<HTML ><HEAD ><TITLE >LDAP Implementation HOWTO</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.63 "><LINK REL="NEXT" TITLE="Overview" HREF="overview.html"></HEAD ><BODY CLASS="ARTICLE" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="ARTICLE" ><DIV CLASS="TITLEPAGE" ><H1 CLASS="TITLE" ><A NAME="AEN2" >LDAP Implementation HOWTO</A ></H1 ><H3 CLASS="AUTHOR" ><A NAME="AEN5" >Roel van Meer</A ></H3 ><DIV CLASS="AFFILIATION" ><SPAN CLASS="ORGNAME" ><A HREF="http://www.linvision.com" TARGET="_top" >Linvision BV</A ><BR></SPAN ><DIV CLASS="ADDRESS" ><P CLASS="ADDRESS" >r.vanmeer@linvision.com</P ></DIV ></DIV ><H3 CLASS="AUTHOR" ><A NAME="AEN14" >Giuseppe Lo Biondo</A ></H3 ><DIV CLASS="AFFILIATION" ><SPAN CLASS="ORGNAME" ><A HREF="http://www.mi.infn.it" TARGET="_top" >INFN MI</A ><BR></SPAN ><DIV CLASS="ADDRESS" ><P CLASS="ADDRESS" >giuseppe.lobiondo@mi.infn.it</P ></DIV ></DIV ><P CLASS="PUBDATE" >v0.5, 2001-03-30<BR></P ><DIV CLASS="REVHISTORY" ><TABLE WIDTH="100%" BORDER="0" ><TR ><TH ALIGN="LEFT" VALIGN="TOP" COLSPAN="3" ><B >Revision History</B ></TH ></TR ><TR ><TD ALIGN="LEFT" >Revision 0.5</TD ><TD ALIGN="LEFT" >2001-03-30</TD ><TD ALIGN="LEFT" >Revised by: rvm</TD ></TR ><TR ><TD ALIGN="LEFT" COLSPAN="3" >Cleanup, fixes, overview rewritten.</TD ></TR ><TR ><TD ALIGN="LEFT" >Revision 0.4</TD ><TD ALIGN="LEFT" >2001-02-01</TD ><TD ALIGN="LEFT" >Revised by: rvm</TD ></TR ><TR ><TD ALIGN="LEFT" COLSPAN="3" >Added dns section.</TD ></TR ><TR ><TD ALIGN="LEFT" >Revision 0.3</TD ><TD ALIGN="LEFT" >2001-01-18</TD ><TD ALIGN="LEFT" >Revised by: rvm</TD ></TR ><TR ><TD ALIGN="LEFT" COLSPAN="3" >Added MTA sections.</TD ></TR ><TR ><TD ALIGN="LEFT" >Revision 0.2</TD ><TD ALIGN="LEFT" >2000-11-12</TD ><TD ALIGN="LEFT" >Revised by: glb</TD ></TR ><TR ><TD ALIGN="LEFT" COLSPAN="3" >Improved section on nss. Added sections about certificates and wrappers.</TD ></TR ></TABLE ></DIV ><DIV ><DIV CLASS="ABSTRACT" ><A NAME="AEN23" ></A ><P ></P ><P >This document describes the technical aspects of storing application data in an ldap server. It focuses on the configuration of various applications to make them ldap-aware. Some applications that assist in handling ldap data are also discussed.</P ><P ></P ></DIV ></DIV ><HR></DIV ><DIV CLASS="TOC" ><DL ><DT ><B >Table of Contents</B ></DT ><DT >1. <A HREF="overview.html" >Overview</A ></DT ><DD ><DL ><DT >1.1. <A HREF="overview.html#AEN48" >Why this howto?</A ></DT ><DT >1.2. <A HREF="overview.html#AEN54" >What is it about?</A ></DT ><DT >1.3. <A HREF="overview.html#AEN65" >What is it NOT about?</A ></DT ><DT >1.4. <A HREF="overview.html#AEN70" >Acknowledgements</A ></DT ><DT >1.5. <A HREF="overview.html#AEN75" >Disclaimer</A ></DT ><DT >1.6. <A HREF="overview.html#AEN79" >Copyright and license</A ></DT ></DL ></DD ><DT >2. <A HREF="pamnss.html" >LDAP authentication using pam_ldap and nss_ldap</A ></DT ><DD ><DL ><DT >2.1. <A HREF="pamnss.html#AEN107" >The components of the framework</A ></DT ><DD ><DL ><DT >2.1.1. <A HREF="pamnss.html#AEN110" >Authentication: PAM and pam_ldap.so</A ></DT ><DT >2.1.2. <A HREF="pamnss.html#AEN116" >The Name Service Switch and nss_ldap.so</A ></DT ><DT >2.1.3. <A HREF="pamnss.html#AEN155" >The Lightweight Directory Access Protocol</A ></DT ><DT >2.1.4. <A HREF="pamnss.html#AEN164" >The Name Service Caching Daemon</A ></DT ><DT >2.1.5. <A HREF="pamnss.html#AEN169" >The Secure Socket Layer</A ></DT ></DL ></DD ><DT >2.2. <A HREF="pamnss.html#AEN175" >Building the authentication system</A ></DT ><DD ><DL ><DT >2.2.1. <A HREF="pamnss.html#AEN197" >Server side</A ></DT ><DD ><DL ><DT >2.2.1.1. <A HREF="pamnss.html#AEN203" >Installing and configuring OpenLDAP</A ></DT ></DL ></DD ><DT >2.2.2. <A HREF="pamnss.html#AEN226" >Client side</A ></DT ><DD ><DL ><DT >2.2.2.1. <A HREF="pamnss.html#AEN240" >PAM LDAP Installation and Configuration</A ></DT ><DT >2.2.2.2. <A HREF="pamnss.html#AEN264" >NSS LDAP installation and configuration</A ></DT ><DT >2.2.2.3. <A HREF="pamnss.html#AEN285" >NSCD configuration</A ></DT ><DT >2.2.2.4. <A HREF="pamnss.html#AEN303" >LDAP client configuration file</A ></DT ></DL ></DD ></DL ></DD ><DT >2.3. <A HREF="pamnss.html#AEN318" >Starting up</A ></DT ><DT >2.4. <A HREF="pamnss.html#AEN333" >Accounts maintenance</A ></DT ><DT >2.5. <A HREF="pamnss.html#AEN338" >Known limits</A ></DT ><DT >2.6. <A HREF="pamnss.html#AEN341" >File permissions</A ></DT ></DL ></DD ><DT >3. <A HREF="radius.html" >Radius authentication using LDAP</A ></DT ><DD ><DL ><DT >3.1. <A HREF="radius.html#AEN352" >FreeRadius Radiusd configuration</A ></DT ><DT >3.2. <A HREF="radius.html#AEN373" >Testing Radius Authentication</A ></DT ><DT >3.3. <A HREF="radius.html#AEN386" >Sample CISCO IOS Configuration</A ></DT ></DL ></DD ><DT >4. <A HREF="samba.html" >Samba</A ></DT ><DT >5. <A HREF="dns.html" >DNS</A ></DT ><DD ><DL ><DT >5.1. <A HREF="dns.html#AEN405" >Using nss</A ></DT ><DD ><DL ><DT >5.1.1. <A HREF="dns.html#AEN412" >Configuration</A ></DT ><DT >5.1.2. <A HREF="dns.html#AEN427" >Schema</A ></DT ></DL ></DD ><DT >5.2. <A HREF="dns.html#AEN437" >Using bind</A ></DT ><DD ><DL ><DT >5.2.1. <A HREF="dns.html#AEN440" >Bind patch</A ></DT ><DT >5.2.2. <A HREF="dns.html#AEN444" >ldap2dns</A ></DT ><DT >5.2.3. <A HREF="dns.html#AEN452" >ispman</A ></DT ></DL ></DD ></DL ></DD ><DT >6. <A HREF="sendmail.html" >Mail Transfer Agents</A ></DT ><DD ><DL ><DT >6.1. <A HREF="sendmail.html#AEN460" >Sendmail</A ></DT ><DD ><DL ><DT >6.1.1. <A HREF="sendmail.html#AEN462" >Ldap support in sendmail</A ></DT ><DT >6.1.2. <A HREF="sendmail.html#AEN479" >System layout.</A ></DT ><DT >6.1.3. <A HREF="sendmail.html#AEN495" >Sendmail configuration file</A ></DT ><DT >6.1.4. <A HREF="sendmail.html#AEN525" >Schema</A ></DT ><DT >6.1.5. <A HREF="sendmail.html#AEN622" >More information.</A ></DT ></DL ></DD ><DT >6.2. <A HREF="sendmail.html#AEN637" >Postfix</A ></DT ><DD ><DL ><DT >6.2.1. <A HREF="sendmail.html#AEN639" >Support</A ></DT ><DT >6.2.2. <A HREF="sendmail.html#POSTCONF" >Configuration</A ></DT ><DT >6.2.3. <A HREF="sendmail.html#AEN747" >Example setup</A ></DT ></DL ></DD ><DT >6.3. <A HREF="sendmail.html#AEN756" >Qmail</A ></DT ></DL ></DD ><DT >7. <A HREF="address.html" >Address books</A ></DT ><DT >8. <A HREF="roaming.html" >Netscape roaming access</A ></DT ><DT >9. <A HREF="certificates.html" >Publishing digital certificates with LDAP</A ></DT ><DD ><DL ><DT >9.1. <A HREF="certificates.html#AEN809" >LDAP Server configuration</A ></DT ><DT >9.2. <A HREF="certificates.html#AEN827" >Certificate Publishing</A ></DT ><DT >9.3. <A HREF="certificates.html#AEN848" >LDAP Aware Clients</A ></DT ></DL ></DD ><DT >10. <A HREF="ssl.html" >SSL/TLS and SSL/TLS wrappers for LDAP</A ></DT ><DD ><DL ><DT >10.1. <A HREF="ssl.html#AEN856" >A Brief description of SSL</A ></DT ><DT >10.2. <A HREF="ssl.html#AEN870" >SSL/TLS availability for OpenLDAP</A ></DT ><DT >10.3. <A HREF="ssl.html#AEN877" >How to use stunnel to provide SSL/TLS to an LDAP V2 server</A ></DT ><DT >10.4. <A HREF="ssl.html#AEN913" >How to use stunnel to provide SSL to LDAP clients</A ></DT ><DT >10.5. <A HREF="ssl.html#AEN921" >How to use stunnel to provide SSL for slurpd replication</A ></DT ></DL ></DD ><DT >11. <A HREF="schemas.html" >Ldap schema's</A ></DT ><DT >12. <A HREF="files.html" >Example files</A ></DT ><DD ><DL ><DT >12.1. <A HREF="files.html#FILE-SCHEMA" >The schema file</A ></DT ><DT >12.2. <A HREF="files.html#AEN1300" >Example base ldif</A ></DT ></DL ></DD ></DL ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" > </TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="overview.html" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" > </TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Overview</TD ></TR ></TABLE ></DIV ></BODY ></HTML >