Applications of LDAP
(apart from the obvious telephone books etc)
1. Authenticating other services
There is a simple way in which you can use LDAP for authenticating other
services, using two steps:
If the bind attempt succeeds, you know that the client has successfully
authenticated and can permit them to use the service. This has the advantage
of hiding the authentication mechanism within the LDAP server itself - e.g.
you don't care whether the password is stored as cleartext, or as a crypt()
hash, or an MD5 hash, or whatever.
- Connect to the LDAP server and perform a search to locate the DN of
the client's entry
- Attempt to bind as that client, using the password provided by the client
There are plugins available for qmail-pop3d and other pop3 servers to perform
LDAP authentication in this fashion.
If you combine this with a mail delivery agent which looks up users in LDAP
to determine whether a mailbox exists, the entire mail system can be
[Need some real examples here]
Radius to LDAP mapping
2. Replacement for NIS
In other words, a central database which replaces all those /etc/passwd,
/etc/group, /etc/hosts files (etc) that you have dotted around.
The standard way of doing this is documented in
There are some examples here.
See www.rage.net/ldap for information
on the client software libnss
and a brief HOWTO.
3. Mailing lists
Mailing lists can be incorporated in an LDAP database using the 'rfc822MailGroup'
I can't find an RFC which defines this, but you can find an attribute list in
/usr/local/etc/openldap/slapd.oc.conf. As far as I can tell, the
following mailing list:
development: fred, jim, email@example.com
would be represented by the following LDAP entry.
As an alternative schema,
will turn /etc/aliases into nisMailAlias entries. There's also some information in the
Sun SIMS documentation
[Need a proper example of how to configure a mailer to expand these]