LDAP Implementation HOWTO

Roel van Meer

Linvision BV

r.vanmeer@linvision.com

Giuseppe Lo Biondo

INFN MI

giuseppe.lobiondo@mi.infn.it

v0.5, 2001-03-30

Revision History
Revision 0.52001-03-30Revised by: rvm
Cleanup, fixes, overview rewritten.
Revision 0.42001-02-01Revised by: rvm
Added dns section.
Revision 0.32001-01-18Revised by: rvm
Added MTA sections.
Revision 0.22000-11-12Revised by: glb
Improved section on nss. Added sections about certificates and wrappers.

This document describes the technical aspects of storing application data in an ldap server. It focuses on the configuration of various applications to make them ldap-aware. Some applications that assist in handling ldap data are also discussed.


Table of Contents
1. Overview
1.1. Why this howto?
1.2. What is it about?
1.3. What is it NOT about?
1.4. Acknowledgements
1.5. Disclaimer
1.6. Copyright and license
2. LDAP authentication using pam_ldap and nss_ldap
2.1. The components of the framework
2.1.1. Authentication: PAM and pam_ldap.so
2.1.2. The Name Service Switch and nss_ldap.so
2.1.3. The Lightweight Directory Access Protocol
2.1.4. The Name Service Caching Daemon
2.1.5. The Secure Socket Layer
2.2. Building the authentication system
2.2.1. Server side
2.2.1.1. Installing and configuring OpenLDAP
2.2.2. Client side
2.2.2.1. PAM LDAP Installation and Configuration
2.2.2.2. NSS LDAP installation and configuration
2.2.2.3. NSCD configuration
2.2.2.4. LDAP client configuration file
2.3. Starting up
2.4. Accounts maintenance
2.5. Known limits
2.6. File permissions
3. Radius authentication using LDAP
3.1. FreeRadius Radiusd configuration
3.2. Testing Radius Authentication
3.3. Sample CISCO IOS Configuration
4. Samba
5. DNS
5.1. Using nss
5.1.1. Configuration
5.1.2. Schema
5.2. Using bind
5.2.1. Bind patch
5.2.2. ldap2dns
5.2.3. ispman
6. Mail Transfer Agents
6.1. Sendmail
6.1.1. Ldap support in sendmail
6.1.2. System layout.
6.1.3. Sendmail configuration file
6.1.4. Schema
6.1.5. More information.
6.2. Postfix
6.2.1. Support
6.2.2. Configuration
6.2.3. Example setup
6.3. Qmail
7. Address books
8. Netscape roaming access
9. Publishing digital certificates with LDAP
9.1. LDAP Server configuration
9.2. Certificate Publishing
9.3. LDAP Aware Clients
10. SSL/TLS and SSL/TLS wrappers for LDAP
10.1. A Brief description of SSL
10.2. SSL/TLS availability for OpenLDAP
10.3. How to use stunnel to provide SSL/TLS to an LDAP V2 server
10.4. How to use stunnel to provide SSL to LDAP clients
10.5. How to use stunnel to provide SSL for slurpd replication
11. Ldap schema's
12. Example files
12.1. The schema file
12.2. Example base ldif