| Red Hat Linux 9: Red Hat Linux Reference Guide | ||
|---|---|---|
| Prev | Chapter 13. Lightweight Directory Access Protocol (LDAP) | Next |
13.3. OpenLDAP Daemons and Utilities
The suite of OpenLDAP libraries and tools is spread out over the following packages:
openldap — Contains the libraries necessary to run the OpenLDAP server and client applications.
openldap-clients — Contains command line tools for viewing and modifying directories on an LDAP server.
openldap-servers — Contains the servers and other utilities necessary to configure and run an LDAP server.
There are two servers contained in the openldap-servers package: the Standalone LDAP Daemon (/usr/sbin/slapd) and the Standalone LDAP Update Replication Daemon (/usr/sbin/slurpd).
The slapd daemon is the standalone LDAP server while the slurpd daemon is used to synchronize changes from one LDAP server to other LDAP servers on the network. The slurpd daemon is only used when dealing with multiple LDAP servers.
To perform administrative tasks, the openldap-servers package installs the following utilities into the /usr/sbin/ directory:
slapadd — Adds entries from an LDIF file to an LDAP directory. For example, the command /usr/sbin/slapadd -l ldif-input will read in the LDIF file, ldif-input, containing the new entries.
slapcat— Pulls entries out of an LDAP directory in the default format — Berkeley DB — and saves them in an LDIF file. For example, the command /usr/sbin/slapcat -l ldif-output will output an LDIF file called ldif-output containing the entries from the LDAP directory.
slapindex — Re-indexes the slapd directory based on the current content.
slappasswd — Generates an encrypted user password value for use with ldapmodify or the rootpw value in the slapd configuration file, /etc/openldap/slapd.conf. Execute the /usr/sbin/slappasswd command to create the password.
 | Warning |
|---|---|
Be sure to stop slapd by issuing /usr/sbin/service slapd stop before using slapadd, slapcat or slapindex. Otherwise, the integrity of the LDAP directory is at risk. |
For more information about how to use these utilities, see their respective man pages.
The openldap-clients package installs tools into /usr/bin/ which are used to add, modify, and delete entries in an LDAP directory. These tools include the following:
ldapmodify — Modifies entries in an LDAP directory, accepting input via a file or standard input.
ldapadd — Adds entries to your directory by accepting input via a file or standard input; ldapadd is actually a hard link to ldapmodify -a.
ldapsearch — Searches for entries in the LDAP directory using a shell prompt.
ldapdelete — Deletes entries from an LDAP directory by accepting input via user input at the terminal or via a file.
With the exception of ldapsearch of such a file is outlined in each application's man page.
13.3.1. NSS, PAM, and LDAP
In addition to the OpenLDAP packages, Red Hat Linux includes a package called nss_ldap which enhances LDAP's ability to integrate into both Linux and other UNIX environments.
The nss_ldap package provides the following modules:
/lib/libnss_ldap-<glibc-version>.so
/lib/security/pam_ldap.so
The libnss_ldap-<glibc-version>.so module allows applications to look up users, groups, hosts, and other information using an LDAP directory via glibc's Nameservice Switch (NSS) interface. NSS allows applications to authenticate using LDAP in conjunction with the Network Information Service (NIS) name service and flat authentication files.
The pam_ldap By deploying an LDAP server on your network, all of these applications can authenticate using the same user ID and password combination, greatly simplifying administration.
13.3.2. PHP4, the Apache HTTP Server, and LDAP
Red Hat Linux includes a package containing an LDAP module for the PHP server-side scripting language.
The php-ldap package adds LDAP support to the PHP4 HTML-embedded scripting language via the /usr/lib/php4/ldap.so module. This module allows PHP4 scripts to access information stored in an LDAP directory.
 | Important |
|---|---|
Red Hat Linux no longer ships with the auth_ldaphttp://www.apache.org/ for details on the status of this module. |
13.3.3. LDAP Client Applications
LDAP Browser/Editor — A Java-based tool available online at http://www.iit.edu/~gawojar/ldap.
Sendmail, Balsa, Pine, Evolution, and Gnome Meeting.
| Главная |