Notes from oreilly’s ldap SA book¶
Overview:¶
The ldap notes were getting a wee bit long/tediuos so I decided to start a new file for the oreilly’s book.
The book’s a bit dated (2009); but I remember getting a lot out of it for the GSU gig. Hopefully, this’ll get me running again and I can figure the rest of the shit out at my leisure.
Chapter 1: what is a directory¶
General review of ldap, history, etc.
Chapter 2: ldap overview¶
Characters that require backslash escaping: * Space or # at the beginning of a line * Space occuring at the end of a line * comma, plus, double quote, backslash, angle brackets and semicolon
Detailed description of OIDs and their keywords is in chapter 2 here. Just skimming over it as I don’t expect to have to use this; however, if needed, I know where to find the description.
Authentication types: * Anonymous * Simple: pwd sent in clear text * Simple over SSL/TLS: network traffic is encrypted. * Simple authentication and security layer (SASL): PAM style mechanism
to negotiate authenticaton methods prior to transmission of user credentials. Possible auth methods:
kerberos
gssapi
s/key
external
Chapter 3: openldap¶
## taking a short break; found a good url for installing/configuring openldap for centos6.3
Got openldap configured and running w/ssl now confirmed via ldapsearch -ZZ
and via the ldap browser that I have installed on vmhost. Will continue
w/chapter 3 tomorrow; but, most of it should be overcome by events.
Access levels:
write |
Access to update attribute values |
read |
Access to read search results |
search |
Access to apply search filters |
compare |
Access to compare attributes |
auth |
Access to bind/authenticate |
none |
No access |
Chapter 4: company white pages¶
Mostly just playing around w/ldapadd, delete, and modify. Good review
Chapter 5: replication, referrals, and searching¶
I’m going to skim most of this except the searching. The referrals and replication have almost assuredly changed over the past 5 years. I am certainly interested in reviewing the searching though. That seems to be something about which I’ve forgotten quite a bit.
Terms:¶
Directory Information Tree (DIT): The entire directory
Entry: an individual unit in the DIT.
Ldap Interchange Format (LDIF): format of the text files used for I/O