6898
Comment: rename LDAP/ldapscripts
|
6890
rename LDAP/phpldapadmin
|
Deletions are marked like this. | Additions are marked like this. |
Line 46: | Line 46: |
* [[PhpLdapAdmin|phpldapadmin]] - web based interface for administering LDAP servers | * [[LDAP/phpldapadmin]] - web based interface for administering LDAP servers |
This page explains what use of LDAP can be made on a Debian system.
LDAP (for Lightweight_Directory_Access_Protocol) is an open, vendor-neutral, industry standard application protocol for accessing distributed directory information services over an Internet Protocol (IP) network
LDAP is a protocol for querying a directory (database). However, the term is often used to refer to LDAP as if it were the database and protocol both.
An LDAP database stores information on objects in a hierarchical manner. Objects have attributes that contain the information that is stored about the object. Objects also have classes that define which attributes must and may be stored on the object. Objects in an LDAP database are distinguished by their Distinguished Name (DN) which indicates their place in the hierarchical tree.
You generally need an LDAP server somewhere that serves information and configured services/clients to use that information.
Contents
Server Setup
LDAP/OpenLDAPSetup - Instructions for installing and configuring the OpenLDAP server
Client setup
Different parts of a Debian system can be configured to use LDAP.
User authentication
There are basically two ways to configure PAM to use an LDAP server. Both solutions have their pros and cons:
LDAP/NSS - Get user names, groups and other information that is usually stored in /etc/passwd from an LDAP server, and authenticate using password hashes received from the server using NSS. This method is required if using getent shadow to return password hashes when run as root.
LDAP/PAM - Use a PAM module to check credentials against a LDAP server. The pure PAM solution allows limiting logins by how users are stored in the directory (e.g. only allow logins for users in a certain piece of the directory, require some attribute, etc). It can be used to change passwords remotely. It also requires less access rights to the LDAP directory and does not expose password hashes.
LDAP directory management
page cleanup/reorganization in progress below this point
LDAP/LDAPUtils - Instructions for querying and modifying the LDAP database
LDAP/ldapscripts - Scripts for managing LDAP posix accounts
luma - QT-based LDAP client
LDAP/phpldapadmin - web based interface for administering LDAP servers
cpu - a console based LDAP user management tool
ldapvi - perform an LDAP search and update results using a text editor
Populating the Server(s)
LDAP/MigrationTools - Migrate Authentication and Name Services (NSS) to LDAP
?LDAP/MigrationTools/Examples
- Formats for various LDAP entries:
Using LDAP
Debian-LAN implements most of the features listed below. Take a look there for examples.
DNS from LDAP
LDAP/PowerDNSSetup - How to set up a DNS Server that uses an LDAP Backend
AutoFS Setup
LDAP/AutoFSSetup - How to get automounter maps from LDAP
LDAP + Kerberos Setup
LDAP/Kerberos - How to use Kerberos for authentication and LDAP for authorization + account data
SAMBA Setup
?WindowsPginaClient
External links
There are a lot of resources available on running, using and configuring LDAP servers and services. Note that the list is not ordered and some parts are likely out of date.
WLUG WIKI LDAP Authentication page
http://www.wlug.org.nz/LDAPAuthenticationDebian GNU: Setting up OpenLDAP
http://techpubs.spinlocksolutions.com/dklar/ldap.htmlLDAP for the Lazy Sysadmin
http://wiki.ucc.asn.au/LDAP/LazySysadminUsing OpenLDAP on Debian Woody to serve Linux and Samba Users
http://homex.subnet.at/~max/ldap/Samba & LDAP on Debian made simple! (last updated August 2003)
http://mawi.org/sambaldap/Samba_and_LDAP_on_Debian.htmlMisc LDAP docs (last updated January 2003)
https://cmeerw.org/notes/ldap.htmlA Lazy Directory Administrator's Pal
http://www.paldap.org/LDAPv3-Howto (last updated January 2005)
http://www.bayour.com/LDAPv3-HOWTO.html
covers LDAP, Kerberos, TLS/SSL, everything with Debian-related pointersLDAP Schema Viewer
http://ldap.akbkhome.com/
Explanations about many possible LDAP entriesExploring LDAP
Part 1: http://www.linux-mag.com/2002-01/guru_01.html
Part 2: http://www.linux-mag.com/2002-02/guru_01.html
Part 3: http://www.linux-mag.com/2002-03/guru_01.html
Excellent Articles from a leading Linux/Unix-author.PADL Software Pty Ltd
https://www.padl.com
a company creating GPL'd PAM-LDAP/NSS-LDAP softwarenss-pam-ldapd: NSS and PAM modules for lookups using LDAP
https://arthurdejong.org/nss-pam-ldapd/LDAP Linux Howto
http://www.linuxselfhelp.com/HOWTO/LDAP-HOWTO.htmlOpenLDAP with Linux and Windows
https://www.linuxjournal.com/article.php?sid=5689Shell Script for addusers to ldap database
https://directory.fsf.org/wiki/DiradmActive Directory integration using LDAP Samba, kerberos, winbind, pam, nss
http://sadms.sourceforge.net/LDAP Schema Design
http://www.skills-1st.co.uk/papers/ldap-schema-design-feb-2005/ldap-schema-design-feb-2005.htmlActive-Active LDAP cluster
Part 2:https://ral-arturo.blogspot.com/2011/10/diario-de-despliegue-cluster-ha-ldap_29.html
Part 3:https://ral-arturo.blogspot.com/2011/11/diario-de-despliegue-cluster-ha-ldap.html
Part 4:https://ral-arturo.blogspot.com/2011/11/diario-de-despliegue-de-cluster-ldap.html
In spanish. Load balancing a specific LDAP cluster deployment over Debian Squeeze. Part 1 isn't technical.
CategorySoftware | CategoryNetwork | CategorySystemAdministration | CategoryObsolete | ToDo: group with other LDAP pages