Butcher - Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Matt Butcher is the principal consultant for Aleph-Null, Inc., a systems integrator that specializes in Free and Open Source solutions. He is also a member of the Emerging Technologies Lab at Loyola University Chicago, where he is currently finishing a Ph.D. in philosophy. Matt has written two other books for Packt: Managing and Customizing OpenCms 6 Websites (ISBN: 978-1-904811-76-3), and Building Websites with OpenCms (ISBN: 1-904811-04-3). Matt has also contributed articles to Newsforge.com, TheServerSide.com, and LinuxDevices.com.

Anyone who actively works with Free and Open Source software knows that any good project is the result of the contributions of a wide variety of people. I hope it is evident in this book that I have taken this lesson to heart. I would like to thank Bob Krumland for introducing me to LDAP in 1997. I owe a great debt of gratitude to Quanah Gibson-Mount and Aaron Richton, who both generously lent their technical expertise to make this a better book. I would like to thank Jon Hodge for his time and assistance. Also, Id like to thank Mark Patterson, Paul Beam, George Peavy, Ed Mattson, and Kevin Reilly. And thanks to the members of the Emerging Technology Lab at Loyola University, especially George Thiruvathukal for his comments. The members of the OpenLDAP mailing list have been tremendously helpful, especially Kurt Zeilenga, Howard Chu, Pierangelo Masarati, and Aaron Richton. And, of course, thanks to Claire, Anna, and Angie for their continual support, encouragement, and crayon-colored pictures.

Aaron Richton is a Systems Administrator for the Rutgers University campus in New Brunswick/Piscataway, NJ. He has used OpenLDAP since the 2.1 series. The OpenLDAP servers he administers are responsible for the authentication of over 60,000 accounts. Richton holds degrees in Electrical and Computer Engineering and Computer Science from the Rutgers University School of Engineering.

George K. Thiruvathukal Ph.D. is an associate professor of computer science at Loyola University Chicago, where he directs the departmental computing and infrastructure. He has held positions in industry (at Fortune 500 companies such as R.R. Donnelley and Sons and Tellabs, both in the Chicago area) and in academia, including the Illinois Institute of Technology and Argonne National Laboratory. He has co-authored two books on advanced software development for Prentice Hall PTR and Sun Microsystems press, including High-Performance Java Platform Computing: Threads and Networking (see http://hpjpc.googlecode.com) and Web Programming in Python (see http://slither.googlecode.com). His research interests include parallel/distributed systems, programming languages/paradigms/patterns, and experimental computing. His teaching interests include most of the modern computer science curriculum and computing history. For more information, see http://www.cs.luc.edu/gkt.

Quanah Gibson-Mount graduated from the University of Alaska, Fairbanks with a B.S. in Computer Science. Quanah has been working with OpenLDAP since the early stages of the OpenLDAP 2.1 release. He is currently a Principal Software Engineer with Zimbra, Inc, where he focuses on OpenLDAP configuration and Release Engineering. He is also the release engineer for the OpenLDAP project, and in his spare (paid for) time teaches classes on LDAP and OpenLDAP for Symas Corp. Prior to his employment with Zimbra, Quanah worked at Stanford University, where one of his primary tasks was that of Directory Architect.

I'd like to thank my wife Karen for all of her support in these many endeavors.

The OpenLDAP directory server is a mature product that has been around (in one form or another) since 1995. All of the major Linux distributions include the OpenLDAP server, and many major applications, both Open Source and proprietary, are directory aware, and can make use of the services provided by OpenLDAP. And yet the OpenLDAP server seems to be shrouded in mystery, known and understood only by the gurus and hackers. This book is meant not only to demystify OpenLDAP, but to give the system administrator and software developer a solid understanding of how to make use, in the practical realm, of OpenLDAPs directory services.

OpenLDAP is an Open Source server that provides network clients with directory services. The directory server can be used to store organizational information in a centralized location, and make this information available to authorized applications. Client applications can connect to OpenLDAP using the Lightweight Directory Access Protocol (LDAP). They can then search the directory and (if they have appropriate access) modify and manipulate records in the directory. LDAP servers are most frequently used to provide network-based authentication services for users. But there are many other uses for an LDAP, including using the directory as an address book, a DNS database, an organizational tool, or even as a network object store for applications. We will look at some of these uses in this book.

The goal of this book is to prepare a system administrator or software developer for building a directory using OpenLDAP, and then employing this directory in the context of the network. To that end, this book will take a practical approach, emphasizing how to get things done. On occasion, we will delve into theoretical aspects of LDAP, but such discussions will only occur where understanding the theory helps us answer practical questions.