CHAPTER 37

Lightweight Directory Access Protocol

(LDAP)

IN THIS CHAPTER

Configuring the Server

Configuring Clients

LDAP    Administration

References

Lightweight Directory Access Protocol (LDAP, pronounced “ell-dap”) is one

of those technologies that, although hidden, forms part of the core
infrastructure in enterprise computing. Its job is simple: It stores information
about users. However, its power comes from the fact that it can be linked into
dozens of other services. LDAP can power login authentication, public key
distribution, email routing, and address verification. More recently, it has
formed the core of the push toward single sign-on technology.

TIP

Most    people  find    the concept of  LDAP    easier  to  grasp   when    they    think   of  it

as  a   highly  specialized form    of  database    server. Behind  the scenes, Ubuntu

uses    a   database    for storing all its LDAP    information;    however,    LDAP    does

not offer   anything    as  straightforward as  SQL for data    manipulation.

OpenLDAP    uses    Sleepycat   Software’s  Berkeley    DB  (BDB),  and sticking

with    that    default is  highly  recommended.    However,    alternatives    exist   that

might   be  better  for you if  you have    specific    needs.

This chapter looks at a relatively basic installation of an LDAP server,
including how to host a company-wide directory service that contains the
names and email addresses of employees. LDAP is a client/server system,
meaning that an LDAP server hosts the data, and an LDAP client queries it.