لطفا منتظر باشید ...
•
Table of Contents
•
Index
•
Reviews
•
Reader Reviews
•
Errata
LDAP System Administration
By
Gerald Carter
Publisher
: O''''Reilly
Pub Date
: March 2003
ISBN
: 1-56592-491-6
Pages
: 308
If you want to be a master of your domain, LDAP
System Administration will help you get up and
running quickly regardless of which LDAP version you use.
After reading this book, even with no previous LDAP
experience, you''''ll be able to integrate a directory server
into essential network services such as mail, DNS, HTTP, and
SMB/CIFS.
3.1 Obtaining the OpenLDAP Distribution
The
OpenLDAP
project does not make binary distributions of its software available.
The reason for this has a lot to do with the number of dependencies
it has on other packages. Many Linux vendors include precompiled
versions of OpenLDAP with their distributions. Still,
we'll discuss how to compile the OpenLDAP source
code distribution; you'll need to build OpenLDAP to
stay up to date, and studying the build process gives you a chance to
learn more about the LDAP protocol.
 | Symas Corporation also provides some precompiled OpenLDAP packages (including requisite software components) for Solaris and HP-UX at http://www.symas.com/. |
There are two major incarnations of OpenLDAP. The older 1.2 releases
are essentially enhancements or small bug fixes to the original
University of Michigan code base and implement only LDAPv2. The
OpenLDAP 2 branch is an LDAPv3-compliant implementation.There are several advantages of
LDAPv3 over the previous
version, such as:
The ability to refer clients to other LDAP servers for information.
The LDAPv2 RFCs contained no provision for returning a referral to a
client. While the University of Michigan server supported an
experimental implementation of referrals, the concept was not
standardized until the LDAPv3 specifications. Standardization made
interoperability between servers and clients from different vendors
possible, something that was missing under LDAPv2.
The ability to publish the server's schema via LDAP
operations, which makes it easier for clients to learn the
server's schema before performing searches. The only
way to determine the schema supported by an LDAPv2 server was to
examine the server's configuration files. Publishing
the server's schema as entries within the directory
allows for such things as real-time updates via standard LDAP
operations. (Note that LDAPv3 does not require dynamic updates.)
Internationalization support
through the use of UTF-8 characters in strings
(RFC 2253) and
language tags for attribute descriptions (RFC 2596).
Improved security and flexibility for authentication credentials and
data via SASL and SSL/TLS. LDAPv2 supported only simple binds or
Kerberos 4 authentication.
Support for protocol extensions as a mechanism to enhance existing
operations or add new commands without requiring that a new revision
of the LDAP protocol be defined.
The OpenLDAP 2 release is an LDAPv3 server. However, LDAPv2 clients
are not going away anytime soon. Therefore, OpenLDAP 2 and the
majority of other LDAP servers can support both LDAPv2 and v3
clients.[2][2] Most people are referring to the University
of Michigan LDAP client and server implementation when using the term
LDAPv2. LDAPv2 as specified in the original RFCs has been moved to
historic status.
