Category list

Chapter Review

More and more products are being written LDAP-aware in order to utilize its capabilities. Security products tend to be leading the way with the need to distribute information such as security keys used in encryption software. The mechanism used to distribute the keys is often a directory server. In this chapter, we went through a simple step-by-step cookbook in order to get a basic LDAP configuration up and running. What we were attempting to do was to introduce the concept of LDAP as well as make us aware of the steps required to get the software up and running. In addition, we used the LDAP-UX Client Services software to utilize the user information stored in the directory. At its heart, this software wants to store user details in the directory server. We have demonstrated that this is possible. LDAP set out to be a lightweight protocol to allow disparate applications access to corporate-wide information. It achieves this goal and looks like to be a dominant force in the marketplace . With more and more vendors signing up to have LDAP-aware products and features in their operating systems, we can even see the day when interoperability will be a feature we take for granted instead of the current state of affairs where interoperability between vendors is seldom seen and seldom works effectively. Keep you eyes trained on LDAP; it might just fundamentally change the way we work.

Test Your Knowledge

1:	Which of the following statements are true? Select all the true statements. LDAP is an adaptation of the X.500 protocol. LDAP was created by a number of authors from the University of Colorado. An LDAP directory has a schema describing the structure and objects within it. An LDAP directory must has a POSIX schema associated with it. A fully qualified entry in the schema is known by its fully distinguished name . When configured properly, an LDAP directory can accommodate all my user account and group information, rendering my passwd and groups files redundant except for critical system users such as root.
2:	The LDAP -UX Integration products come with an RFC2307-enabled directory as part of the software bundle. True or False?
3:	RFC2307 provides a standard way to represent HP-UX naming information in an LDAP directory. True or False?
4:	Client profiles specify how and where clients can find user and group data in a directory. True or False?
5:	Using LDAP -UX Integration products, we can utilize an LDAP directory to manage an HP-UX Trusted Systems password database. True or False?

Answers to Test Your Knowledge


A1:	A, C, and F.

A2:	False. We need to install a directory that is or can be made RFC2307-enabled, e.g., Netscape Directory Services 4.X or iplanet software.

A3:	False. RFC2307 provides a standard way to represent POSIX naming information in an LDAP directory.

A4:	True.

A5:	False. LDAP and HP-UX Trusted Systems can coexist.

Chapter Review Questions

1:	Looking at the example in Figure 21-3, what is the DN of the /data filesystem: Figure 21-3. What is the DN of the /data filesystem?
2:	Some directory services products give write access to a user 's own entries in a directory. When we import `/etc/passwd` file entries into an RFC2307-enabled directory, is this default permission suitable? If not, why not?
3:	Which two standard HP-UX configuration files should be updated to ensure that the HP-UX login process uses LDAP as a source of user and group data?
4:	What are known as enumeration requests , and how can they impact my network and my server?
5:	Is there anything we could do to hide UNIX-encrypted passwords in the `/etc/passwd` file and still use LDAP to manage the majority of our other `/etc/passwd` entries?

Flylib.com

Category list

Similar pages

Chapter Review

Chapter Review

Test Your Knowledge

Answers to Test Your Knowledge

Chapter Review Questions

Figure 21-3. What is the DN of the /data filesystem?