
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
215
Chapter 7
CHAPTER 7
Using LDAP for
Authentication
Suppose you’ve got an IMAP (mail) server and a bunch of users, but you don’t want
to give each user a shell account on the server: you’d rather use some sort of central
user-authentication service that you can use for other things, too. While you’re at it,
you also need an online address book for your organization that could similarly be
used both with email and with other groupware applications. And suppose that in
addition to all that, you need to provide all your users with encryption tools that use
X.509 certificates, and therefore need to manage digital certificates for your entire
organization.
Would you believe that one service can address all three scenarios? LDAP, the Light-
weight Directory Access Protocol, does all of this and more. And wouldn’t you know
it, the open source community is blessed with a free, stable, and fully functional
LDAP package that is already part of most Linux distributions: OpenLDAP.
The only catch is that LDAP is a complicated beast. To make sense of it, you’re going
to have to add still more acronyms and some heavy-duty abstractions to your bag of
Unix tricks. But armed with this chapter and a little determination, before you know
it, you’ll have the mighty LDAP burro pulling several very large plows ...