• OpenLDAP

Help for the OpenSource project OpenLdap.

• http://www.openldap.org/

See also: LdapClient, Solaris8Ldap, AuthenticationGateway, ApacheAndActiveDirectory

Terminology

Base

Represents the "root" of the directory. The search base of a query determines where in the directory a search commences.

dc=spack,dc=org 

Scope (base, one, sub)

Determines how the query descends through the tree. A base search does not descend below the base level; a search type of one descends one level; and a search type of sub freely descends the directory.

Distinguished Name (DN)

Is the unique identifier for an object, it is comprised of the base of the object and an attribute that makes it unique in the context of that base.

cn=Adam Shand, ou=people,dc=spack,dc=org 

Relative Distinguished Name (RDN)

Is the attribute of the DN which makes teh object unique in its context.

cn=Adam Shand 

Source: ftp://ftp.kalamazoolinux.org/pub/pdf/ldapv3.pdf

Documentation

LDAP Howto's

• http://tldp.org/HOWTO/LDAP-HOWTO/

• http://quark.humbug.org.au/publications/intro_ldap/index.htm

LDAP Authentication Howto's

• http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/

• http://quark.humbug.org.au/publications/system_auth/sage-au/system_auth.html

• http://www.mandrakesecure.net/en/docs/ldap-auth2.php

Migration to LDAP

• Problems with PADL migration scripts (http://www.openldap.org/lists/openldap-software/200302/msg00422.html)

• Alternative to PADL scripts (http://www.gurulabs.com/downloads.html)

Access Control Lists

• http://www.wlug.org.nz/AccessControlLists

A good basic link on how to setup OpenLdap

• http://www-1.ibm.com/servers/esdd/articles/sendmail/ldap.html

Samba PDC using an LDAP backend

• http://homex.subnet.at/~max/ldap/

• http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html

DebianLinux and LDAP Authentication

• http://www.wlug.org.nz/LDAPAuthentication

Really good thread on getting AutoMount to work with with Solaris, DebianLinux and RedhatLinux.

• http://www.openldap.org/lists/openldap-software/200309/msg00321.html

• http://www.openldap.org/lists/openldap-software/200310/msg00005.html

Configuring OpenSsl for OpenLdap

• http://www.openldap.org/lists/openldap-software/200102/msg00483.html

LDAP URLs

• ldap://<ldap_server>[:<port>]/[basedn]?[attribute]?[searchtype]?[(<filter>)]

• ldap://adserver.somewhere.co.nz:389/dc=somewhere,dc=co,dc=nz?sAMAccountName?sub?(sAMAccountName=someusername)

Utilities

PADL Migration Tools

Migrate passwd/shadow/group/etc files to LDAP

http://www.padl.com/OSS/MigrationTools.html

Perl LDAP Daemon

Pure PerlLanguage LDAP Daemon (local copy)

http://www.xray.mpe.mpg.de/mailing-lists/perl-ldap/2002-05/msg00050.html LDAP Utilities::Lots of Schema files (Outlook, Evolution etc), pointers for LDAP enabled DHCPd. LDAP to NIS program etc.

http://www.kalamazoolinux.org/projects/awilliam/ldap.html

LDAP Sync

This script tries to keep two ldap directory trees in sync by using the 'modifyTimestamp' flag on the source server to spot new or changed records. These records are then copied to the local machine and then either inserted (for new records) or updated (for existing records) on the target server. Each record on the target server is then checked to see if it exists on the source server; if it doesn't, then the record is deleted from the target server. You can't get a 'modifyTimestamp' attribute on a deleted record!

http://www.maui.co.uk/downloads/ldapsync/

TinyLDAP

Very small LDAP implementation

http://www.fefe.de/tinyldap/

Fljud

Flexible LDAP Jabber User Directory. A Jabber User Directory that uses an LDAP directory for user information. It's very useful if you've already got a Jabber server using LDAP for account authentication and vcards. Fljud has some interesting features.

http://binary-ape.sourceforge.net/

CategorySoftware