Chapter 7. Using LDAP for Authentication
Suppose you've got an
IMAP (mail) server and a bunch of users, but you
don't want to give each user a shell account on the
server: you'd rather use some sort of central
user-authentication service that you can use for other things, too.
While you're at it, you also need an online address
book for your organization that could similarly be used both with
email and with other groupware applications. And suppose that in
addition to all that, you need to provide all your users with
encryption tools that use X.509 certificates, and therefore need to
manage digital certificates for your entire organization.
Would you believe that one service can address all three scenarios?
LDAP, the Lightweight Directory Access Protocol, does all of this and
more. And wouldn't you know it, the open source
community is blessed with a free, stable, and fully functional LDAP
package that is already part of most Linux distributions: OpenLDAP.
The only catch is that LDAP is a complicated beast. To make sense of
it, you're going to have to add still more acronyms
and some heavy-duty abstractions to your bag of Unix tricks. But
armed with this chapter and a little determination, before you know
it, you'll have the mighty LDAP burro pulling
several very large plows simultaneously, thus making your network
both more secure and easier to use. (Security and convenience seldom
come hand in hand.) This chapter is divided into three main sections:
"LDAP Basics," a high-level
introduction to the LDAP protocol; "Setting Up the
Server," in which we'll install
OpenLDAP software
and get things started; and "LDAP Database
Management," in which we'll create
and populate an LDAP database.
|
لطفا منتظر باشید ...
