LDAP in the Solaris™ Operating Environment: Deploying Secure Directory Services

LDAP in the Solaris™ Operating Environment: Deploying Secure Directory Services

by Michael Haines, Tom Bialaski
Released September 2003
Publisher(s): Pearson
ISBN: 0131456938

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

LDAP in the Solaris Operating EnvironmentDeploying Secure Directory Services

  • Provides an in-depth discussion of Solaris Operating Environment security methods and how they relate to LDAP as a naming service

  • Covers migration planning tips from NIS/NIS+ to an LDAP-based naming service including capacity planning

  • Presents an overview of LDAP tools and toolkits, and how they are used to administer LDAP as a naming service

  • Discusses performance principles and benchmarking techniques for optimizing directory server performance

    • LDAP in the Solaris Operating Environment is a follow-on to the Sun BluePrints book Solaris and LDAP Naming Services, and describes the significant improvements to the Solaris LDAP client and directory server. Deploying the Solaris Secured LDAP Client is covered in detail. This Sun BluePrints book introduces NIS/NIS+ migration tools and techniques to aid in the transition to an LDAP-based naming service. Troubleshooting tips, examples of extending Solaris authentication methods, and examples of extending Solaris authentication methods using the Pluggable Authentication Module (PAM) framework are provided.

    Table of contents

    1. Copyright
    2. Acknowledgments
    3. Preface
      1. Who Should Use This Book
      2. Before You Read This Book
      3. How This Book Is Organized
      4. Obtaining the Downloadable Files for This Book
        1. What’s Available for Download
        2. To Download a File
      5. Sun BluePrints Program
      6. Accessing Sun Documentation Online
      7. Typographic Conventions
      8. Shell Prompts in Command Examples
    4. 1. Introducing LDAP in the Solaris Operating Environment
      1. Introduction
      2. The Big Picture
        1. Defining the Problem
        2. Measuring the Scope
        3. Analyzing Alternative Solutions
        4. Implementing
        5. Controlling
      3. LDAP Terms and Concepts
        1. Directory Service versus Naming Service
        2. LDAP Server versus Directory Server
        3. LDAP Models
          1. Information Model
          2. Naming Model
          3. Functional Model
          4. Security Model
        4. Directory Objects and Attributes
          1. Directory Schema
          2. Distinguished Names (DN)
          3. Replication
        5. Solaris OE LDAP Client
    5. 2. Assessing Your Needs for Naming Service Transition and Consolidation
      1. What Consolidation Means
      2. Business Case for Transitioning to LDAP
        1. Identifying Potential Consolidation Problems
        2. Identifying the Solution
          1. Consolidation of Enterprise Data
          2. Universal Access
          3. Ease of Management
          4. Ease of Securing Data
        3. Technical Benefits of LDAP Directories
          1. Extensible Schema
          2. Scalability
          3. Availability
        4. Future of NIS and NIS+
      3. Understanding Legacy Naming Services
        1. Evolution of NIS
        2. Evolution of NIS+
        3. Common Uses for NIS/NIS+
          1. Maintaining User and Group Data
          2. Maintaining System Data for Applications
          3. Automating Installations
        4. DNS and NIS/NIS+
          1. DHCP
        5. NIS Limitations
          1. Architectural Limitations
          2. Security Issues
          3. Naming Chaos
          4. Limitation Workarounds
      4. Migration Planning
        1. Collecting Data and Resolving Conflicts
          1. passwd and shadow Databases
          2. group Database
          3. hosts Database
          4. ipnodes Database
          5. ethers Database
          6. bootparams Database
          7. netgroup Database
          8. networks Database
          9. netmasks Database
          10. aliases Database
          11. services Database
          12. protocol Database
          13. rpc Database
          14. publickey Database
          15. automount Database
          16. Role-Based Access Control (RBAC) Databases
          17. User-Defined (Custom) NIS Maps
        2. Establishing Unique IDs
        3. Choosing NIS/NIS+ Migration Tools
    6. 3. Defining Directory Service Security Architecture
      1. Understanding Directory Server Security
        1. Sun ONE Directory Server 5.2 Software Security Features
          1. Access Control
          2. Additional Security Features
          3. Authentication Mechanisms
      2. Understanding the SASL Mechanism
        1. SASL DIGEST-MD5
        2. Setting up the SASL DIGEST-MD5 Authentication Mechanism
          1. To Set up the SASL DIGEST-MD5 Authentication Mechanism
      3. GSSAPI Authentication and Kerberos v5
        1. Understanding GSSAPI
        2. Understanding Kerberos v5
          1. How Kerberos Works
            1. Initial Authentication
            2. Subsequent Authentications
            3. Principals
            4. Realms
            5. Realms and KDC Servers
          2. Understanding the Kerberos KDC
            1. Secure Settings in the KDC Configuration File
            2. Access Control
            3. Adding Administrators
            4. Creating Host Keys
            5. Using NTP to Synchronize Clocks
            6. Establishing Password Policies
            7. Backing Up a KDC
            8. Monitoring the KDC
            9. Kerberos Options
          3. Kerberos Client Applications
            1. kinit
            2. telnet
            3. rlogin and rsh
            4. rcp
            5. login
            6. ftp
        3. Implementing the Sun ONE Directory Server 5.2 Software and the GSSAPI Mechanism
        4. Configuring a DNS Client
          1. To Configure Kerberos v5 (Master KDC)
        5. Sun ONE Directory Server 5.2 GSSAPI Configuration
          1. To Perform the GSSAPI Configuration for the Sun ONE Directory Server Software
      4. TLSv1/SSL Protocol Support
        1. SSL Background
          1. SSLv2
          2. SSLv3
        2. TLS Background
          1. Understanding TLSv1 Transport Support
          2. Why Use TLSv1?
          3. How Does TLSv1 Work?
          4. Types of TLSv1
          5. TLS Protocol
        3. TLSv1/SSL in the Sun ONE Directory Server 5.2 Software
          1. TLSv1/SSL Tools
        4. Security Databases
          1. TLSv1/SSL Configuration Overview
        5. Enabling TLSv1/SSL in the Sun ONE Directory Server 5.2 Software
          1. Obtaining and Installing Server Certificates
          2. Task 1: Generate a Certificate Request (Console)
          3. Task 2: Obtain the Certificate From a Certificate Authority (CA)
          4. Task 3: Install the Certificate
          5. Task 4: Trust the Certificate Authority
          6. Task 5: Confirm That Your New Certificates Are Installed
        6. Using the Command Line to Obtain and Install Server Certificates
          1. To Obtain and Install Server Certificates Using the Command-Line Interface
          2. To Generate a Self-Signed Certificate Request
        7. Activating TLSv1/SSL in the Sun ONE Directory Server 5.2 Software
          1. To Configure the Directory Server to Use TLSv1/SSL
          2. Additional Information about TLSv1/SSL in the Sun ONE Directory Server Software
          3. Using TLSv1/SSL in the Sun ONE Server Console
          4. Enabling TLSv1/SSL in the Sun ONE Administration Server Console
        8. Understanding and Using TLSv1/SSL LDAP Client Architecture
          1. To Generate a TLSv1/SSL Client Certificate
          2. Initializing the Secured LDAP Client
          3. To Verify That TLSv1/SSL Is Working
        9. Start TLS Overview
      5. Enhanced Solaris OE PAM Features
        1. Traditional Solaris OE Authentication and PAM
          1. UNIX Passwords
          2. Benefits and Drawbacks of crypt(3c)
          3. Introduction to Flexible crypt(3c)
        2. Solaris 9 OE PAM Framework
        3. PAM Types
          1. Stacking
          2. PAM Operation
          3. Pluggable Authentication Service Modules
        4. PAM Configuration File Update
          1. Configuration File Syntax
          2. Control Flags
          3. Generic pam.conf File
        5. PAM and LDAP Password Management Extensions
          1. To Add a PAM Module
          2. To Verify the Configuration
          3. To Disable .rhosts Access With PAM From Remote Systems
        6. PAM Error Reporting
          1. To Initiate Diagnostics Reporting for PAM
          2. To Initiate PAM Error Reporting
        7. PAM LDAP Module
          1. How PAM and LDAP Work
          2. Authentication With pam_unix
            1. pam_ldap Authentication
      6. Secured LDAP Client Backport to the Solaris 8 OE
    7. 4. Deploying Solaris OE LDAP Naming Services
      1. Understanding the DIT
        1. Understanding the Directory Suffix
          1. Choosing a Suffix Name
            1. The organization Attribute
            2. The dc Attribute
          2. Creating a Suffix
        2. Creating Containers
        3. Using ACIs to Support Security Policies
        4. Co-Existence with Other LDAP-Aware Applications
      2. Differentiating Server and Client Versions
        1. Directory Server Versions
          1. Netscape Directory Server 4.1x (Bonus Software)
          2. iPlanet Directory Server 5.1 (Bundled)
          3. Sun ONE Directory Server 5.1 Software (compressed tar file)
          4. Sun ONE Directory Server 5.2 Software (SVR4 packages)
            1. Shared Packages, 32-bit
            2. Shared Packages, 64-bit
            3. Sun ONE Server Console Packages
            4. Sun ONE Administration Server
            5. Directory Server Packages, 32-bit
            6. Directory Server Packages, 64-bit
            7. Solaris 8 OE Specific Packages
            8. Sun Cluster HA Agents
          5. Sun ONE Directory Server 5.2 Software (compressed tar file)
        2. LDAP Name Service Client Versions
          1. Phase 1 - Native Solaris OE LDAP
            1. Version 1 Client Profile
            2. The ldap_gen_profile Utility
            3. Adding the SolarisBindLimit Attribute
            4. How Parameter Values are Stored
          2. Phase 2 - Secured LDAP Client
            1. Version 2 Client Profile
            2. Generating Version 2 Profiles
            3. Defining Authentication Methods
        3. Mixing Client and Server Versions
      3. Configuring Sun ONE Directory Servers and Clients
        1. Configuring the Directory Server
          1. To Verify the Installation of the Sun ONE Directory Server 5.2 Packages
          2. To Run the idsktune Command
          3. To Configure the Directory Server Software
          4. To Set up the Directory Server (Interactive Mode)
          5. To Set Up the Administration Server (Interactive Mode)
          6. To Set Up the Directory Server (Silent Mode)
          7. To Set Up the Administration Server (Silent Mode)
          8. To Run the idsconfig Command (Interactive Mode)
          9. To Run the idsconfig Command (Silent Mode)
            1. idsconfig Tips and Observations
        2. Enabling TLS/SSL on the Directory Server
          1. Enabling SSL
          2. Enabling SSL on the Directory Server
          3. Automatic Startup of SSL
          4. To Configure TLS/SSL From the Command Line
          5. To Verify the TLS/SSL Configuration on the Server
        3. Configuring the Clients
          1. Solaris LDAP Client Initialization
          2. To Configure pam_ldap
            1. Running DNS and LDAP Name Services
          3. To Enable DNS With LDAP
            1. Enabling TLS/SSL on the Client
          4. To Configure the Client to Use TLS/SSL as a Transport
      4. Automating Installations
        1. Automating the Directory Server Installation
          1. Overview
          2. To Prepare a JumpStart Server to Install and Configure a Directory Server
        2. Automating LDAP Client Installations
          1. How a Solaris OE Client Is Configured
          2. Information Required to Configure an LDAP Client
          3. Client Post-Installation Issues
        3. Hands-off Installation of an LDAP Client
          1. The sysidcfg File
          2. To Prepare a JumpStart Server to Install Solaris LDAP Clients
      5. Choosing High-Availability Options
        1. Wide Area Network (WAN) Replication
        2. Client Failover
        3. Sun Cluster 3 Software LDAP Data Services
      6. Troubleshooting Tips
        1. Directory Server Configuration Problems
          1. To Troubleshoot a Missing Solaris OE Patch
          2. To Troubleshoot DNS FQN Failures
          3. What to Do When the Directory Server Port Is Already in Use
          4. To Recognize an Incompatible Installation of the 64-Bit Version on a 32-Bit System
        2. Sun ONE Console Problems
          1. To Invoke startconsole on a Protected Display
          2. To Troubleshoot Console Login Rejections
        3. Server Configuration Problems
          1. To Troubleshoot idsconfig Failures
          2. To Diagnose Other idsconfig Problems
        4. Secured LDAP Client Problems
          1. To Troubleshoot Client Initialization Problems
          2. To Troubleshoot Client Data Access Problems
        5. Authentication Problems
          1. To Troubleshoot Password Authentication Problems
          2. Authentication Examples
            1. Authentication with pam_unix
            2. Authentication with pam_ldap
          3. Authentication Problem Summary
            1. pam_unix Problems
            2. Automounter Problems
            3. Debugging SASL DIGEST-MD5 Problems
            4. TLS/SSL Errors
            5. Password Problems
    8. 5. Migrating Legacy Data to LDAP
      1. Mapping Naming Service Data to LDAP Entries
        1. Entry Formats
          1. How Clients Use Entry DNs
      2. Running ldapaddent
        1. Supported Databases
          1. Authentication Options
          2. Binding to the Directory Server
          3. Examples Using ldapaddent
          4. Default Entry Formats
            1. passwd and shadow Database Entry Example
            2. group Database Entry Example
            3. hosts Database Entry Example
            4. automount Database Entry Examples
            5. ethers Database Entry Example
            6. bootparams Database Entry Example
            7. alias Database Entry Example
            8. publickey Database Entry Example
      3. Importing Other Databases
        1. projects Database
        2. RBAC-Related Databases
          1. Creating RBAC Entries with LDIF
          2. Adding Extended User Attributes to Existing Users
          3. Adding Profile Descriptions
          4. Adding Authorization Descriptions
          5. Adding Execution Profiles
          6. Printer Entries
      4. LDAP to NIS+ Gateway
        1. What Is a Gateway?
        2. NIS+ Gateway Components
        3. Using the Gateway as a Transition Tool
        4. rpc.nisd - Configuration File for NIS+ Service Daemon
          1. Initialization Parameters
          2. Data Retrieval Parameters
          3. Action-Related Parameters
          4. Storing Configuration Attributes in LDAP
          5. Using LDAP to Store Configuration Data
        5. Configuring the Sun ONE Directory Server Software as a Configuration Server for rpc.nisd
          1. Task 1 – To Update the Schema
          2. Task 2 – To Create a Configuration Entry
          3. Task 3 – To Modify rpc.nisd
        6. How NIS+ Data is Mapped to LDAP
        7. Additional Schema Definitions
          1. timezone Schema
          2. client_info Schema
          3. NIS+ Object Data and Entry Data
          4. Principal Names and Netnames
        8. NIS+ to LDAP Mapping
          1. nisplusLDAPdatabaseIdMapping Directive
          2. nisplusLDAPentryTtl Directive
          3. nisplusLDAPobjectDN Directive
          4. nisplusLDAPattributeFromColumn Directive
          5. nisplusLDAPcolumnFromAttribute Directive
        9. Using the Default Configuration Files
          1. Assumptions
          2. Common Configuration Changes
        10. NIS+ to LDAP Migration Example
          1. To Migrate Your Data From NIS+ to LDAP
          2. Testing and Troubleshooting the NIS+ Gateway
          3. Troubleshooting Tips
          4. Common Problems
    9. 6. Management Tools and Toolkits
      1. Command-Line Tools
        1. Standard LDAP Utilities
          1. Differences Between Standard LDAP Utilities
        2. Specific Tools for the Secured LDAP Client
          1. ldaplist
          2. ldapaddent
          3. ldapclient
          4. idsconfig
        3. Other LDAP-Aware Commands
        4. Tricks and Tips Using LDAP Commands
          1. Deleting Multiple Entries
          2. To Delete Multiple Entries
          3. Identifying Secondary Groups That a User Belongs To
        5. Sun ONE Directory Server Administration Tools
          1. Using the directoryserver Wrapper
            1. directoryserver Command Basics
            2. directoryserver Command Operations
      2. GUI-based Tools
        1. Sun ONE Directory Console
          1. Sample Tasks Using the Directory Console
          2. To View the DIT With the Directory Console
          3. To Add New Entries With the Directory Console
          4. To Add Non-User Entries With the Directory Console
        2. Sun Management Console
          1. To Set Up an LDAP Name Service Domain Toolbox
        3. LDAP Browser/Editor (LBE)
          1. To Install and Configure the LBE
      3. Toolkits and LDAP APIs
        1. PerLDAP
          1. Why Use PerLDAP?
          2. LDAP Perl Modules
          3. To Set Up PerLDAP
          4. To Build an LDAP Gateway Using PerLDAP
        2. Using the JDGW
          1. What Does It Do?
          2. How Does It Work?
          3. Setting It Up
          4. To Install the Software
          5. To Customize LookMeUp
        3. LDAP APIs
        4. Creating a Program With the LDAP SDK for Java
          1. The LDAPsubtdel Program
    10. 7. Performing Administrative Tasks
      1. Identifying Directory Management Tasks
        1. Directory Data Backup and Recovery
        2. Provisioning Users and Groups
          1. Password Management
        3. Managing Client Profiles
          1. Managing Proxy Agent Credentials
        4. Restricting User Access
        5. Managing Replica Servers
        6. Directory Server Monitoring
        7. Extending the Directory Schema
        8. Troubleshooting Directory Server Problems
      2. Directory Data Backup and Recovery
        1. Configuration Data Backup and Restore
        2. Directory Data Backup and Restore
      3. Managing Client Profiles and Proxy Agent Accounts
        1. Creating Additional Profiles
        2. Adjusting the Client Cache
      4. Managing Directory Data Replication
        1. Creating Replication Agreements from Scripts
          1. Multi-Master Replication Example
          2. Replication Management
          3. Displaying Replicas
          4. Removing Replicas
          5. Checking Replication Status
      5. Monitoring Directory Services
        1. Sun Management Center 3.0 Software
        2. Sun ONE Directory Server 5.2 Software Performance Counters
        3. Using logconv.pl
      6. Managing Users and Groups
        1. Password Management
        2. Limiting User Access to a Client System
          1. Modifying /etc/passwd
          2. Modifying nsswitch.conf
          3. Creating Netgroup Entries
          4. Setting an Alternate Search Path
          5. Restricting automount Access on Client Systems
          6. Changing User Login Parameters
          7. Deploying RBAC with LDAP
      7. Extending the Directory Schema
    11. 8. Selecting Storage for Optimum Directory Server Performance
      1. Software Characteristics
      2. Survey of Sun Storage Subsystems
        1. Local SCSI Disks, Internal FC-AL Disks, High-End Storage
        2. Storage Arrays with Cache
        3. High-End Storage Subsystems
      3. Introduction to the Sun StorEdge T3b Storage Array
        1. Sun StorEdge T3b Array Architecture
          1. LUN RAID Configuration
          2. LUN Block Size Configuration
          3. Other LUN Parameters
        2. Sun StorEdge T3 Array Configuration Considerations
          1. Sun StorEdge T3b Array High-Availability Considerations
          2. Recommended Configurations for the Sun ONE Directory Server 5.2 Software
          3. Sun ONE Directory Server 5.2 Enterprise and Software Volume Managers
        3. Sun StorEdge T3b Array and Veritas Volume Manager
          1. File Systems: UFS versus Veritas File System (VxFS)
      4. RAID Explained for Directory Administrators
        1. Software RAID versus Hardware RAID
        2. RAID Levels
          1. RAID 0, Striped Volume
          2. RAID 1, Mirrored Volume
          3. RAID 1+0
          4. RAID 0+1
          5. RAID 5
          6. RAID Levels 2, 3, and 4
    12. 9. Performing Directory Server Benchmarks
      1. Why Benchmark?
        1. Directory Server Benchmark Objectives
        2. Benchmark Test Harness Description
        3. Overview of Benchmark Tasks
      2. Creating a Benchmark Configuration
        1. System Hardware Details
          1. Benchmark Directory Server
          2. Benchmark Client
        2. System Software Details
        3. Storage Architecture and Configuration
          1. Sun™ ONE Directory Server 5.2 Enterprise SCSI Disk Layout
          2. Sun™ ONE Directory Server 5.2 Enterprise Volume-Managed Sun StorEdge T3b Array Layout
            1. Low-End Configuration
            2. Mid-Range Configuration
          3. The Sun Fire v880 Server and Volume-Managed T3b Array Layout
          4. E6800 and Volume-Managed T3b Array Layout
        4. Benchmark DIT Structure and Database Topology
        5. Directory Server Settings
          1. Including Directory Server Replication in Your Benchmark
        6. Benchmark Network Topology
      3. Creating LDIF for Benchmarks
        1. The MakeLDIF Program
        2. Installing MakeLDIF
          1. To Install MakeLDIF
        3. Running MakeLDIF
        4. The Template Format
        5. Customizing the Template File for MakeLDIF
          1. Global Replacement Variables
          2. Branch Entries
        6. Template Entries
        7. Template File Tags
          1. Standard Replacement Tags
          2. Attribute Value Reference Tags
          3. Tag Evaluation Order
          4. Defining Custom Tags
          5. A Sample Custom Tag Implementation
          6. Using the Example Custom Tag
        8. Using and Automating MakeLDIF
          1. Sample Root Makefile
          2. Makefile and Generating the Filter File
      4. Using SLAMD, the Distributed Load Generation Engine
        1. SLAMD Overview
        2. Installation Prerequisites
        3. Installing the SLAMD Server
          1. To Install the SLAMD Server
        4. SLAMD Clients
          1. To Install the SLAMD Client
          2. To Start the SLAMD Client
        5. The SLAMD Administration Interface
        6. Scheduling Jobs for Execution
          1. Managing Scheduled Jobs
        7. Viewing Job Execution Results
          1. Optimizing Jobs
          2. Organizing Job Information
            1. Real Job Folders
            2. Virtual Job Folders
        8. The Default Job Classes
          1. Null Job
          2. Exec Job
          3. HTTP GetRate Job
          4. LDAP SearchRate Job
          5. Weighted LDAP SearchRate Job
          6. LDAP Prime Job
          7. LDAP ModRate Job
          8. LDAP ModRate with Replica Latency Job
          9. LDAP AddRate Job
          10. LDAP AddRate with Replica Latency Job
          11. LDAP DelRate Job
          12. LDAP DelRate with Replica Latency Job
          13. LDAP CompRate Job
          14. LDAP AuthRate Job
          15. LDAP DIGEST-MD5 AuthRate Job
          16. LDAP Search and Modify Load Generator Job
          17. LDAP Load Generator with Multiple Searches Job
          18. Solaris OE LDAP Authentication Load Generator Job
          19. SiteMinder LDAP Load Simulator Job
          20. POP CheckRate Job
          21. IMAP CheckRate Job
          22. Calendar Initial Page Rate Job
        9. Adding New Job Classes
        10. Using the Standalone Client
          1. Starting and Stopping SLAMD
            1. Starting the Tomcat Servlet Engine
            2. Starting SLAMD
            3. Restarting SLAMD
            4. Stopping SLAMD
            5. Stopping the Tomcat Servlet Engine
          2. Tuning the Configuration Directory
            1. Configuring for Large Entries
            2. Cache Tuning
            3. Proper Indexing
        11. Typical SLAMD Architecture
      5. Directory Server Performance Tuning
    13. 10. Emerging Directory Technologies
      1. DSMLv2 Interface
        1. What Is DSML?
          1. LDAP Operations
        2. What Can You Use It For?
        3. DSMLv2 Sun ONE Directory Server 5.2 Software Implementation
          1. Configuring DSML
      2. Sun ONE Identity Synchronization for the Windows Technology
        1. ISW Product Overview
        2. Deployment Scenarios
          1. Scenario 1 – Sun ONE Directory Server Software to Windows 2000 Active Directory
          2. Scenario 2 – Windows 2000 Active Directory to Sun ONE Directory Server Software
          3. Scenario 3 – Windows NT SAM to Sun ONE Directory Server Software
        3. Administration Issues
        4. Conclusion
      3. NIS to LDAP Gateway
        1. Comparison with NIS Extensions
    14. A. LDAP Standards Information
      1. Locating RFCs and Internet Drafts
        1. Life Cycle of an RFC
        2. LDAP RFCs and Internet Drafts
          1. LDAP RFCs
          2. LDAP Internet Drafts
          3. Controls and Extended Operations
          4. Authentication and Security
          5. Information and X.500 Documents
          6. The North American Directory Forum (NADF) Documents (April 1993)
          7. EWOS Directory Functional Standards
          8. Joint ISO Standards and CCITT Recommendations
          9. Other ISO Documents
    15. B. LDAP v3 Result Codes
    16. C. Using snoop with LDAP
      1. Background
      2. What is snoop?
      3. How snoop Works
      4. snoop Options
        1. Changes to the snoop Utility in the Solaris OE
      5. Protocol Decoders for snoop
      6. Running snoop with LDAP in Mind
      7. Understanding the LDAP Protocol Exchange
        1. LDAP Protocol Big Picture
      8. Examples of LDAP Enabled snoop In Action
        1. LDAP Search Request Example
        2. Non-verbose LDAP snoop Result
        3. Verbose Summary Mode LDAP Search snoop Result
        4. Verbose LDAP Search snoop Result
        5. Verbose LDAP Add Operation
        6. Verbose snoop Trace of an LDAP Delete Operation
    17. D. Solaris OE 9 PAM Architecture
      1. The PAM API
        1. PAM Framework Functions
        2. PAM Authentication Functions
        3. Account Management Function
        4. Session Management Functions
        5. Password Management Function
      2. The PAM SPI
        1. Authentication Module Functions
        2. Account Management Module Function
        3. Session Management Module Functions
        4. Password Management Module Function
      3. Writing a PAM Service Module
        1. PAM Source Code
        2. Makefiles
        3. pam_compare Source File
      4. Testing the PAM Module
    18. Glossary

    Product information

    • Title: LDAP in the Solaris™ Operating Environment: Deploying Secure Directory Services
    • Author(s): Michael Haines, Tom Bialaski
    • Release date: September 2003
    • Publisher(s): Pearson
    • ISBN: 0131456938