Recently I was trying to configure ldap system, i will show you how to set up - with dirty works - an ldap system which has been tested in Fedora Core 3.
1. What is LDAP ?
LDAP is acronym for Lightweight Directory Access Protocol. LDAP has become standard protocol that can be used to access information over a network. LDAP is protocol that arrange directory service (DS) accessing mechanism, able to be used to describe many information, like concerning people, organizations, roulette, service information. Technique specification explained at RFC 3377.
LDAP information model based on entry. Entry is an attribute collection distinguished name (dn) in globally. an entry use dn for reference, and this is unique from another. An entry attribute have one type of value or more. The type is usually string, such as 'cn' for common name, or mail for email.
Syntacs for value dependent on type attribute. For example, cn maybe contain words such as erwinwta. Mail attribute maybe contain erwinwta@gmail.com, etc.
Entry in LDAP generally compiled to internet domain naming, follow the tree structure hierarchy. LDAP arrange the attribute needed and permitted in a entry using objectClass. ObjectClass contains rule schema for the entry. Based on explanation on RFC 2251, entry which joint forces with DIT (Directory Information Tree) have to have an unique name, named with RDN (Relative Distinguished Name). For Example entry to erwinwta, will have RDN :
uid=erwinwta,ou=people,dc=ngoprek,dc=com.
uid=erwinwta,ou=people,dc=ngoprek,dc=com.
dc = com
|
dc = ngoprek
|
==============
| |
ou = people ou=Group
|
===============
| |
uid=erwinwta uid=de_bego
|
dc = ngoprek
|
==============
| |
ou = people ou=Group
|
===============
| |
uid=erwinwta uid=de_bego
Update operations, susch ass adding and deleting an entry from directory, modifying an entry and change it.
Most of the common services can be authenticated through PAM, Pluggable Authentication Modules. With the pam_ldap and nss_ldap modules, all pamified programs can get their information from LDAP. More information about PAM in
general can be found on [http://www.kernel.org/pub/linux/libs/pam/] the Linux-PAM site. Information about pam_ldap and nss_ldap can be found on the [http://www.padl.com] padl software site.
general can be found on [http://www.kernel.org/pub/linux/libs/pam/] the Linux-PAM site. Information about pam_ldap and nss_ldap can be found on the [http://www.padl.com] padl software site.
2. LDAP authentication using PAM pam_ldap.so
The Pluggable Authentication Module allows integration of various authentication technologies such as standard UNIX, RSA, DCE, LDAP etc. into system services such as login, passwd, rlogin, su, ftp, ssh etc. without
changing any of these services.
First implemented by Sun Solaris, PAM is now the standard authentication framework of many Linux distributions, including RedHat and Debian. It provides an API through which authentication requests are mapped into technology specific actions (implemented in the so called pam modules). This mapping is done by PAM configuration files, in which, for each service are basically given the authentication mechanisms to use.
In our case, the pam_ldap module, implemented in the shared library pam_ldap.so, allows user and group authentication using an LDAP service.
Each service that needs an authentication facility, can be configured through the PAM configuration files to use different authentication methods. This means that it is possible, using the PAM configuration files, to write a
custom list of requirements that an user must satisfy to obtain access to a resource.
3. Requirement
i will not explain how to install software that we needed to build this system, our system will need :
DNS Server (using bind-9.2.4-2, bind-chroot-9.2.4-2, bind-libs-9.2.4-2.i386.rpm, bind-utils-9.2.4-2, caching-nameserver-7.3-3), samba (samba-common-3.0.8-0.pre1.3, samba-3.0.8-0.pre1.3, samba-client-3.0.8-0.pre1.3, openLDAP (openldap-2.2.13-2, openldap-devel-2.2.13-2, openldap-clients-2.2.13-2, openldap-servers-2.2.13-2, nss_ldap-220-3), smbldap-tools-0.9.1-1.1, openssl-0.9.7a-40, another complement software such as perl-Jcode-2.05, perl-Digest-MD4-1.5-1, perl-Unicode-Map-0.112-5, perl-Unicode-Map8-0.12-4, perl-Unicode-MapUTF8-1.09-4, perl-Net-SSLeay-1.25-1.2, perl-IO-Socket-SSL-0.96-1.1.
you will find it in google.
next i will show complete configuration - how to setup - LDAP system, and you must prepare our system with requirement software. :)
changing any of these services.
First implemented by Sun Solaris, PAM is now the standard authentication framework of many Linux distributions, including RedHat and Debian. It provides an API through which authentication requests are mapped into technology specific actions (implemented in the so called pam modules). This mapping is done by PAM configuration files, in which, for each service are basically given the authentication mechanisms to use.
In our case, the pam_ldap module, implemented in the shared library pam_ldap.so, allows user and group authentication using an LDAP service.
Each service that needs an authentication facility, can be configured through the PAM configuration files to use different authentication methods. This means that it is possible, using the PAM configuration files, to write a
custom list of requirements that an user must satisfy to obtain access to a resource.
3. Requirement
i will not explain how to install software that we needed to build this system, our system will need :
DNS Server (using bind-9.2.4-2, bind-chroot-9.2.4-2, bind-libs-9.2.4-2.i386.rpm, bind-utils-9.2.4-2, caching-nameserver-7.3-3), samba (samba-common-3.0.8-0.pre1.3, samba-3.0.8-0.pre1.3, samba-client-3.0.8-0.pre1.3, openLDAP (openldap-2.2.13-2, openldap-devel-2.2.13-2, openldap-clients-2.2.13-2, openldap-servers-2.2.13-2, nss_ldap-220-3), smbldap-tools-0.9.1-1.1, openssl-0.9.7a-40, another complement software such as perl-Jcode-2.05, perl-Digest-MD4-1.5-1, perl-Unicode-Map-0.112-5, perl-Unicode-Map8-0.12-4, perl-Unicode-MapUTF8-1.09-4, perl-Net-SSLeay-1.25-1.2, perl-IO-Socket-SSL-0.96-1.1.
you will find it in google.
next i will show complete configuration - how to setup - LDAP system, and you must prepare our system with requirement software. :)
No comments:
Post a Comment