Notes from oreilly’s ldap SA book

Overview:

The ldap notes were getting a wee bit long/tediuos so I decided to start a new file for the oreilly’s book.

The book’s a bit dated (2009); but I remember getting a lot out of it for the GSU gig. Hopefully, this’ll get me running again and I can figure the rest of the shit out at my leisure.

Chapter 1: what is a directory

General review of ldap, history, etc.

Chapter 2: ldap overview

Characters that require backslash escaping: * Space or # at the beginning of a line * Space occuring at the end of a line * comma, plus, double quote, backslash, angle brackets and semicolon

Detailed description of OIDs and their keywords is in chapter 2 here. Just skimming over it as I don’t expect to have to use this; however, if needed, I know where to find the description.

Authentication types: * Anonymous * Simple: pwd sent in clear text * Simple over SSL/TLS: network traffic is encrypted. * Simple authentication and security layer (SASL): PAM style mechanism

to negotiate authenticaton methods prior to transmission of user credentials. Possible auth methods:

  • kerberos

  • gssapi

  • s/key

  • external

Chapter 3: openldap

## taking a short break; found a good url for installing/configuring openldap for centos6.3

Got openldap configured and running w/ssl now confirmed via ldapsearch -ZZ and via the ldap browser that I have installed on vmhost. Will continue w/chapter 3 tomorrow; but, most of it should be overcome by events.

Access levels:

write

Access to update attribute values

read

Access to read search results

search

Access to apply search filters

compare

Access to compare attributes

auth

Access to bind/authenticate

none

No access

Chapter 4: company white pages

Mostly just playing around w/ldapadd, delete, and modify. Good review

Chapter 5: replication, referrals, and searching

I’m going to skim most of this except the searching. The referrals and replication have almost assuredly changed over the past 5 years. I am certainly interested in reviewing the searching though. That seems to be something about which I’ve forgotten quite a bit.

Terms:

  • Directory Information Tree (DIT): The entire directory

  • Entry: an individual unit in the DIT.

  • Ldap Interchange Format (LDIF): format of the text files used for I/O