This is a HTML export of part of the book. It's
not very pretty, but it will have to do for the moment.
I've
desided to ignore the big parts marked as red for the moment, and
maybe do them later.
The book is now availible for purchase, and if you want a one-click-buy, just click the button :)
Paypal donation url
The main focus of this book is about starting from scratch, on a bare Linux installation. But I try to explain every step from (primarily) the admin's point of view - WHY I choose to do something, and what all this stuff means.
Also, what is all this softwares that are glued together - is taken care of (maybe not in extream depth, but sufficient to get started).
If you already have a working LDAP tree, and have problems you migt be able to read between the lines to get a fully working system. That's at least what I hoped to achieve – if I succeeded is something you will have to decide for yourself – I'd appreciate comments and feedback on this (preferably on the bugtracker. This is not a 'complete guide and everything you ever wanted to know', but more of a 'this is how you get started, and this is what it is' kind'a book...
A couple of months ago I 'found' (actually they found me :) an employer that will basically pay me to develop phpQLAdmin which is another one of my projects (phpQLAdmin will be the core of a system that I'm building/designing so it's not ENTIRELY about phpQLAdmin but anyway), so somewhere along the line, the Implementing LDAPv3 book will benefit in one way or the other. The reason why v2 of the book is so late (couting almost two years or so now :) is that I wanted to add Samba, phpQLAdmin, RADIUS and some other small bits and pieces support to it - other than that I've only have written about the newer OpenLDAP versions, which isn't enough for me to do a v2 release (I've already written chapters about OpenLDAP v2.3, v2.4 and some for version 2.5 - but they are so similar so a separate version of Implementing_LDAPv3 just for that semed pointless) ...
But if everything goes well, I hope to get v2 released in late winter/early spring... And everyone that's payed for v1, will get v2 free - that is the deal...
Implementing LDAPv3
A cook book about getting LDAP and Kerberos to work together and provide a 'Active Directory' (tm) functionality for UNIX, using GPL software's
|
Green |
These are almost 100% done. One or two sentences might be lacking, and I need some professional (and English) proof reading. |
|
Yellow |
These are about half way done. They may lack some examples, and some parts of the text. |
|
Red |
These haven't even been started, but the intention is to finish them 'really soon now' :) |
The page references here is when printing on a A5 page (15x21cm, roughly half of 'Letter' page).
|
Chapter 1. |
19 |
|
|
Chapter 2. |
29 |
|
|
Chapter 3. |
63 |
|
|
Chapter 4. |
93 |
|
|
Chapter 5. |
131 |
|
|
Chapter 6. |
149 |
|
|
Chapter 7. |
155 |
|
|
Chapter 8. |
163 |
|
|
Chapter 9. |
171 |
|
|
Chapter 10. |
177 |
|
|
Chapter 11. |
191 |
|
|
Chapter 12. |
205 |
|
1.1 |
Foreword |
20 |
|
1.1.a. |
About the Author |
20 |
|
1.1.b. |
Damage control |
20 |
|
1.1.c. |
Active Directory replacement |
20 |
|
1.1.d. |
Complex structure |
21 |
|
1.1.e. |
Additional reading |
21 |
|
1.2 |
Pre-required software |
21 |
|
1.3 |
Building software |
22 |
|
1.3.a. |
Running configure |
22 |
|
1.3.b. |
Running make |
23 |
|
1.3.c. |
Using and applying patches |
23 |
|
1.4 |
Text notation used |
25 |
|
1.5 |
Software updates |
25 |
|
1.6 |
Disclaimer |
25 |
|
1.7 |
Acknowledgments |
26 |
|
2.1. |
What is it? |
30 |
|
2.1.a. |
Cryptography |
30 |
|
|
Public key cryptography |
30 |
|
|
Private key cryptography |
30 |
|
|
Certificate Authorities |
31 |
|
|
Cryptography layers |
31 |
|
|
SASL, SSL and TLS |
31 |
|
|
SASL |
31 |
|
|
SSL |
31 |
|
|
TLS |
31 |
|
2.1.b. |
LDAP |
32 |
|
|
Tree based and object oriented |
32 |
|
|
Flat files versus tree based |
32 |
|
|
Relational versus Object oriented databases |
32 |
|
|
Database keys |
33 |
|
|
Relationships and Joins |
34 |
|
|
Problem with RDBMS databases |
34 |
|
|
Authentication and authorization |
36 |
|
|
Authentication |
36 |
|
|
Authorization |
36 |
|
2.1.c. |
Kerberos |
37 |
|
|
Kerberos realms |
37 |
|
|
Key exchange |
37 |
|
2.2. |
Comparison between NIS/NIS+ and LDAP |
38 |
|
2.2.a. |
In the beginning |
38 |
|
2.2.b. |
Traditional network information distribution |
38 |
|
2.2.c. |
Historically LDAP comes from X.500 |
38 |
|
2.2.d. |
LDAP replaces NIS/NIS+ |
39 |
|
2.2.e. |
LDAP addresses NIS/NIS+ shortcomings |
39 |
|
2.2.f. |
Access restrictions |
39 |
|
2.3. |
How LDAP works |
40 |
|
2.3.a. |
Root DN |
40 |
|
2.3.b. |
Bind DN |
40 |
|
2.3.c. |
Distinguished Name |
40 |
|
2.3.d. |
Organization unit |
40 |
|
2.3.e. |
Object classes |
41 |
|
2.3.f. |
Attributes |
41 |
|
2.3.g. |
Database layouts |
41 |
|
|
Domain or location based database |
41 |
|
|
Domain based database |
42 |
|
|
Location based database |
42 |
|
|
Choosing the correct layout |
43 |
|
|
Using CN or UID as object name |
44 |
|
2.3.h. |
Referrals |
44 |
|
2.3.i. |
Use of partitions |
44 |
|
2.3.j. |
Differences between LDAPv2 and LDAPv3 |
45 |
|
2.4. |
Why LDAPv3 |
45 |
|
2.4.a. |
Reasons for LDAP |
45 |
|
|
Papadoc, before conversion |
46 |
|
2.4.b. |
SSL/TLS |
47 |
|
|
Authentication flow - Using PAM-LDAP |
47 |
|
2.4.c. |
SASL |
48 |
|
|
Authentication flow - Full LDAPv3 system |
48 |
|
|
Authentication flow - using NSS-LDAP and Kerberos V |
49 |
|
2.4.d. |
Kerberos |
49 |
|
|
Kerberos replacement software |
49 |
|
|
PAM with TLS/SSL or Kerberos |
50 |
|
2.4.e. |
Andrew File System |
50 |
|
2.5. |
Database structure - Planning your database |
50 |
|
2.5.a. |
The Object class 'person' |
50 |
|
2.5.b. |
Attribute definitions for object class 'person' |
51 |
|
2.5.c. |
Specialized schemas |
52 |
|
2.5.d. |
Object Identifier number |
52 |
|
2.5.e. |
LDIF format |
53 |
|
2.5.f. |
Mail information |
54 |
|
2.5.g. |
Password attribute |
55 |
|
2.5.h. |
Combining object classes |
55 |
|
2.6. |
Performance and replication |
55 |
|
2.6.a. |
Load balancing |
56 |
|
2.6.b. |
Replication |
57 |
|
2.7. |
Administration software and recommendations |
57 |
|
2.8. |
Commercial LDAP servers |
58 |
|
2.8.a. |
Novell eDirectory |
58 |
|
2.8.b. |
Netscape Directory Server |
58 |
|
2.8.c. |
Lotus Domino |
58 |
|
2.8.d. |
Sun ONE |
58 |
|
3.1. |
OpenSSL |
64 |
|
3.1.a. |
Building OpenSSL |
64 |
|
|
Configure options - OpenSSL |
64 |
|
|
Build the software - OpenSSL |
64 |
|
3.1.b. |
Installing OpenSSL |
64 |
|
3.1.c. |
Setting up OpenSSL |
64 |
|
|
Create Certificate Authority certificate and key |
65 |
|
|
Certificate aliases - theory |
65 |
|
|
Certificate aliases - configuration |
65 |
|
|
CA certifcate - creation |
66 |
|
|
CA certifcate - conclusion |
67 |
|
|
Create SSL certificate |
67 |
|
|
Sign certificate with the CA key |
68 |
|
|
Viewing and controlling the SSL certificate |
69 |
|
3.2. |
SleepyCAT Berkeley DB |
69 |
|
3.2.a. |
Building and installing Berkeley DB |
69 |
|
3.3. |
Kerberos |
70 |
|
3.3.a. |
Preparing the DNS for Kerberos V |
70 |
|
3.3.b. |
Firewalls and Kerberos V |
71 |
|
|
Servers behind firewall |
71 |
|
|
Clients behind firewall |
72 |
|
3.3.c. |
MIT Kerberos V |
72 |
|
|
Building MIT Kerberos V |
72 |
|
|
Bugs in MIT Kerberos V, v1.2.1 |
72 |
|
|
Configure options – MIT Kerberos V |
72 |
|
|
Build the software – MIT Kerberos |
73 |
|
|
Installing MIT Kerberos V |
73 |
|
|
Setting up MIT Kerberos V |
73 |
|
|
MIT Kerberos config file |
73 |
|
|
Create MIT Kerberos V database |
74 |
|
|
Setting up Kerberos V access rights |
74 |
|
|
Testing MIT Kerberos V |
75 |
|
3.3.d. |
KTH Heimdal |
75 |
|
|
Building KTH Heimdal |
75 |
|
|
Configure options – KTH Heimdal |
75 |
|
|
Build the software – KTH Heimdal |
75 |
|
|
Installing KTH Heimdal |
75 |
|
|
Setting up KTH Heimdal |
75 |
|
|
Testing KTH Heimdal |
75 |
|
3.4. |
Cyrus SASL |
75 |
|
3.4.a. |
Bugs in Cyrus SASL, v1.5.24 |
76 |
|
3.4.b. |
Building Cyrus SASL |
77 |
|
|
Configure options – Cyrus SASL |
77 |
|
|
Build the software – Cyrus SASL |
77 |
|
3.4.c. |
Installing Cyrus SASL |
77 |
|
3.4.d. |
Testing Cyrus SASL |
77 |
|
3.4.e. |
Doing LDAPv3 without using Kerberos V |
79 |
|
|
Creating the database |
79 |
|
|
Configure OpenLDAP to go via Cyrus SASL |
79 |
|
3.5. |
OpenLDAP 2.0 |
79 |
|
3.5.a. |
Bugs in OpenLDAP 2.0 |
79 |
|
|
v2.0.7 |
79 |
|
3.5.b. |
Building OpenLDAP 2.0 |
79 |
|
|
Configuration – OpenLDAP 2.0 |
79 |
|
|
Build – OpenLDAP 2.0 |
80 |
|
3.5.c. |
Installing OpenLDAP 2.0 |
81 |
|
3.5.d. |
Setting up OpenLDAP 2.0 |
81 |
|
|
Configure OpenLDAP to use the new SSL certificate |
81 |
|
|
Changes to the OpenLDAP 2.0 config file |
81 |
|
|
Changes to the OpenLDAP startup script |
81 |
|
|
The OpenLDAP 2.0 config file |
81 |
|
|
The OpenLDAP 2.0 access file |
82 |
|
|
LDAP client software configuration file |
84 |
|
|
Creating a LDAP service key |
84 |
|
|
Populate the database to allow simple bind as user |
84 |
|
|
Modify the LDAP database to allow simple bind as user |
85 |
|
|
Decode a BASE64 string |
86 |
|
3.5.e. |
Testing OpenLDAP 2.0 |
86 |
|
|
Simple/anonymous bind |
86 |
|
|
Verify SSL connection |
86 |
|
|
Simple/anonymous bind, with SSL/TLS |
87 |
|
|
Using your Kerberos ticket |
87 |
|
|
Combining the Kerberos ticket and SSL/TLS |
88 |
|
|
Simple user bind, with SSL/TLS |
88 |
|
|
Test for bugs in OpenLDAP, Cyrus SASL and MIT Kerberos |
89 |
|
3.5.f. |
Setting up secure replication |
89 |
|
|
Replication configuration, slave server |
89 |
|
|
Replication configuration, master server |
89 |
|
|
Creating a replication principal |
90 |
|
|
Automatically getting a ticket before starting slurpd |
90 |
|
|
Keeping replication ticket updated |
91 |
|
|
Give the replicator access to the database |
92 |
|
4.1. |
LibPAM/LDAP |
94 |
|
4.1.a. |
Software requirements |
94 |
|
4.1.b. |
Building LibPAM/LDAP |
94 |
|
|
Configure options – LibPAM/LDAP |
94 |
|
|
Build the software – LibPAM/LDAP |
94 |
|
4.1.c. |
Installing LibPAM/LDAP |
94 |
|
4.1.d. |
Setting up LibPAM/LDAP |
94 |
|
4.2. |
LibNSS/LDAP |
95 |
|
4.2.a. |
Setting up LibNSS/LDAP |
95 |
|
4.3. |
LibPAM/Krb5 |
96 |
|
4.3.a. |
Setting up LibPAM/Krb5 module |
96 |
|
4.4. |
CVS - Concurrent Version System |
97 |
|
4.4.a. |
Building CVS |
97 |
|
|
Configure options – CVS |
97 |
|
|
With Krb4 option |
97 |
|
|
Build the software – CVS |
97 |
|
4.4.b. |
Installing CVS |
98 |
|
4.4.c. |
Setting up the CVS server |
98 |
|
|
Create a CVS service key |
99 |
|
4.4.d. |
Testing CVS |
99 |
|
|
Getting the Kerberos ticket |
99 |
|
|
Import a test file into a test repository |
99 |
|
4.5. |
PostgreSQL |
99 |
|
4.5.a. |
Building PostgreSQL |
99 |
|
|
Configure options – PostgreSQL |
99 |
|
|
Build the software – PostgreSQL |
100 |
|
4.5.b. |
Setting up PostgreSQL |
100 |
|
|
Creating a PostgreSQL service key |
100 |
|
|
Verifying location of keytab for PostgreSQL |
100 |
|
|
PostgreSQL and Kerberos V authentication |
101 |
|
4.5.c. |
Testing PostgreSQL |
102 |
|
|
Working Kerberos V authentication |
102 |
|
|
Failed Kerberos V authentication |
102 |
|
4.6. |
Cyrus IMAP/POP |
103 |
|
4.6.a. |
Building Cyrus IMAP and POP3 server |
103 |
|
|
Configure options – Cyrus IMAP/POP3 |
103 |
|
|
Build the software – Cyrus IMAP/POP3 |
103 |
|
4.6.b. |
Setting up Cyrus IMAP and POP3 server |
103 |
|
|
Creating a IMAP/POP3 service key |
103 |
|
4.7. |
SAMBA |
104 |
|
4.7.a. |
Building Samba |
104 |
|
4.7.b. |
Building Samba/TNG |
104 |
|
|
Configure options – Samba/TNG |
104 |
|
|
Build the software – Samba/TNG |
105 |
|
4.7.c. |
Installing Samba and Samba/TNG |
105 |
|
4.7.d. |
Samba and Samba/TNG cooperation |
105 |
|
4.8. |
OpenAFS |
105 |
|
4.8.a. |
Building OpenAFS |
106 |
|
|
Configure options - OpenAFS |
106 |
|
|
Build the software - OpenAFS |
106 |
|
|
Build the software - Kernel module |
107 |
|
4.8.b. |
Installing OpenAFS |
107 |
|
4.8.c. |
Setting up OpenAFS |
108 |
|
|
Creating a AFS service key |
108 |
|
|
Adding the AFS service key to the AFS KeyFile |
108 |
|
|
Mount the AFS volume |
108 |
|
|
Create OpenAFS database |
108 |
|
|
Setup the cell configuration files |
108 |
|
|
Setup AFS services |
109 |
|
|
Getting a Kerberos ticket and a AFS token |
110 |
|
|
Setting up root volumes |
110 |
|
4.9. |
OpenAFS Kerberos V support software |
110 |
|
4.9.a. |
OpenAFS/Krb5 |
110 |
|
|
Building OpenAFS/Krb5 |
110 |
|
|
Configure options – OpenAFS/Krb5 |
110 |
|
|
Build the software – OpenAFS/Krb5 |
111 |
|
|
Installing OpenAFS/Krb5 |
111 |
|
|
Setting up OpenAFS/Krb5 |
111 |
|
4.9.b. |
LibPAM/OpenAFS |
111 |
|
|
Building and Installing LibPAM/OpenAFS |
111 |
|
|
Setting up LibPAM/OpenAFS |
112 |
|
4.9.c. |
Testing the OpenAFS softwares |
112 |
|
|
Testing OpenAFS KerberosV support software |
112 |
|
|
Testing OpenAFS PAM module |
113 |
|
4.10. |
Squid |
113 |
|
4.10.a. |
Building Squid |
114 |
|
|
Configure options – Squid |
114 |
|
|
Build the software – Squid |
114 |
|
4.10.b. |
Setting up Squid |
114 |
|
|
Replacement Squid LDAP authentication module |
115 |
|
|
Configure the Squid LDAP authentication module |
116 |
|
4.11. |
AutoFS |
116 |
|
4.11.a. |
Building AutoFS |
116 |
|
|
Configure options – AutoFS |
116 |
|
|
Build the software – AutoFS |
116 |
|
4.11.b. |
Installing AutoFS |
116 |
|
|
AutoFS start script |
117 |
|
4.11.c. |
Configuring AutoFS |
117 |
|
|
Map entry |
117 |
|
|
LDAP object |
117 |
|
|
Base tree |
117 |
|
|
Map entry as LDAP object |
117 |
|
4.12. |
Qmail-LDAP |
119 |
|
4.12.a. |
Patching Qmail |
119 |
|
4.12.b. |
Building Qmail-LDAP |
120 |
|
4.12.c. |
Installing Qmail-LDAP |
120 |
|
4.12.d. |
Configure Qmail-LDAP |
120 |
|
|
Creating administrator DN |
120 |
|
|
Creating configuration files |
120 |
|
|
ldaplogin |
121 |
|
|
ldappassword |
121 |
|
|
ldapserver |
121 |
|
|
me |
121 |
|
|
ldapcontroldn |
121 |
|
|
Creating Qmail-LDAP/Controls object |
121 |
|
4.13. |
Sendmail |
122 |
|
4.14. |
Fetchmail |
122 |
|
4.14.a. |
Building fetchmail |
122 |
|
4.14.b. |
Installing fetchmail |
123 |
|
4.14.c. |
Configure fetchmail |
123 |
|
4.15. |
OpenSSH |
123 |
|
4.15.a. |
Traditional public key authentication |
123 |
|
4.15.b. |
Kerberos V tickets with SSH |
125 |
|
4.15.c. |
Building SSH |
125 |
|
|
Getting the SSH kerberos patch |
125 |
|
|
Configure options – OpenSSH |
125 |
|
|
Build the software – OpenSSH |
126 |
|
4.15.d. |
Installing SSH |
126 |
|
4.15.e. |
Setting up OpenSSH |
126 |
|
|
Creating a SSH service key |
126 |
|
4.16. |
Bind9 |
126 |
|
4.16.a. |
Building Bind9 |
126 |
|
|
Setting up Bind9 source for LDAP |
126 |
|
|
Configure options - Bind9 |
127 |
|
|
Building the software - Bind9 |
127 |
|
|
Installing Bind9 |
127 |
|
4.16.b. |
Setting up Bind9 |
127 |
|
4.16.c. |
Configure the LDAP server for Bind9 |
128 |
|
|
Adding the schema definition |
128 |
|
|
Configuring the access control |
128 |
|
|
Configuring for fast searches |
128 |
|
4.16.d. |
Create LDAP objects for Bind9 |
129 |
|
5.1. |
Migrating existing users |
132 |
|
5.1.a. |
LDAP |
132 |
|
5.1.b. |
Kerberos |
133 |
|
5.1.c. |
AFS |
133 |
|
5.2. |
Adding, removing or modifying a user |
133 |
|
5.2.a. |
LDAP |
134 |
|
|
Adding a object |
134 |
|
|
Removing a object |
135 |
|
|
Modifying a object |
135 |
|
5.2.b. |
Kerberos |
136 |
|
|
Adding a principal |
136 |
|
|
Removing a principal |
137 |
|
|
Modifying a principal |
137 |
|
|
Changing password for a principal |
137 |
|
|
Setting expiration date |
137 |
|
|
Setting maximum ticket life |
138 |
|
|
Account policies |
138 |
|
|
Add policy |
138 |
|
|
View policy |
138 |
|
|
Modifying policy |
139 |
|
|
Enforcing policy |
139 |
|
5.2.c. |
AFS |
139 |
|
|
Adding a user to the AFS protection database |
140 |
|
|
Create a volume on the AFS volume server |
140 |
|
|
Removing an entry from the AFS protection database |
140 |
|
|
Modifying an entry in the AFS protection database |
140 |
|
|
Mount a AFS volume |
141 |
|
|
Unmount a AFS volume |
141 |
|
|
Remove a AFS volume |
141 |
|
|
Release the volumes |
142 |
|
5.3. |
Setting up access restrictions |
142 |
|
5.3.a. |
LDAP |
142 |
|
|
Limit access to host system |
142 |
|
|
LDAP object |
142 |
|
|
Host configuration |
142 |
|
|
Doing IP based access control |
143 |
|
|
Limit access to host service |
143 |
|
5.3.b. |
Kerberos |
144 |
|
5.3.c. |
AFS |
144 |
|
|
ACL on FTP incoming directory |
144 |
|
5.4. |
Adding a system to the site |
145 |
|
5.4.a. |
Packages required |
145 |
|
|
LDAP server |
145 |
|
|
Kerberos server |
145 |
|
|
AFS Database server |
145 |
|
|
AFS Volume server |
145 |
|
|
Documentation |
145 |
|
5.4.b. |
Host systems and LDAPv3 authentication |
146 |
|
|
Core software |
146 |
|
|
Extra software |
146 |
|
5.5. |
Moving servers and services |
146 |
|
5.5.a. |
LDAP |
146 |
|
5.5.b. |
Kerberos |
147 |
|
5.5.c. |
AFS |
148 |
|
|
Moving or backing up the database |
148 |
|
|
Changing IP address |
148 |
|
6.1. |
LDAP |
150 |
|
6.1.a. |
Initialize a LDAP session |
150 |
|
|
Initialization in C |
150 |
|
|
Initialization in Perl |
150 |
|
|
Anonymous bind |
150 |
|
|
Autorized bind |
150 |
|
|
Initialization in PHP |
150 |
|
6.1.b. |
Initialize a TLS session |
151 |
|
|
TLS initialization in C |
151 |
|
|
TLS initialization in Perl |
151 |
|
|
TLS Initialization in PHP |
151 |
|
6.1.c. |
Initialize a SSL session |
151 |
|
|
SSL initialization in C |
151 |
|
|
SSL initialization in Perl |
151 |
|
|
SSL Initialization in PHP |
151 |
|
6.1.d. |
LDAP searches and modifications |
151 |
|
|
Search in database from C |
151 |
|
|
Seach in database from Perl |
151 |
|
|
Retreive value |
151 |
|
|
Get distiguished name of found object |
151 |
|
|
Get values and attributes of found object |
151 |
|
|
Full source listing of example perl program |
152 |
|
|
Seach in database from PHP |
152 |
|
6.2. |
SASL/GSSAPI |
152 |
|
6.2.a. |
Initialize a SASL session |
152 |
|
|
SASL initialization in C |
152 |
|
|
SASL initialization in Perl |
152 |
|
|
SASL initialization in PHP |
152 |
|
6.3. |
Kerberos |
153 |
|
6.4. |
AFS |
153 |
|
7.1. |
Problems that can occur |
156 |
|
7.1.a. |
No such attribute error |
156 |
|
7.1.b. |
No such object error |
156 |
|
7.1.c. |
Local error |
156 |
|
7.1.d. |
Unknown error |
157 |
|
7.1.e. |
Can't contact LDAP server |
157 |
|
7.1.f. |
No principal in keytab matches desired name |
157 |
|
7.1.g. |
Problems when the KVNO don't match up |
157 |
|
7.1.h. |
Problems with ACL's |
159 |
|
7.2. |
Generic failure: GSSAPI Error |
159 |
|
7.2.a. |
Miscellaneous failure |
159 |
|
|
Ticket expired |
159 |
|
7.3. |
Authentication failure: GSSAPI Failure |
159 |
|
7.3.a. |
gss_accept_sec_context |
159 |
|
7.4. |
SLAPADD problems/messages |
160 |
|
7.4.a. |
Attribute type undefined |
160 |
|
7.4.b. |
Attribute not allowed |
160 |
|
7.4.c. |
Missing required attribute |
160 |
|
7.4.d. |
Bad encryption type |
161 |
|
7.5. |
Mailinglists for help |
161 |
|
8.1. |
My current softwares |
164 |
|
8.2. |
Berkeley DB |
164 |
|
8.2.a. |
v3.3.11 |
164 |
|
8.2.b. |
v3.2.9 |
164 |
|
8.3. |
OpenSSL |
165 |
|
8.3.a. |
v0.9.6a |
165 |
|
8.3.b. |
v0.9.6b |
165 |
|
8.3.c. |
v0.9.6c |
165 |
|
8.3.d. |
v0.9.6g |
165 |
|
8.4. |
OpenLDAP |
165 |
|
8.4.a. |
v2.0.10 |
165 |
|
8.4.b. |
v2.0.11 |
165 |
|
8.4.c. |
v2.0.14 |
166 |
|
8.4.d. |
v2.0.18 |
166 |
|
8.4.e. |
v2.0.21 |
166 |
|
8.4.f. |
v2.0.22 |
166 |
|
8.4.g. |
v2.0.23 |
167 |
|
8.4.h. |
v2.0.27 |
167 |
|
8.5. |
Cyrus SASL |
167 |
|
8.5.a. |
v1.5.27 |
167 |
|
8.5.b. |
v1.5.28 |
168 |
|
8.6. |
MIT KerberosV |
168 |
|
8.6.a. |
v1.2.4 |
168 |
|
8.6.b. |
v1.2.5 |
168 |
|
8.7. |
Concurrent Version System |
168 |
|
8.7.a. |
v1.11.1p1 |
168 |
|
8.7.b. |
v1.11.2 |
168 |
|
8.8. |
PostgreSQL |
168 |
|
8.8.a. |
v7.2.2 |
168 |
|
8.8.b. |
v7.3.2 |
169 |
|
9.1. |
Building OpenLDAP 2.1 and Cyrus SASL 2.1 |
172 |
|
9.2. |
Configuration of OpenLDAP 2.1 |
172 |
|
9.3. |
Per-object Access Control |
172 |
|
9.3.a. |
Using ACIs |
172 |
|
|
ACI Example |
173 |
|
|
Broken behaviour |
173 |
|
|
OpenLDAPaci attribute |
174 |
|
|
OID |
174 |
|
|
SCOPE |
174 |
|
|
RIGHTS |
174 |
|
|
ACTION |
174 |
|
|
PERMISSION |
175 |
|
|
TARGET |
175 |
|
|
TYPE |
175 |
|
|
SUBJECT |
175 |
|
9.4. |
Authenticating with SASL/EXTERNAL |
175 |
|
9.4.a. |
Via SSL certificate |
175 |
|
10.1. |
Finding installed packages |
178 |
|
10.1.a. |
Package managers |
178 |
|
|
RPM |
178 |
|
|
DPKG |
178 |
|
|
PKG |
179 |
|
10.2. |
Linux distributions |
180 |
|
10.2.a. |
Debian GNU/Linux |
180 |
|
|
Packages which don't need modifications |
180 |
|
|
Packages in need of modifications |
181 |
|
|
Building packages from source |
182 |
|
|
Source packages needed |
182 |
|
|
Pre-required Debian GNU/Linux package building software |
182 |
|
|
Build and install Cyrus SASL |
183 |
|
|
Build and install OpenLDAP |
183 |
|
|
Bumping the Debian GNU/Linux package version |
184 |
|
|
Shortcuts |
185 |
|
|
APT configuration |
185 |
|
10.2.b. |
RedHat Linux |
185 |
|
|
Kerberos V |
185 |
|
|
OpenLDAP |
186 |
|
10.2.c. |
SuSE, Mandrake |
186 |
|
10.3. |
Microsoft Windows |
186 |
|
10.3.a. |
Windows 95 & 98 |
186 |
|
|
Setting up a NTP client |
186 |
|
|
Install the Windows 9x OpenAFS client |
186 |
|
|
Configuring the OpenAFS client |
186 |
|
10.3.b. |
Windows Me, 2000 & XP |
187 |
|
|
Setting up the KDC |
187 |
|
|
Installing configuration softwares |
187 |
|
|
Setting up the client |
187 |
|
|
Configure the NTP client |
187 |
|
|
Install the Windows 2k OpenAFS client |
188 |
|
|
Configure the Windows 2k OpenAFS client manually |
188 |
|
|
Add local accounts |
188 |
|
10.4. |
Sun Solaris |
189 |
|
10.5. |
Mac OS X |
189 |
|
10.6. |
IRIX |
189 |
|
10.7. |
IBM AIX |
189 |
|
10.8. |
HP HPUX |
189 |
|
11.1. |
Source code and patches |
192 |
|
11.1.a. |
Source code used - Pre-required |
192 |
|
11.1.b. |
Source code used – Core |
192 |
|
|
Berkeley DB |
192 |
|
|
Other |
192 |
|
11.1.c. |
Source code used - Extras |
193 |
|
11.1.d. |
Source code needed - Dependencies |
193 |
|
11.1.e. |
Patches needed |
194 |
|
11.2. |
Other softwares |
194 |
|
11.2.a. |
Windows installers |
194 |
|
11.3. |
Miscellaneous information |
195 |
|
11.3.a. |
Solaris |
195 |
|
11.3.b. |
Other |
195 |
|
11.3.c. |
OID Numbers |
195 |
|
11.3.d. |
Hardware load balancers |
196 |
|
11.3.e. |
Considered must-reads |
196 |
|
11.3.f. |
Commercial LDAP servers |
196 |
|
11.3.g. |
Commercial Certificate Authorities |
196 |
|
11.4. |
My configuration files |
196 |
|
11.4.a. |
Master LDAP server |
197 |
|
11.4.b. |
Slave LDAP server |
197 |
|
11.4.c. |
PAM/LDAP files |
197 |
|
11.4.d. |
Misc files |
197 |
|
11.5. |
Upgrade and administration scripts |
198 |
|
11.6. |
Documentation |
198 |
|
11.6.a. |
LDAP |
198 |
|
|
LDAPv2 |
198 |
|
|
LDAPv3 |
199 |
|
11.6.b. |
Authentication |
199 |
|
|
SASL |
199 |
|
|
Kerberos |
200 |
|
11.6.c. |
Domain Name System |
201 |
|
|
DNSSEC |
201 |
|
11.6.d. |
Other |
202 |
|
|
Licenses |
202 |
|
|
Other |
202 |
|
12.1. |
Abbrevations used |
206 |
|
12.2. |
Illustration index |
206 |
|
12.3. |
Table index |
206 |
|
12.4. |
GNU General Public License |
209 |
|
12.5. |
Open Publication License |
216 |
|
12.6. |
Alphabetical Index |
220 |