What is LDAP?
LDAP is in essence a distributed database. Some of the things you can use it
It is clear that LDAP is going to be a very important technology, especially
since it is being supported by some of the Big Players. It will be key in
building and managing large enterprise networks and integrating systems from
- A central authentication service, so a cluster of machines can use the
same logins (even if they run different operating systems)
- Authenticating clients without creating user accounts in /etc/passwd
- A central respository for Unix config files like /etc/passwd and
/etc/hosts, and thus a replacement for NIS
- A "white pages" telephone book service.
However, LDAP is complicated. Partly this derives from its X500 heritage,
and partly because it is so flexible: its database structure is table-driven
and can be extended at will.
Some of the nice features of LDAP
- Users can be given access to update some of their own information,
e.g. changing passwords
- LDAP servers can be replicated
- LDAP servers can refer requests to other LDAP servers, in a similar way
to how DNS operates
So why another document about LDAP?
In trying to learn about LDAP, I looked at some of the introductory material
on the web. This was fine as far as it went - such as explaining
Distinguished Names - but was woefully short on practical information about
how to use LDAP in a real world situation. The technical documentation (the
RFCs) is very unapproachable, and this is not helped by references to ITU
documents which are not RFCs!
As a result, I have had to "reverse engineer" my knowledge by installing
packages and playing with them. This document outlines what I have learned
in the hope that it will be helpful to others.
This document also acts as my "notepad" of useful commands and things I have
discovered. Hence you may find random lines of shell script and the suchlike
dotted around. Those bits are here so I don't have to keep working them out
Links to other LDAP documentation