642 lines
8.0 KiB
HTML
642 lines
8.0 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>LDAP Implementation HOWTO</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.63
|
|
"><LINK
|
|
REL="NEXT"
|
|
TITLE="Overview"
|
|
HREF="overview.html"></HEAD
|
|
><BODY
|
|
CLASS="ARTICLE"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="ARTICLE"
|
|
><DIV
|
|
CLASS="TITLEPAGE"
|
|
><H1
|
|
CLASS="TITLE"
|
|
><A
|
|
NAME="AEN2"
|
|
>LDAP Implementation HOWTO</A
|
|
></H1
|
|
><H3
|
|
CLASS="AUTHOR"
|
|
><A
|
|
NAME="AEN5"
|
|
>Roel van Meer</A
|
|
></H3
|
|
><DIV
|
|
CLASS="AFFILIATION"
|
|
><SPAN
|
|
CLASS="ORGNAME"
|
|
><A
|
|
HREF="http://www.linvision.com"
|
|
TARGET="_top"
|
|
>Linvision BV</A
|
|
><BR></SPAN
|
|
><DIV
|
|
CLASS="ADDRESS"
|
|
><P
|
|
CLASS="ADDRESS"
|
|
>r.vanmeer@linvision.com</P
|
|
></DIV
|
|
></DIV
|
|
><H3
|
|
CLASS="AUTHOR"
|
|
><A
|
|
NAME="AEN14"
|
|
>Giuseppe Lo Biondo</A
|
|
></H3
|
|
><DIV
|
|
CLASS="AFFILIATION"
|
|
><SPAN
|
|
CLASS="ORGNAME"
|
|
><A
|
|
HREF="http://www.mi.infn.it"
|
|
TARGET="_top"
|
|
>INFN MI</A
|
|
><BR></SPAN
|
|
><DIV
|
|
CLASS="ADDRESS"
|
|
><P
|
|
CLASS="ADDRESS"
|
|
>giuseppe.lobiondo@mi.infn.it</P
|
|
></DIV
|
|
></DIV
|
|
><P
|
|
CLASS="PUBDATE"
|
|
>v0.5, 2001-03-30<BR></P
|
|
>
|
|
<HR>
|
|
<P>
|
|
<B>Archived Document Notice:</B> This document has been archived by the LDP.
|
|
</P>
|
|
<DIV
|
|
CLASS="REVHISTORY"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
COLSPAN="3"
|
|
><B
|
|
>Revision History</B
|
|
></TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 0.5</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>2001-03-30</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: rvm</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>Cleanup, fixes, overview rewritten.</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 0.4</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>2001-02-01</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: rvm</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>Added dns section.</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 0.3</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>2001-01-18</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: rvm</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>Added MTA sections.</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revision 0.2</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>2000-11-12</TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
>Revised by: glb</TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
COLSPAN="3"
|
|
>Improved section on nss. Added sections about certificates and wrappers.</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><DIV
|
|
><DIV
|
|
CLASS="ABSTRACT"
|
|
><A
|
|
NAME="AEN23"
|
|
></A
|
|
><P
|
|
></P
|
|
><P
|
|
>This document describes the technical aspects of storing application data in an ldap server. It focuses on the configuration of various applications to make them ldap-aware. Some applications that assist in handling ldap data are also discussed.</P
|
|
><P
|
|
></P
|
|
></DIV
|
|
></DIV
|
|
><HR></DIV
|
|
><DIV
|
|
CLASS="TOC"
|
|
><DL
|
|
><DT
|
|
><B
|
|
>Table of Contents</B
|
|
></DT
|
|
><DT
|
|
>1. <A
|
|
HREF="overview.html"
|
|
>Overview</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>1.1. <A
|
|
HREF="overview.html#AEN48"
|
|
>Why this howto?</A
|
|
></DT
|
|
><DT
|
|
>1.2. <A
|
|
HREF="overview.html#AEN54"
|
|
>What is it about?</A
|
|
></DT
|
|
><DT
|
|
>1.3. <A
|
|
HREF="overview.html#AEN65"
|
|
>What is it NOT about?</A
|
|
></DT
|
|
><DT
|
|
>1.4. <A
|
|
HREF="overview.html#AEN70"
|
|
>Acknowledgements</A
|
|
></DT
|
|
><DT
|
|
>1.5. <A
|
|
HREF="overview.html#AEN75"
|
|
>Disclaimer</A
|
|
></DT
|
|
><DT
|
|
>1.6. <A
|
|
HREF="overview.html#AEN79"
|
|
>Copyright and license</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>2. <A
|
|
HREF="pamnss.html"
|
|
>LDAP authentication using pam_ldap and
|
|
nss_ldap</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>2.1. <A
|
|
HREF="pamnss.html#AEN107"
|
|
>The components of the framework</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>2.1.1. <A
|
|
HREF="pamnss.html#AEN110"
|
|
>Authentication: PAM and pam_ldap.so</A
|
|
></DT
|
|
><DT
|
|
>2.1.2. <A
|
|
HREF="pamnss.html#AEN116"
|
|
>The Name Service Switch and nss_ldap.so</A
|
|
></DT
|
|
><DT
|
|
>2.1.3. <A
|
|
HREF="pamnss.html#AEN155"
|
|
>The Lightweight Directory Access Protocol</A
|
|
></DT
|
|
><DT
|
|
>2.1.4. <A
|
|
HREF="pamnss.html#AEN164"
|
|
>The Name Service Caching Daemon</A
|
|
></DT
|
|
><DT
|
|
>2.1.5. <A
|
|
HREF="pamnss.html#AEN169"
|
|
>The Secure Socket Layer</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>2.2. <A
|
|
HREF="pamnss.html#AEN175"
|
|
>Building the authentication system</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>2.2.1. <A
|
|
HREF="pamnss.html#AEN197"
|
|
>Server side</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>2.2.1.1. <A
|
|
HREF="pamnss.html#AEN203"
|
|
>Installing and configuring OpenLDAP</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>2.2.2. <A
|
|
HREF="pamnss.html#AEN226"
|
|
>Client side</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>2.2.2.1. <A
|
|
HREF="pamnss.html#AEN240"
|
|
>PAM LDAP Installation and Configuration</A
|
|
></DT
|
|
><DT
|
|
>2.2.2.2. <A
|
|
HREF="pamnss.html#AEN264"
|
|
>NSS LDAP installation and configuration</A
|
|
></DT
|
|
><DT
|
|
>2.2.2.3. <A
|
|
HREF="pamnss.html#AEN285"
|
|
>NSCD configuration</A
|
|
></DT
|
|
><DT
|
|
>2.2.2.4. <A
|
|
HREF="pamnss.html#AEN303"
|
|
>LDAP client configuration file</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>2.3. <A
|
|
HREF="pamnss.html#AEN318"
|
|
>Starting up</A
|
|
></DT
|
|
><DT
|
|
>2.4. <A
|
|
HREF="pamnss.html#AEN333"
|
|
>Accounts maintenance</A
|
|
></DT
|
|
><DT
|
|
>2.5. <A
|
|
HREF="pamnss.html#AEN338"
|
|
>Known limits</A
|
|
></DT
|
|
><DT
|
|
>2.6. <A
|
|
HREF="pamnss.html#AEN341"
|
|
>File permissions</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>3. <A
|
|
HREF="radius.html"
|
|
>Radius authentication using LDAP</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>3.1. <A
|
|
HREF="radius.html#AEN352"
|
|
>FreeRadius Radiusd configuration</A
|
|
></DT
|
|
><DT
|
|
>3.2. <A
|
|
HREF="radius.html#AEN373"
|
|
>Testing Radius Authentication</A
|
|
></DT
|
|
><DT
|
|
>3.3. <A
|
|
HREF="radius.html#AEN386"
|
|
>Sample CISCO IOS Configuration</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>4. <A
|
|
HREF="samba.html"
|
|
>Samba</A
|
|
></DT
|
|
><DT
|
|
>5. <A
|
|
HREF="dns.html"
|
|
>DNS</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>5.1. <A
|
|
HREF="dns.html#AEN405"
|
|
>Using nss</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>5.1.1. <A
|
|
HREF="dns.html#AEN412"
|
|
>Configuration</A
|
|
></DT
|
|
><DT
|
|
>5.1.2. <A
|
|
HREF="dns.html#AEN427"
|
|
>Schema</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>5.2. <A
|
|
HREF="dns.html#AEN437"
|
|
>Using bind</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>5.2.1. <A
|
|
HREF="dns.html#AEN440"
|
|
>Bind patch</A
|
|
></DT
|
|
><DT
|
|
>5.2.2. <A
|
|
HREF="dns.html#AEN444"
|
|
>ldap2dns</A
|
|
></DT
|
|
><DT
|
|
>5.2.3. <A
|
|
HREF="dns.html#AEN452"
|
|
>ispman</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>6. <A
|
|
HREF="sendmail.html"
|
|
>Mail Transfer Agents</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>6.1. <A
|
|
HREF="sendmail.html#AEN460"
|
|
>Sendmail</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>6.1.1. <A
|
|
HREF="sendmail.html#AEN462"
|
|
>Ldap support in sendmail</A
|
|
></DT
|
|
><DT
|
|
>6.1.2. <A
|
|
HREF="sendmail.html#AEN479"
|
|
>System layout.</A
|
|
></DT
|
|
><DT
|
|
>6.1.3. <A
|
|
HREF="sendmail.html#AEN495"
|
|
>Sendmail configuration file</A
|
|
></DT
|
|
><DT
|
|
>6.1.4. <A
|
|
HREF="sendmail.html#AEN525"
|
|
>Schema</A
|
|
></DT
|
|
><DT
|
|
>6.1.5. <A
|
|
HREF="sendmail.html#AEN622"
|
|
>More information.</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>6.2. <A
|
|
HREF="sendmail.html#AEN637"
|
|
>Postfix</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>6.2.1. <A
|
|
HREF="sendmail.html#AEN639"
|
|
>Support</A
|
|
></DT
|
|
><DT
|
|
>6.2.2. <A
|
|
HREF="sendmail.html#POSTCONF"
|
|
>Configuration</A
|
|
></DT
|
|
><DT
|
|
>6.2.3. <A
|
|
HREF="sendmail.html#AEN747"
|
|
>Example setup</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>6.3. <A
|
|
HREF="sendmail.html#AEN756"
|
|
>Qmail</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>7. <A
|
|
HREF="address.html"
|
|
>Address books</A
|
|
></DT
|
|
><DT
|
|
>8. <A
|
|
HREF="roaming.html"
|
|
>Netscape roaming access</A
|
|
></DT
|
|
><DT
|
|
>9. <A
|
|
HREF="certificates.html"
|
|
>Publishing digital certificates with LDAP</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>9.1. <A
|
|
HREF="certificates.html#AEN809"
|
|
>LDAP Server configuration</A
|
|
></DT
|
|
><DT
|
|
>9.2. <A
|
|
HREF="certificates.html#AEN827"
|
|
>Certificate Publishing</A
|
|
></DT
|
|
><DT
|
|
>9.3. <A
|
|
HREF="certificates.html#AEN848"
|
|
>LDAP Aware Clients</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>10. <A
|
|
HREF="ssl.html"
|
|
>SSL/TLS and SSL/TLS wrappers for LDAP</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>10.1. <A
|
|
HREF="ssl.html#AEN856"
|
|
>A Brief description of SSL</A
|
|
></DT
|
|
><DT
|
|
>10.2. <A
|
|
HREF="ssl.html#AEN870"
|
|
>SSL/TLS availability for OpenLDAP</A
|
|
></DT
|
|
><DT
|
|
>10.3. <A
|
|
HREF="ssl.html#AEN877"
|
|
>How to use stunnel to provide SSL/TLS to an LDAP V2
|
|
server</A
|
|
></DT
|
|
><DT
|
|
>10.4. <A
|
|
HREF="ssl.html#AEN913"
|
|
>How to use stunnel to provide SSL to LDAP clients</A
|
|
></DT
|
|
><DT
|
|
>10.5. <A
|
|
HREF="ssl.html#AEN921"
|
|
>How to use stunnel to provide SSL for slurpd replication</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
><DT
|
|
>11. <A
|
|
HREF="schemas.html"
|
|
>Ldap schema's</A
|
|
></DT
|
|
><DT
|
|
>12. <A
|
|
HREF="files.html"
|
|
>Example files</A
|
|
></DT
|
|
><DD
|
|
><DL
|
|
><DT
|
|
>12.1. <A
|
|
HREF="files.html#FILE-SCHEMA"
|
|
>The schema file</A
|
|
></DT
|
|
><DT
|
|
>12.2. <A
|
|
HREF="files.html#AEN1300"
|
|
>Example base ldif</A
|
|
></DT
|
|
></DL
|
|
></DD
|
|
></DL
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="overview.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Overview</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
>
|