================================= Notes from oreilly's ldap SA book ================================= .. contents:: Overview: ========= The ldap notes were getting a wee bit long/tediuos so I decided to start a new file for the oreilly's book. The book's a bit dated (2009); but I remember getting a lot out of it for the GSU gig. Hopefully, this'll get me running again and I can figure the rest of the shit out at my leisure. Chapter 1: what is a directory ============================== General review of ldap, history, etc. Chapter 2: ldap overview ======================== Characters that require backslash escaping: * Space or # at the beginning of a line * Space occuring at the end of a line * comma, plus, double quote, backslash, angle brackets and semicolon Detailed description of OIDs and their keywords is in chapter 2 here. Just skimming over it as I don't expect to have to use this; however, if needed, I know where to find the description. Authentication types: * Anonymous * Simple: pwd sent in clear text * Simple over SSL/TLS: network traffic is encrypted. * Simple authentication and security layer (SASL): PAM style mechanism to negotiate authenticaton methods prior to transmission of user credentials. Possible auth methods: * kerberos * gssapi * s/key * external Chapter 3: openldap =================== ## taking a short break; found a good url for installing/configuring openldap for centos6.3 Got openldap configured and running w/ssl now confirmed via ``ldapsearch -ZZ`` and via the ldap browser that I have installed on vmhost. Will continue w/chapter 3 tomorrow; but, most of it should be overcome by events. Access levels: +---------+-----------------------------------+ | write | Access to update attribute values | +---------+-----------------------------------+ | read | Access to read search results | +---------+-----------------------------------+ | search | Access to apply search filters | +---------+-----------------------------------+ | compare | Access to compare attributes | +---------+-----------------------------------+ | auth | Access to bind/authenticate | +---------+-----------------------------------+ | none | No access | +---------+-----------------------------------+ Chapter 4: company white pages ============================== Mostly just playing around w/ldapadd, delete, and modify. Good review Chapter 5: replication, referrals, and searching ================================================ I'm going to skim most of this except the searching. The referrals and replication have almost assuredly changed over the past 5 years. I am certainly interested in reviewing the searching though. That seems to be something about which I've forgotten quite a bit. Terms: ====== * Directory Information Tree (DIT): The entire directory * Entry: an individual unit in the DIT. * Ldap Interchange Format (LDIF): format of the text files used for I/O