Mastering OpenLDAP

October 9th, 2007 | Categories: Books, LDAP | Tags:

Mastering OpenLDAPI was pleased to receive a copy of Matt Bucher's Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services published by Packt.

After introducing Directory Servers and LDAP, the author discusses Installation and basic Configuration of OpenLDAP from binaries and from source (in an appendix). In chapter 3, Using OpenLDAP basic operations are discussed (ldapsearch, ldapmodify, etc.) followed by a good overview of Securing OpenLDAP with SSL/TLS, SASL and ACLs.

The next chapters dig deeper: in Advanced Configuration, Bucher discusses database backends and gives valuable hints for performance tuning of slapd, after which slapd's overlays are described with some examples. LDAP Schemas get their own chapter; confusing at first is that this chapter discusses the accesslog and ppolicy overlays. The confusion ends when we learn that these overlays require custom schemas; seen that way, the order of the sections make sense.

Synchronization and the LDAP backend come next, followed by a chapter entitled LDAP and the Web which discusses Apache authentication with LDAP and phpLDAPadmin as examples. I feel this could have been skipped without diminishing the book's value, but maybe it is just me.

Throughout the book, installation examples are based on Debian's apt–get on Ubuntu, which unfortunately leave users of RPM-based distributions (of which there are many) out in the open. Instructions such as sudo apt–get install libldap–2.3–0 are quickly outdated, and I feel they shouldn't be used. Apropos sudo: all commands that require superuser privileges to run are prefixed with sudo in the book, instead of using a differing prompt (# ). Some people may feel comfortable with this, I prefer a single sudo su – before starting exhaustive root–only work.

I enjoyed the book and can recommend it to system administrators interested in getting the OpenLDAP suite up and running. The only thing I distinctly dislike in the text is the constant mixture of the words record and entry; relational database systems have tables with records; LDAP directory servers contain entries consisting of
object classes and attribute types & values.

Leave a comment | Trackback
No comments yet.