book

Understanding and Deploying LDAP Directory Services, Second Edition

by Timothy A. Howes - Ph.D., Mark C. Smith, Gordon S. Good

April 2003

Intermediate to advanced

936 pages

24h

English

Addison-Wesley Professional

Read now

Unlock full access

Copyright
Dedication
Preface
The Book's OrganizationThe Book's AudienceConventions Used in This BookContacting Us
Acknowledgments
About the Authors
I. Introduction to Directory Services and LDAP
1. Directory Services Overview and History
What a Directory IsDirectories Are DynamicDirectories Are FlexibleFlexible ContentFlexible OrganizationDirectories Can Be SecureDirectories Can Be PersonalizedDirectory DescribedRead-to-Write RatioInformation ExtensibilityData DistributionData ReplicationPerformanceStandards and InteroperabilityTransactions and JoinDirectory Description SummaryWhat a Directory Can Do for YouFinding ThingsManaging ThingsLightweight Database ApplicationsSecurity ApplicationsWhat a Directory Is NotDirectories versus DatabasesDirectories versus File SystemsDirectories versus Web ServersDirectories versus FTP ServersDirectories versus DNS ServersThe Complementary DirectoryThe History and Origins of LDAPThe Dawn of Standard Directories: X.500X.500 InnovationsX.500 FlawsEarly X.500 Implementations and PilotsThe Creation and Rise of LDAPForerunners of LDAP: DIXIE and DASThe Creation of LDAPLDAP InnovationsEarly LDAP ImplementationsLDAP as a Standalone Directory ServiceLDAP MomentumLDAP Version 3 DevelopedThe Key Advantages of LDAPFurther ReadingLooking Ahead
Bibliography
2. Introduction to LDAP
What Is LDAP?The LDAP ProtocolThe LDAP Protocol OperationsLDAP ExtensibilityThe LDAP Protocol on the WireThe LDAP ModelsThe LDAP Information ModelEntries, Attributes, and ValuesMaintaining Order: Directory SchemasThe LDAP Naming ModelWhy Is Naming Important?Multivalued RDNs, and Why You Should Avoid Using ThemEscapingAliasesThe LDAP Functional ModelThe LDAP Interrogation OperationsThe LDAP Search OperationBase ObjectSearch ScopeAlias Dereferencing OptionsSize LimitTime LimitAttributes-Only ParameterSearch FilterList of Attributes to ReturnThe LDAP Search FiltersEquality FiltersSubstring FiltersApproximate Filters“Greater Than or Equal To” and “Less Than or Equal To” FiltersPresence FiltersExtensible MatchingNegationCombining Filter TermsEscaping in Search FiltersCommon Types of SearchesHiding LDAP Filters from UsersThe Compare OperationThe LDAP Update OperationsThe Add OperationThe Delete OperationThe Rename (Modify DN) OperationThe Modify OperationThe LDAP Authentication and Control OperationsThe Bind OperationThe Unbind OperationThe Abandon OperationThe LDAP Security ModelLDAPv3 Authentication MethodsAccess Control ModelsTransport Layer Security (TLS)LDIFLDIF Representation of Directory EntriesLDIF Update StatementsAdding a New EntryDeleting an EntryModifying an EntryRenaming and/or Moving an EntryLDAP Server SoftwareLDAP Command-Line UtilitiesThe ldapsearch Command-Line UtilityRetrieving a Single EntryBinding (Authenticating)Retrieving Only Certain AttributesMore Complex FiltersUsing SSL to Search the Directoryldapsearch Command-Line Option ReferenceThe ldapmodify Command-Line UtilityAdding EntriesContinuous Mode (–c) and Rejects File (–e) Optionsldapmodify Command-Line Option ReferenceLDAP APIsOverview of the LDAP C APIOther LDAP APIsLDAP and InternationalizationLDAP Overview ChecklistFurther ReadingLooking Ahead
Bibliography
3. LDAPv3 Extensions
How LDAPv3 Is ExtendedLDAP ControlsLDAP Extended OperationsSASL Authentication MechanismsThe Root DSE and Extension DiscoverySelected LDAPv3 ExtensionsThe ManageDSAIT ControlThe Persistent Search Request and Entry Change Notification Response ControlsThe Server-Side Sorting Request and Response ControlsThe Virtual List View Request and Response ControlsThe Proxied Authorization ControlPassword Expiration ControlsBulk Import Extended OperationsThe EXTERNAL SASL MechanismSDK SupportThe DIGEST-MD5 SASL MechanismFuture Directions: Where Is LDAP Headed Next?Increased Integration into Operating Systems and Infrastructure MiddlewareEmerging Standards WorkAn Update to the LDAP StandardAccess Control Model for LDAPLDAP Client Update Protocol (LCUP)Other LDAP-Related Standards WorkLDAP and XMLDSMLLDAP Extensions and Future Directions ChecklistsFurther ReadingLooking Ahead

Bibliography
4. Overview of Netscape Directory Server
Basic InstallationExtracting and Starting the Setup ProgramAnswering Installation QuestionsCompleting the Installation and Loading Sample DataA Brief Hands-on Tour of Netscape Directory ServerSearchingManipulating Netscape Directory Server DatabasesControlling Access to Directory DataChanging the Server Configuration Using LDAPProduct Focus and Feature SetOriginProduct FocusFeature SetExtending the Netscape Server: A Simple Plug-in ExampleProblem StatementThe Design of the Value Constraint Plug-InThe Source Code for the Value Constraint Plug-InCompiling and Installing the Value Constraint Plug-InThe Resulting Server BehaviorIdeas for ImprovementFurther ReadingLooking Ahead
Bibliography
II. Designing Your Directory Service
5. Directory Design Road Map
The Directory Life CycleDesignDeploymentMaintenanceDirectory Design ChecklistFurther ReadingLooking Ahead
Bibliography
6. Defining Your Directory Needs
Overview of the Directory Needs Definition ProcessStep 1: Analyze Your EnvironmentStep 2: Determine and Prioritize NeedsStep 3: Choose an Overall Directory Design and Deployment ApproachStep 4: Set Goals and MilestonesAnalyzing Your EnvironmentOrganizational Structure and GeographyComputer SystemsThe NetworkApplication SoftwareDetermining and Prioritizing Application NeedsDataPerformanceLevel of ServiceSecurityPrioritizing Application NeedsDetermining and Prioritizing Users' Needs and ExpectationsAsking Your UsersAccuracy and Completeness of DataPrivacyAudienceThe Relationship of User Needs to Application NeedsPrioritizing Your Users' NeedsDetermining and Prioritizing Deployment ConstraintsResourcesOpenness of the ProcessSkills of the Directory System DesignersSkills and Needs of System AdministratorsThe Political ClimatePrioritizing Your Deployment ConstraintsDetermining and Prioritizing Other Environmental ConstraintsHardware and SoftwareThe NetworkCriticality of ServiceSecurityCoexistence with Other Databases and DirectoriesPrioritizing Your Environmental ConstraintsChoosing an Overall Directory Design and Deployment ApproachMatch the Prevailing PhilosophyTake Constraints into AccountFavor Simple over ComplexFocus on the Most Important NeedsSetting Some Goals and MilestonesGoalsMilestonesRecommendations for Setting Goals and MilestonesDefining Your Directory Needs ChecklistFurther ReadingLooking Ahead
Bibliography
7. Data Design
Data Design OverviewCommon Data-Related ProblemsCreating a Data Policy StatementIdentifying Which Data Elements You NeedGeneral Characteristics of Data ElementsFormatThe Size of Each Data ValueThe Number of Distinct Data ValuesData Ownership and RestrictionsConsumersFrequency of Changes in Values: Dynamic or Static?Range of Applicability: Shared or Application-Specific?Relationships with Other Data ElementsA Data Element Characteristics ExampleAnalyzing Data ElementsSources of DataOther Directory Services and Network Operating SystemsDatabasesFilesApplicationsAdministratorsEnd UsersMaintaining Good Relationships with Other Data SourcesReplicationSynchronizationBatch UpdatesPolitical ConsiderationsData Design ChecklistFurther ReadingLooking Ahead
Bibliography
8. Schema Design
The Purpose of a SchemaElements of LDAP SchemasAttributesAn Attribute Type ExampleAttribute HierarchiesAttribute SyntaxesMatching RulesObject ClassesAn Object Class ExampleThe Presence of Multiple-Object ClassesObject Class InheritanceThe LDAPv3 extensibleObject Object ClassSchema Element SummaryDirectory Schema FormatsThe LDAPv3 Schema FormatLDAPv3 Attribute Type DefinitionsLDAPv3 Object Class DefinitionsThe ASN.1 Schema FormatASN.1 Attribute Type DefinitionsASN.1 Object Class DefinitionsThe Schema-Checking ProcessSchema-Checking ExamplesSchema Design OverviewA Few Words about Schema ConfigurationThe Relationship of Schema Design to Data DesignLet's Call the Whole Thing OffSources of Predefined SchemasDirectory-Enabled ApplicationsStandard SchemasSchemas Provided by Directory VendorsAdding a Schema to an Installed Directory ServerDefining New Schema ElementsChoosing Names for New Attribute Types and Object ClassesObtaining and Assigning Object IdentifiersModifying Existing Schema ElementsSubclassing an Existing Object ClassAdding Auxiliary Information to a Directory ObjectAccommodating New Types of ObjectsTips for Defining New SchemasDocumenting and Publishing Your SchemasSchema Maintenance and EvolutionEstablishing a Schema Review BoardGranting Permission to Change the Schema ConfigurationChanging Existing SchemasUpgrading Directory Service SoftwareSchema Design ChecklistFurther ReadingLooking Ahead
Bibliography
9. Namespace Design
The Structure of a NamespaceThe Purposes of a NamespaceAnalyzing Your Namespace NeedsChoosing a SuffixFlat and Hierarchical SchemesNaming AttributesNaming Entries by Using Existing Unique NamesNaming Entries by Constructing New Unique IdentifiersApplication ConsiderationsAdministrative Considerations of Naming Attributes and RDNsPrivacy ConsiderationsAnticipating the FutureExamples of NamespacesFlat Namespace ExamplesHierarchical Namespace ExamplesNamespace Design ChecklistFurther ReadingLooking Ahead
Bibliography
10. Topology Design
Directory Topology OverviewDefinition of a PartitionGluing the Directory Together: Knowledge ReferencesName Resolution in the Distributed DirectoryHandling Distribution in the Client: LDAP Referrals and Search Result Continuation ReferencesThe Structure of LDAP Referrals and Search Result Continuation ReferencesHandling Distribution in the Server: ChainingDeciding between Client-Side and Server-Side Processing of Knowledge Reference InformationConfiguring a Distributed DirectoryConfiguring Distribution with Netscape Directory Server 6Configuring Distribution with Client-Side ProcessingConfiguring Distribution with Server-Side ProcessingAuthentication in a Distributed DirectorySecurity ImplicationsAdvantages and Disadvantages of PartitioningDesigning Your Directory Server TopologyStep 1: Inventory Your Directory-Enabled ApplicationsStep 2: Understand Your Directory Server Software and Its CapabilitiesStep 3: Create a Map of Your Physical NetworkStep 4: Review Your Directory Namespace DesignStep 5: Consider Political ConstraintsDirectory Partition Design ExamplesA Single-Partition Directory Design ExampleBackgroundInventory of Directory-Enabled ApplicationsCapabilities of Directory SoftwarePhysical Network TopologyNamespace DesignConclusionsA Multiple-Partition Directory Design ExampleBackgroundInventory of Directory-Enabled ApplicationsCapabilities of Directory SoftwarePhysical Network TopologyNamespace DesignConclusionsTopology Design ChecklistFurther ReadingLooking Ahead
Bibliography
11. Replication Design
Why Replicate?Replication ConceptsSuppliers, Consumers, and Replication AgreementsThe Unit of ReplicationConsistency and ConvergenceIncremental and Total UpdatesThe Netscape Directory Server 6 Update ProcessInitial Population of a ReplicaReplication StrategiesSingle-Master ReplicationMultimaster ReplicationConflict ResolutionSequence NumbersGranularityUnique IdentifiersClient Updates versus Replica UpdatesReplica Update VectorsUpdate Resolution PoliciesEntry Naming ConflictsConflicts Involving Deleted EntriesConflicts Involving Single-Value ConstraintsReplication ProtocolsAdvanced Replication FeaturesReplicating a Subset of Directory InformationActive Directory GC ServersScheduling ReplicationScheduling Update Latency by Attribute TypeSchemas and ReplicationAccess Control and ReplicationDesigning Your Directory Replication SystemDesigning for Maximum ReliabilityDesigning for Maximum PerformanceOther ConsiderationsChoosing Replication SolutionsReplication Design ChecklistFurther ReadingLooking Ahead
Bibliography
12. Privacy and Security Design
Security GuidelinesThe Purpose of SecuritySecurity ThreatsUnauthorized AccessUnauthorized TamperingDenial-of-Service AttacksSecurity ToolsAnalyzing Your Security and Privacy NeedsDirectory RequirementsRead or WriteSensitivity of DataReplication and SynchronizationAdministrationUnderstanding Your EnvironmentThe User CommunityDirectory AccessibilityThe Network EnvironmentPhysical SecurityUnderstanding Your UsersUnderstanding Your Corporate Policies and Applicable LawsDesigning for SecurityAuthenticationAccess ControlOverview of Access Control ModelsImplementing an Access Control PolicyACL Example 1ACL Example 2ACL Example 3ACL PlacementInformation Privacy and IntegrityAdministrative SecurityRespecting Your Users' PrivacySecurity versus DeployabilityPrivacy and Security Design ChecklistFurther ReadingLooking Ahead
Bibliography
III. Deploying Your Directory Service
13. Evaluating Directory Products
Making the Right Product ChoiceCategories of Directory SoftwareNOS ApplicationsIntranet ApplicationsExtranet ApplicationsInternet-Facing Hosted ApplicationsLightweight Database ApplicationsEvaluation Criteria for Directory SoftwareCore FeaturesManagement FeaturesReliabilityPerformance and ScalabilitySecurityStandards ComplianceInteroperabilityCostFlexibility and ExtensibilityOther ConsiderationsAn Evaluation Criteria ExampleReaching a DecisionGathering Basic Product InformationQuizzing the Software VendorsChallenging the Vendors to Show What Their Products Can DoConducting a Directory Services PilotNegotiating the Best Possible DealEvaluating Directory Products ChecklistFurther ReadingLooking Ahead
Bibliography
14. Piloting Your Directory Service
A Piloting Road MapPrepilot TestingDefining Your GoalsDefining Your Scope and Time LineDeveloping Documentation and Training MaterialsSelecting Your UsersSetting Up Your EnvironmentRolling Out the PilotCollecting FeedbackScaling Up the PilotApplying What You've LearnedPiloting Your Directory Service ChecklistLooking Ahead
15. Analyzing and Reducing Costs
The Politics of CostsReducing CostsGeneral Principles of Cost ReductionDesign, Piloting, and Deployment CostsDesign CostsReducing Design CostsPiloting CostsReducing Piloting CostsDeployment Hardware CostsReducing Deployment Hardware CostsDeployment Software CostsReducing Deployment Software CostsOngoing Costs of Providing Your Directory ServiceSoftware Upgrade CostsReducing Software Upgrade CostsHardware Upgrade and Replacement CostsReducing Hardware Upgrade and Replacement CostsMonitoring CostsReducing Monitoring CostsData Maintenance CostsReducing Data Maintenance CostsBackup and Restore CostsReducing Backup and Restore CostsDisaster Recovery Plan CostsReducing Disaster Recovery Plan CostsSupport and Training CostsReducing Support and Training CostsSupport and Maintenance Contract CostsReducing Support and Maintenance Contract CostsCosts of Adding New Directory-Enabled ApplicationsReducing Costs of Adding New Directory-Enabled ApplicationsAnalyzing and Reducing Costs ChecklistFurther ReadingLooking Ahead
Bibliography
16. Putting Your Directory Service into Production
Creating a Plan for Putting Your Directory Service into ProductionList the Resources Needed for the RolloutCreate a List of Prerequisite TasksCreate a Detailed Rollout PlanDevelop Criteria for SuccessCreate a Publicity and Marketing PlanAdvice for Putting Your Directory Service into ProductionDon't Jump the GunMaintain FocusAdopt an Incremental ApproachPrepare Yourself WellExecuting Your PlanPutting Your Directory Service into Production ChecklistLooking Ahead
IV. Maintaining Your Directory Service
17. Backups and Disaster Recovery
Backup and Restore ProceduresBacking Up and Restoring Directory Data Using Traditional TechniquesRestoring Directory Data from a SnapshotBacking Up to LDIF FilesRestoring Data from LDIF FilesOther Things to Back UpUsing Replication for Backup and RestoreUsing Replication and Traditional Backup Techniques TogetherSafeguarding Your BackupsVerifying Your BackupsDisaster Planning and RecoveryTypes of DisastersDeveloping a Directory Disaster Recovery PlanStep 1: Perform a Risk Assessment, and Rank the Risks from Most Likely to Least LikelyStep 2: Understand the Business Implications of Each Type of RiskStep 3: Design and Implement the Recovery SolutionStep 4: Periodically Review and Update the PlanDirectory-Specific Issues in Disaster RecoveryBackups and Disaster Recovery ChecklistFurther ReadingLooking Ahead
Bibliography
18. Maintaining Data
The Importance of Data MaintenanceThe Data Maintenance PolicyApplication-Maintained DataCentrally Maintained DataUser-Maintained DataUpdate-Capable ClientsAuthentication and SecurityTraining and Support CostsSystem EffectsData ValidationHandling New Data SourcesHandling ExceptionsChecking Data QualityMethods of Checking QualityImplications of Checking QualityCorrecting Bad DataMaintaining Data ChecklistFurther ReadingLooking Ahead
Bibliography
19. Monitoring
Introduction to MonitoringMethods of MonitoringGeneral Monitoring PrinciplesMonitor UnobtrusivelyOne Failure Can Cause Other FailuresKeep a Problem HistoryHave a PlanSelecting and Developing Monitoring ToolsMonitoring Your Directory with SNMP and an NMSIntroduction to SNMPDirectory Servers and the Directory Server Monitoring MIBMonitoring Your Directory Server Using Host-Based SNMP AgentsMonitoring Your Directory with Custom Probing ToolsLog File AnalysisOperating System Performance DataMonitoring Synchronization Processes and Data QualityIndirect MonitoringNotification TechniquesBasic Notification PrinciplesNotification MethodsTesting Your Notification SystemTaking ActionPlanning Your Course of ActionMinimizing the EffectUnderstanding the Root CauseCorrecting the ProblemDocumenting What HappenedA Sample Directory Monitoring UtilityPerformance AnalysisObtaining Raw Usage DataDirectory Server Access LogsOperating System LogsDigesting and Analyzing Raw Performance DataDrawing ConclusionsSpotting ProblemsSpotting TrendsMonitoring ChecklistFurther ReadingLooking Ahead
Bibliography
20. Troubleshooting
Discovering ProblemsTypes of ProblemsDirectory OutagesCausesImplicationsResolutionPerformance ProblemsCausesImplicationsResolutionProblems with Directory DataCausesImplicationsResolutionSecurity ProblemsCausesImplicationsResolutionTroubleshooting and Resolving ProblemsStep 1: Assess the Problem, and Inform Affected PersonsStep 2: Contain the DamageStep 3: Put the System Back into Service by Applying a Short-Term FixStep 4: Fully Understand the Problem, and Devise a Long-Term FixStep 5: Implement the Long-Term Fix, and Take Steps to Prevent the Problem from RecurringStep 6: Arrange to Monitor for the ProblemStep 7: Document What HappenedTroubleshooting ChecklistDirectory OutagesPerformance ProblemsProblems with Directory DataSecurity ProblemsFurther ReadingLooking Ahead
Bibliography
V. Leveraging Your Directory Service
21. Developing New Applications
Reasons to Develop Directory-Enabled ApplicationsLowering Your Data Management CostsAdapting the Directory to Fit Your OrganizationSaving on Deployment and Maintenance CostsCreating Entirely New Kinds of ApplicationsWhen It Does Not Make Sense to Directory-EnableCommon Ways That Applications Use DirectoriesLocating and Sharing InformationVerifying Authentication CredentialsAiding the Deployment of Other ServicesMaking Access Control DecisionsEnabling Location IndependenceTools for Developing LDAP ApplicationsLDAP SDKsLDAP Command-Line ToolsLDAP Tag Libraries for Web DevelopmentDirectory-Agnostic SDKsAdvice for LDAP Application DevelopersStriving to Fit InCommunicating Your Application's Directory NeedsDesigning for Good Performance and ScalabilityDeveloping a Prototype and Conducting a PilotLeveraging Existing CodeAvoiding Common MistakesExample 1: setpwd, a Password-Resetting UtilityDirectory UseThe Help Desk Staff's ExperienceThe Source CodeIdeas for ImprovementExample 2: SimpleSite, a Web Site with User Profile StorageDirectory UseThe User ExperienceThe Source CodeIdeas for ImprovementDeveloping New Applications ChecklistFurther ReadingLooking Ahead
Bibliography
22. Directory-Enabling Existing Applications
Reasons to Directory-Enable Existing ApplicationsEnabling New Features in ApplicationsLowering Data Management CostsSimplifying Life for End UsersBringing the Directory Service to Your End UsersAdvice for Directory-Enabling Existing ApplicationsHide the Directory IntegrationMake the New Directory Capabilities VisibleUse a Protocol Gateway to Achieve IntegrationAvoid Problematic Architectural ChoicesConsider How the Directory Service Will Be AffectedPlan for a Smooth TransitionBe Creative, and Consider All Your OptionsExample 1: A Directory-Enabled finger ServiceThe Integration ApproachDirectory UseThe End-User ExperienceThe Source CodeIdeas for ImprovementExample 2: Adding LDAP Address Lookup to an E-Mail ClientThe Integration ApproachThe End-User ExperienceThe Source CodeIdeas for ImprovementDirectory-Enabling Existing Applications ChecklistFurther ReadingLooking Ahead
Bibliography
23. Directory Coexistence
Why Is Coexistence Important?Coexistence TechniquesMigrationOne-Way SynchronizationTwo-Way SynchronizationN-Way JoinVirtual DirectoryData TranslationPrivacy and Security ConsiderationsThe Join AttributeData TransportData Source SecurityDetermining Your Coexistence RequirementsDirectory Coexistence Implementation ConsiderationsImplementation OptionsPerformance ImplicationsDirectory Coexistence ToolsTuning and TroubleshootingMonitoring and Caring for Your Coexistence SolutionExample: The ldapsync Tool: One-Way Synchronization with JoinHow It WorksUsage ExamplesThe Source CodeIdeas for ImprovementDirectory Coexistence ChecklistFurther ReadingLooking Ahead
Bibliography
VI. Case Studies
24. Case Study: Netscape Communications Corporation
Overview of the OrganizationDirectory DriversDirectory Service DesignNeedsDataSchemaNamespaceTopologyReplicationPrivacy and SecurityDirectory Service DeploymentProduct ChoicePilotingPutting Your Directory Service into ProductionDirectory Service MaintenanceData Backups and Disaster RecoveryMaintaining DataThe Windows NT Domain User and Group DatabaseNISPeopleSoftData Whose Authoritative Source Is the Directory ItselfMonitoringLeveraging the Directory ServiceDirectory Deployment ImpactSummary and Lessons LearnedFurther ReadingLooking Ahead
Bibliography
25. Case Study: A Large Multinational Enterprise
Overview of the OrganizationDirectory DriversDirectory Service DesignNeedsDataSchemaNamespaceTopologyReplicationPrivacy and SecurityDirectory Service DeploymentProduct ChoicePilotingAnalyzing and Reducing CostsPutting the Directory Service into ProductionDirectory Service MaintenanceData Backups and Disaster RecoveryMaintaining DataMonitoringTroubleshootingLeveraging the Directory ServiceApplicationsDirectory Deployment ImpactSummary and Lessons LearnedFurther ReadingLooking Ahead
Bibliography
26. Case Study: An Enterprise with an Extranet
Overview of the OrganizationDirectory DriversDirectory Service DesignNeedsDataSchemaNamespaceTopologyReplicationPrivacy and SecurityAccess ControlProtection against AttackDirectory Service DeploymentProduct ChoicePilotingPutting Your Directory Service into ProductionDirectory Service MaintenanceData Backups and Disaster RecoveryMaintaining DataMonitoringTroubleshootingLeveraging the Directory ServiceDirectory Deployment ImpactSummary and Lessons LearnedLooking Ahead

Overview

Lightweight Directory Access Protocol (LDAP) is the standard for directory information access and is the underlying protocol for a variety of email systems, Web systems, and enterprise applications. LDAP enables central management of users, groups, devices, and other data, thereby simplifying directory management and reducing the total cost of ownership. Understanding and Deploying LDAP Directory Services, written by the creators of the protocol, is known as the LDAP bible and is the classic text for learning about LDAP and how to utilize it effectively. The Second Edition builds on this success by acting as an exhaustive resource for designing, deploying, and maintaining LDAP directory services. Topics such as implementation pitfalls, establishing and maintaining user access to information, troubleshooting, and real-world scenarios will be thoroughly explored.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Mastering OpenLDAP: Configuring, Securing and Integrating Directory Services

Publisher Resources

ISBN: 0672323168Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills