Introduction

What is LDAP?

LDAP is in essence a distributed database. Some of the things you can use it for are:

A central authentication service, so a cluster of machines can use the same logins (even if they run different operating systems)
Authenticating clients without creating user accounts in /etc/passwd
A central respository for Unix config files like /etc/passwd and /etc/hosts, and thus a replacement for NIS
A "white pages" telephone book service.

It is clear that LDAP is going to be a very important technology, especially since it is being supported by some of the Big Players. It will be key in building and managing large enterprise networks and integrating systems from different vendors.

However, LDAP is complicated. Partly this derives from its X500 heritage, and partly because it is so flexible: its database structure is table-driven and can be extended at will.

Some of the nice features of LDAP

Users can be given access to update some of their own information, e.g. changing passwords
LDAP servers can be replicated
LDAP servers can refer requests to other LDAP servers, in a similar way to how DNS operates

So why another document about LDAP?

In trying to learn about LDAP, I looked at some of the introductory material on the web. This was fine as far as it went - such as explaining Distinguished Names - but was woefully short on practical information about how to use LDAP in a real world situation. The technical documentation (the RFCs) is very unapproachable, and this is not helped by references to ITU documents which are not RFCs!

As a result, I have had to "reverse engineer" my knowledge by installing packages and playing with them. This document outlines what I have learned in the hope that it will be helpful to others.

This document also acts as my "notepad" of useful commands and things I have discovered. Hence you may find random lines of shell script and the suchlike dotted around. Those bits are here so I don't have to keep working them out from scratch.

Links to other LDAP documentation

Understanding and Deploying LDAP directory services; Howes, Smith and Good; pub. Macmillan (especially chapter 3 - an Introduction to LDAP which is available on-line)
LDAP world
OpenLDAP home site
Umich list of LDAP clients