conf file, and disable anonymous directory read. We also learn the structure of slapd.conf and how to check it using slaptest, a utility that reads slapd.conf and checks whether it is in order or not — especially required in production environments, where configuration changes and updates must be thoroughly tested before applying them. Finally, we touch up on the sublect of ACLs (access controls) in slapd.conf.

read more

Getting Started with OpenLDAP, Part 1

LDAP (Lightweight Directory Access Protocol) is a protocol used to access directories. OpenLDAP is the open source implementation of LDAP. OpenLDAP software suite consists of a directory server and a client to access the directory. To be able to query other LDAP servers, only the openldap-client is required. In this article we will get started with installing and configuring an OpenLDAP client. Later we learn to install and configure the OpenLDAP server. We will also learn how to populate the directory server with data and search the directories anonymously.

read more